From fc160055e4fe6d002cf559dee22fd8341901079c Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Thu, 20 Feb 2020 15:06:05 -0800 Subject: [PATCH] generate 7.1-preview client --- .../_generated/v7_1_preview/__init__.py | 18 + .../_generated/v7_1_preview/_configuration.py | 47 + .../v7_1_preview/_key_vault_client.py | 48 + .../_generated/v7_1_preview/aio/__init__.py | 13 + .../v7_1_preview/aio/_configuration_async.py | 47 + .../aio/_key_vault_client_async.py | 48 + .../aio/operations_async/__init__.py | 16 + .../_key_vault_client_operations_async.py | 5224 +++++++++++++++++ .../v7_1_preview/models/__init__.py | 303 + .../models/_key_vault_client_enums.py | 98 + .../_generated/v7_1_preview/models/_models.py | 3244 ++++++++++ .../v7_1_preview/models/_models_py3.py | 3244 ++++++++++ .../v7_1_preview/operations/__init__.py | 16 + .../_key_vault_client_operations.py | 5224 +++++++++++++++++ .../_generated/v7_1_preview/version.py | 13 + .../_generated/v7_1_preview/__init__.py | 18 + .../_generated/v7_1_preview/_configuration.py | 47 + .../v7_1_preview/_key_vault_client.py | 48 + .../_generated/v7_1_preview/aio/__init__.py | 13 + .../v7_1_preview/aio/_configuration_async.py | 47 + .../aio/_key_vault_client_async.py | 48 + .../aio/operations_async/__init__.py | 16 + .../_key_vault_client_operations_async.py | 5224 +++++++++++++++++ .../v7_1_preview/models/__init__.py | 303 + .../models/_key_vault_client_enums.py | 98 + .../_generated/v7_1_preview/models/_models.py | 3244 ++++++++++ .../v7_1_preview/models/_models_py3.py | 3244 ++++++++++ .../v7_1_preview/operations/__init__.py | 16 + .../_key_vault_client_operations.py | 5224 +++++++++++++++++ .../_generated/v7_1_preview/version.py | 13 + .../_generated/v7_1_preview/__init__.py | 18 + .../_generated/v7_1_preview/_configuration.py | 47 + .../v7_1_preview/_key_vault_client.py | 48 + .../_generated/v7_1_preview/aio/__init__.py | 13 + .../v7_1_preview/aio/_configuration_async.py | 47 + .../aio/_key_vault_client_async.py | 48 + .../aio/operations_async/__init__.py | 16 + .../_key_vault_client_operations_async.py | 5224 +++++++++++++++++ .../v7_1_preview/models/__init__.py | 303 + .../models/_key_vault_client_enums.py | 98 + .../_generated/v7_1_preview/models/_models.py | 3244 ++++++++++ .../v7_1_preview/models/_models_py3.py | 3244 ++++++++++ .../v7_1_preview/operations/__init__.py | 16 + .../_key_vault_client_operations.py | 5224 +++++++++++++++++ .../_generated/v7_1_preview/version.py | 13 + 45 files changed, 52809 insertions(+) create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_configuration.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_key_vault_client.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_configuration_async.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models_py3.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py create mode 100644 sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/version.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_configuration.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_key_vault_client.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_configuration_async.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models_py3.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py create mode 100644 sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/version.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_configuration.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_key_vault_client.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_configuration_async.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models_py3.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/__init__.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py create mode 100644 sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/version.py diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/__init__.py new file mode 100644 index 000000000000..e913d4cf6c46 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/__init__.py @@ -0,0 +1,18 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client import KeyVaultClient +__all__ = ['KeyVaultClient'] + +from .version import VERSION + +__version__ = VERSION + diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_configuration.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_configuration.py new file mode 100644 index 000000000000..68d6f5b6bd2c --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_configuration.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from .version import VERSION + + +class KeyVaultClientConfiguration(Configuration): + """Configuration for KeyVaultClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__(self, credentials, **kwargs): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + + super(KeyVaultClientConfiguration, self).__init__(**kwargs) + self._configure(**kwargs) + + self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION)) + self.generate_client_request_id = True + + self.credentials = credentials + + def _configure(self, **kwargs): + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_key_vault_client.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_key_vault_client.py new file mode 100644 index 000000000000..f380f67e0a87 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/_key_vault_client.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core import PipelineClient +from msrest import Serializer, Deserializer + +from ._configuration import KeyVaultClientConfiguration +from .operations import KeyVaultClientOperationsMixin +from . import models + + +class KeyVaultClient(KeyVaultClientOperationsMixin): + """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. + + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials, **kwargs): + + base_url = '{vaultBaseUrl}' + self._config = KeyVaultClientConfiguration(credentials, **kwargs) + self._client = PipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '7.1-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + + def close(self): + self._client.close() + def __enter__(self): + self._client.__enter__() + return self + def __exit__(self, *exc_details): + self._client.__exit__(*exc_details) diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/__init__.py new file mode 100644 index 000000000000..fb2e6c3866fd --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/__init__.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_async import KeyVaultClient +__all__ = ['KeyVaultClient'] diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_configuration_async.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_configuration_async.py new file mode 100644 index 000000000000..fb961bb4bd2d --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_configuration_async.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from ..version import VERSION + + +class KeyVaultClientConfiguration(Configuration): + """Configuration for KeyVaultClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__(self, credentials, **kwargs): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + + super(KeyVaultClientConfiguration, self).__init__(**kwargs) + self._configure(**kwargs) + + self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION)) + self.generate_client_request_id = True + + self.credentials = credentials + + def _configure(self, **kwargs): + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py new file mode 100644 index 000000000000..b2b908c4a757 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core import AsyncPipelineClient +from msrest import Serializer, Deserializer + +from ._configuration_async import KeyVaultClientConfiguration +from .operations_async import KeyVaultClientOperationsMixin +from .. import models + + +class KeyVaultClient(KeyVaultClientOperationsMixin): + """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. + + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials, **kwargs): + + base_url = '{vaultBaseUrl}' + self._config = KeyVaultClientConfiguration(credentials, **kwargs) + self._client = AsyncPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '7.1-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + + async def close(self): + await self._client.close() + async def __aenter__(self): + await self._client.__aenter__() + return self + async def __aexit__(self, *exc_details): + await self._client.__aexit__(*exc_details) diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py new file mode 100644 index 000000000000..771a17ceb80d --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin + +__all__ = [ + 'KeyVaultClientOperationsMixin', +] diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py new file mode 100644 index 000000000000..5701d4354d9b --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py @@ -0,0 +1,5224 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core.exceptions import map_error +from azure.core.async_paging import AsyncItemPaged, AsyncList +from ... import models +import uuid + + +class KeyVaultClientOperationsMixin: + + def get_certificates( + self, vault_base_url, maxresults=None, include_pending=None, *, cls=None, **kwargs): + """List certificates in a specified key vault. + + The GetCertificates operation returns the set of certificates resources + in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificates.metadata = {'url': '/certificates'} + + async def delete_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Deletes a certificate from a specified key vault. + + Deletes all versions of a certificate object along with its associated + policy. Delete certificate cannot be used to remove individual versions + of a certificate object. This operation requires the + certificates/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate.metadata = {'url': '/certificates/{certificate-name}'} + + async def set_certificate_contacts(self, vault_base_url, contact_list=None, *, cls=None, **kwargs): + """Sets the certificate contacts for the specified key vault. + + Sets the certificate contacts for the specified key vault. This + operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + contacts = models.Contacts(contact_list=contact_list) + + # Construct URL + url = self.set_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(contacts, 'Contacts') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + async def get_certificate_contacts(self, vault_base_url, *, cls=None, **kwargs): + """Lists the certificate contacts for a specified key vault. + + The GetCertificateContacts operation returns the set of certificate + contact resources in the specified key vault. This operation requires + the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + async def delete_certificate_contacts(self, vault_base_url, *, cls=None, **kwargs): + """Deletes the certificate contacts for a specified key vault. + + Deletes the certificate contacts for a specified key vault certificate. + This operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_issuers( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List certificate issuers for a specified key vault. + + The GetCertificateIssuers operation returns the set of certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateIssuerItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_issuers.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateIssuerListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificate_issuers.metadata = {'url': '/certificates/issuers'} + + async def set_certificate_issuer(self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, *, cls=None, **kwargs): + """Sets the specified certificate issuer. + + The SetCertificateIssuer operation adds or updates the specified + certificate issuer. This operation requires the certificates/setissuers + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.set_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def update_certificate_issuer(self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, *, cls=None, **kwargs): + """Updates the specified certificate issuer. + + The UpdateCertificateIssuer operation performs an update on the + specified certificate issuer entity. This operation requires the + certificates/setissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.update_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def get_certificate_issuer(self, vault_base_url, issuer_name, *, cls=None, **kwargs): + """Lists the specified certificate issuer. + + The GetCertificateIssuer operation returns the specified certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def delete_certificate_issuer(self, vault_base_url, issuer_name, *, cls=None, **kwargs): + """Deletes the specified certificate issuer. + + The DeleteCertificateIssuer operation permanently removes the specified + certificate issuer from the vault. This operation requires the + certificates/manageissuers/deleteissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def create_certificate(self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates a new certificate. + + If this is the first version, the certificate resource is created. This + operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.create_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'} + + async def import_certificate(self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Imports a certificate into a specified key vault. + + Imports an existing valid certificate, containing a private key, into + Azure Key Vault. The certificate to be imported can be in either PFX or + PEM format. If the certificate is in PEM format the PEM file must + contain the key as well as x509 certificates. This operation requires + the certificates/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param base64_encoded_certificate: Base64 encoded representation of + the certificate object to import. This certificate needs to contain + the private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.import_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateImportParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'} + + def get_certificate_versions( + self, vault_base_url, certificate_name, maxresults=None, *, cls=None, **kwargs): + """List the versions of a certificate. + + The GetCertificateVersions operation returns the versions of a + certificate in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'} + + async def get_certificate_policy(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Lists the policy for a certificate. + + The GetCertificatePolicy operation returns the specified certificate + policy resources in the specified key vault. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in a given key + vault. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + async def update_certificate_policy(self, vault_base_url, certificate_name, certificate_policy, *, cls=None, **kwargs): + """Updates the policy for a certificate. + + Set specified members in the certificate policy. Leave others as null. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_policy: The policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.update_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_policy, 'CertificatePolicy') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + async def update_certificate(self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given certificate. + + The UpdateCertificate operation applies the specified update on the + given certificate; the only elements updated are the certificate's + attributes. This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given key + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.update_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + async def get_certificate(self, vault_base_url, certificate_name, certificate_version, *, cls=None, **kwargs): + """Gets information about a certificate. + + Gets information about a specific certificate. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + async def update_certificate_operation(self, vault_base_url, certificate_name, cancellation_requested, *, cls=None, **kwargs): + """Updates a certificate operation. + + Updates a certificate creation operation that is already in progress. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param cancellation_requested: Indicates if cancellation was requested + on the certificate operation. + :type cancellation_requested: bool + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested) + + # Construct URL + url = self.update_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_operation, 'CertificateOperationUpdateParameter') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def get_certificate_operation(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Gets the creation operation of a certificate. + + Gets the creation operation associated with a specified certificate. + This operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def delete_certificate_operation(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Deletes the creation operation for a specific certificate. + + Deletes the creation operation for a specified certificate that is in + the process of being created. The certificate is no longer created. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def merge_certificate(self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Merges a certificate or a certificate chain with a key pair existing on + the server. + + The MergeCertificate operation performs the merging of a certificate or + certificate chain with a key pair currently available in the service. + This operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param x509_certificates: The certificate or the certificate chain to + merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.merge_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateMergeParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'} + + async def backup_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Backs up the specified certificate. + + Requests that a backup of the specified certificate be downloaded to + the client. All versions of the certificate will be downloaded. This + operation requires the certificates/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupCertificateResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupCertificateResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupCertificateResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_certificate.metadata = {'url': '/certificates/{certificate-name}/backup'} + + async def restore_certificate(self, vault_base_url, certificate_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up certificate to a vault. + + Restores a backed up certificate, and all its versions, to a vault. + This operation requires the certificates/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_bundle_backup: The backup blob associated with a + certificate bundle. + :type certificate_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateRestoreParameters(certificate_bundle_backup=certificate_bundle_backup) + + # Construct URL + url = self.restore_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_certificate.metadata = {'url': '/certificates/restore'} + + def get_deleted_certificates( + self, vault_base_url, maxresults=None, include_pending=None, *, cls=None, **kwargs): + """Lists the deleted certificates in the specified vault currently + available for recovery. + + The GetDeletedCertificates operation retrieves the certificates in the + current vault which are in a deleted state and ready for recovery or + purging. This operation includes deletion-specific information. This + operation requires the certificates/get/list permission. This operation + can only be enabled on soft-delete enabled vaults. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of DeletedCertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedCertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_certificates.metadata = {'url': '/deletedcertificates'} + + async def get_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Retrieves information about the specified deleted certificate. + + The GetDeletedCertificate operation retrieves the deleted certificate + information plus its attributes, such as retention interval, scheduled + permanent deletion and the current deletion recovery level. This + operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + async def purge_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Permanently deletes the specified deleted certificate. + + The PurgeDeletedCertificate operation performs an irreversible deletion + of the specified certificate, without possibility for recovery. The + operation is not available if the recovery level does not specify + 'Purgeable'. This operation requires the certificate/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + async def recover_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Recovers the deleted certificate back to its current version under + /certificates. + + The RecoverDeletedCertificate operation performs the reversal of the + Delete operation. The operation is applicable in vaults enabled for + soft-delete, and must be issued during the retention interval + (available in the deleted certificate's attributes). This operation + requires the certificates/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the deleted certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'} + + async def create_key(self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, *, cls=None, **kwargs): + """Creates a new key, stores it, then returns key parameters and + attributes to the client. + + The create key operation can be used to create any key type in Azure + Key Vault. If the named key already exists, Azure Key Vault creates a + new version of the key. It requires the keys/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name for the new key. The system will generate + the version name for the new key. + :type key_name: str + :param kty: The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', + 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or + 4096 for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', + 'P-521', 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve) + + # Construct URL + url = self.create_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_key.metadata = {'url': '/keys/{key-name}/create'} + + async def import_key(self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, *, cls=None, **kwargs): + """Imports an externally created key, stores it, and returns key + parameters and attributes to the client. + + The import key operation may be used to import any key type into an + Azure Key Vault. If the named key already exists, Azure Key Vault + creates a new version of the key. This operation requires the + keys/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: Name for the imported key. + :type key_name: str + :param key: The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.import_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyImportParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_key.metadata = {'url': '/keys/{key-name}'} + + async def delete_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Deletes a key of any type from storage in Azure Key Vault. + + The delete key operation cannot be used to remove individual versions + of a key. This operation removes the cryptographic material associated + with the key, which means the key is not usable for Sign/Verify, + Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the + keys/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to delete. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_key.metadata = {'url': '/keys/{key-name}'} + + async def update_key(self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, *, cls=None, **kwargs): + """The update key operation changes specified attributes of a stored key + and can be applied to any key type and key version stored in Azure Key + Vault. + + In order to perform this operation, the key must already exist in the + Key Vault. Note: The cryptographic material of a key itself cannot be + changed. This operation requires the keys/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of key to update. + :type key_name: str + :param key_version: The version of the key to update. + :type key_version: str + :param key_ops: Json web key operations. For more information on + possible key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.update_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + async def get_key(self, vault_base_url, key_name, key_version, *, cls=None, **kwargs): + """Gets the public part of a stored key. + + The get key operation is applicable to all key types. If the requested + key is symmetric, then no key material is released in the response. + This operation requires the keys/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to get. + :type key_name: str + :param key_version: Adding the version parameter retrieves a specific + version of a key. + :type key_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key_versions( + self, vault_base_url, key_name, maxresults=None, *, cls=None, **kwargs): + """Retrieves a list of individual key versions with the same key name. + + The full key identifier, attributes, and tags are provided in the + response. This operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_key_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_key_versions.metadata = {'url': '/keys/{key-name}/versions'} + + def get_keys( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a stored key. The LIST + operation is applicable to all key types, however only the base key + identifier, attributes, and tags are provided in the response. + Individual versions of a key are not listed in the response. This + operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_keys.metadata = {'url': '/keys'} + + async def backup_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Requests that a backup of the specified key be downloaded to the + client. + + The Key Backup operation exports a key from Azure Key Vault in a + protected form. Note that this operation does NOT return key material + in a form that can be used outside the Azure Key Vault system, the + returned key material is either protected to a Azure Key Vault HSM or + to Azure Key Vault itself. The intent of this operation is to allow a + client to GENERATE a key in one Azure Key Vault instance, BACKUP the + key, and then RESTORE it into another Azure Key Vault instance. The + BACKUP operation may be used to export, in protected form, any key type + from Azure Key Vault. Individual versions of a key cannot be backed up. + BACKUP / RESTORE can be performed within geographical boundaries only; + meaning that a BACKUP from one geographical area cannot be restored to + another geographical area. For example, a backup from the US + geographical area cannot be restored in an EU geographical area. This + operation requires the key/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupKeyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupKeyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupKeyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_key.metadata = {'url': '/keys/{key-name}/backup'} + + async def restore_key(self, vault_base_url, key_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up key to a vault. + + Imports a previously backed up key into Azure Key Vault, restoring the + key, its key identifier, attributes and access control policies. The + RESTORE operation may be used to import a previously backed up key. + Individual versions of a key cannot be restored. The key is restored in + its entirety with the same key name as it had when it was backed up. If + the key name is not available in the target Key Vault, the RESTORE + operation will be rejected. While the key name is retained during + restore, the final key identifier will change if the key is restored to + a different vault. Restore will restore all versions and preserve + version identifiers. The RESTORE operation is subject to security + constraints: The target Key Vault must be owned by the same Microsoft + Azure Subscription as the source Key Vault The user must have RESTORE + permission in the target Key Vault. This operation requires the + keys/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_bundle_backup: The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup) + + # Construct URL + url = self.restore_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_key.metadata = {'url': '/keys/restore'} + + async def encrypt(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Encrypts an arbitrary sequence of bytes using an encryption key that is + stored in a key vault. + + The ENCRYPT operation encrypts an arbitrary sequence of bytes using an + encryption key that is stored in Azure Key Vault. Note that the ENCRYPT + operation only supports a single block of data, the size of which is + dependent on the target key and the encryption algorithm to be used. + The ENCRYPT operation is only strictly necessary for symmetric keys + stored in Azure Key Vault since protection with an asymmetric key can + be performed using public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/encrypt permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.encrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'} + + async def decrypt(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Decrypts a single block of encrypted data. + + The DECRYPT operation decrypts a well-formed block of ciphertext using + the target encryption key and specified algorithm. This operation is + the reverse of the ENCRYPT operation; only a single block of data may + be decrypted, the size of this block is dependent on the target key and + the algorithm to be used. The DECRYPT operation applies to asymmetric + and symmetric keys stored in Azure Key Vault since it uses the private + portion of the key. This operation requires the keys/decrypt + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.decrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'} + + async def sign(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Creates a signature from a digest using the specified key. + + The SIGN operation is applicable to asymmetric and symmetric keys + stored in Azure Key Vault since this operation uses the private portion + of the key. This operation requires the keys/sign permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm identifier. For + more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeySignParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.sign.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeySignParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'} + + async def verify(self, vault_base_url, key_name, key_version, algorithm, digest, signature, *, cls=None, **kwargs): + """Verifies a signature using a specified key. + + The VERIFY operation is applicable to symmetric keys stored in Azure + Key Vault. VERIFY is not strictly necessary for asymmetric keys stored + in Azure Key Vault since signature verification can be performed using + the public portion of the key but this operation is supported as a + convenience for callers that only have a key-reference and not the + public portion of the key. This operation requires the keys/verify + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm. For more + information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: The digest used for signing. + :type digest: bytes + :param signature: The signature to be verified. + :type signature: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyVerifyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyVerifyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature) + + # Construct URL + url = self.verify.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyVerifyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyVerifyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'} + + async def wrap_key(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Wraps a symmetric key using a specified key. + + The WRAP operation supports encryption of a symmetric key using a key + encryption key that has previously been stored in an Azure Key Vault. + The WRAP operation is only strictly necessary for symmetric keys stored + in Azure Key Vault since protection with an asymmetric key can be + performed using the public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/wrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.wrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'} + + async def unwrap_key(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Unwraps a symmetric key using the specified key that was initially used + for wrapping that key. + + The UNWRAP operation supports decryption of a symmetric key using the + target key encryption key. This operation is the reverse of the WRAP + operation. The UNWRAP operation applies to asymmetric and symmetric + keys stored in Azure Key Vault since it uses the private portion of the + key. This operation requires the keys/unwrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.unwrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'} + + def get_deleted_keys( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists the deleted keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a deleted key. This + operation includes deletion-specific information. The Get Deleted Keys + operation is applicable for vaults enabled for soft-delete. While the + operation can be invoked on any vault, it will return an error if + invoked on a non soft-delete enabled vault. This operation requires the + keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedKeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedKeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedKeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_keys.metadata = {'url': '/deletedkeys'} + + async def get_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Gets the public part of a deleted key. + + The Get Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/get permission. . + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + async def purge_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Permanently deletes the specified key. + + The Purge Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + async def recover_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Recovers the deleted key to its latest version. + + The Recover Deleted Key operation is applicable for deleted keys in + soft-delete enabled vaults. It recovers the deleted key back to its + latest version under /keys. An attempt to recover an non-deleted key + will return an error. Consider this the inverse of the delete operation + on soft-delete enabled vaults. This operation requires the keys/recover + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the deleted key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'} + + async def set_secret(self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, *, cls=None, **kwargs): + """Sets a secret in a specified key vault. + + The SET operation adds a secret to the Azure Key Vault. If the named + secret already exists, Azure Key Vault creates a new version of that + secret. This operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param value: The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes) + + # Construct URL + url = self.set_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_secret.metadata = {'url': '/secrets/{secret-name}'} + + async def delete_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Deletes a secret from a specified key vault. + + The DELETE operation applies to any secret stored in Azure Key Vault. + DELETE cannot be applied to an individual version of a secret. This + operation requires the secrets/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_secret.metadata = {'url': '/secrets/{secret-name}'} + + async def update_secret(self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the attributes associated with a specified secret in a given + key vault. + + The UPDATE operation changes specified attributes of an existing stored + secret. Attributes that are not specified in the request are left + unchanged. The value of a secret itself cannot be changed. This + operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags) + + # Construct URL + url = self.update_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + async def get_secret(self, vault_base_url, secret_name, secret_version, *, cls=None, **kwargs): + """Get a specified secret from a given key vault. + + The GET operation is applicable to any secret stored in Azure Key + Vault. This operation requires the secrets/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secrets( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List secrets in a specified key vault. + + The Get Secrets operation is applicable to the entire vault. However, + only the base secret identifier and its attributes are provided in the + response. Individual secret versions are not listed in the response. + This operation requires the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_secrets.metadata = {'url': '/secrets'} + + def get_secret_versions( + self, vault_base_url, secret_name, maxresults=None, *, cls=None, **kwargs): + """List all versions of the specified secret. + + The full secret identifier and attributes are provided in the response. + No values are returned for the secrets. This operations requires the + secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secret_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'} + + def get_deleted_secrets( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists deleted secrets for the specified vault. + + The Get Deleted Secrets operation returns the secrets that have been + deleted for a vault enabled for soft-delete. This operation requires + the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedSecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedSecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_secrets.metadata = {'url': '/deletedsecrets'} + + async def get_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Gets the specified deleted secret. + + The Get Deleted Secret operation returns the specified deleted secret + along with its attributes. This operation requires the secrets/get + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + async def purge_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Permanently deletes the specified secret. + + The purge deleted secret operation removes the secret permanently, + without the possibility of recovery. This operation can only be enabled + on a soft-delete enabled vault. This operation requires the + secrets/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + async def recover_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Recovers the deleted secret to the latest version. + + Recovers the deleted secret in the specified vault. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the secrets/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the deleted secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'} + + async def backup_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Backs up the specified secret. + + Requests that a backup of the specified secret be downloaded to the + client. All versions of the secret will be downloaded. This operation + requires the secrets/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupSecretResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupSecretResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupSecretResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'} + + async def restore_secret(self, vault_base_url, secret_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up secret to a vault. + + Restores a backed up secret, and all its versions, to a vault. This + operation requires the secrets/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_bundle_backup: The backup blob associated with a secret + bundle. + :type secret_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup) + + # Construct URL + url = self.restore_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_secret.metadata = {'url': '/secrets/restore'} + + def get_storage_accounts( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List storage accounts managed by the specified key vault. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of StorageAccountItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.StorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('StorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_storage_accounts.metadata = {'url': '/storage'} + + def get_deleted_storage_accounts( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists deleted storage accounts for the specified vault. + + The Get Deleted Storage Accounts operation returns the storage accounts + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedStorageAccountItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedStorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_storage_accounts.metadata = {'url': '/deletedstorage'} + + async def get_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Gets the specified deleted storage account. + + The Get Deleted Storage Account operation returns the specified deleted + storage account along with its attributes. This operation requires the + storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + async def purge_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Permanently deletes the specified storage account. + + The purge deleted storage account operation removes the secret + permanently, without the possibility of recovery. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the storage/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + async def recover_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Recovers the deleted storage account. + + Recovers the deleted storage account in the specified vault. This + operation can only be performed on a soft-delete enabled vault. This + operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}/recover'} + + async def backup_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Backs up the specified storage account. + + Requests that a backup of the specified storage account be downloaded + to the client. This operation requires the storage/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupStorageResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupStorageResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupStorageResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_storage_account.metadata = {'url': '/storage/{storage-account-name}/backup'} + + async def restore_storage_account(self, vault_base_url, storage_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up storage account to a vault. + + Restores a backed up storage account to a vault. This operation + requires the storage/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_bundle_backup: The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageRestoreParameters(storage_bundle_backup=storage_bundle_backup) + + # Construct URL + url = self.restore_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_storage_account.metadata = {'url': '/storage/restore'} + + async def delete_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Deletes a storage account. This operation requires the storage/delete + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def get_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Gets information about a specified storage account. This operation + requires the storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def set_storage_account(self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates or updates a new storage account. This operation requires the + storage/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param resource_id: Storage account resource id. + :type resource_id: str + :param active_key_name: Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.set_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def update_storage_account(self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given storage + account. This operation requires the storage/set/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.update_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def regenerate_storage_account_key(self, vault_base_url, storage_account_name, key_name, *, cls=None, **kwargs): + """Regenerates the specified key value for the given storage account. This + operation requires the storage/regeneratekey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param key_name: The storage account key name. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name) + + # Construct URL + url = self.regenerate_storage_account_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountRegenerteKeyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'} + + def get_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, *, cls=None, **kwargs): + """List storage SAS definitions for the given storage account. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SasDefinitionItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'} + + def get_deleted_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, *, cls=None, **kwargs): + """Lists deleted SAS definitions for the specified vault and storage + account. + + The Get Deleted Sas Definitions operation returns the SAS definitions + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSasDefinitionItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedSasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_sas_definitions.metadata = {'url': '/deletedstorage/{storage-account-name}/sas'} + + async def get_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Gets the specified deleted sas definition. + + The Get Deleted SAS Definition operation returns the specified deleted + SAS definition along with its attributes. This operation requires the + storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}'} + + async def recover_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Recovers the deleted SAS definition. + + Recovers the deleted SAS definition for the specified storage account. + This operation can only be performed on a soft-delete enabled vault. + This operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}/recover'} + + async def delete_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Deletes a SAS definition from a specified storage account. This + operation requires the storage/deletesas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def get_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Gets information about a SAS definition for the specified storage + account. This operation requires the storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def set_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri, sas_type, validity_period, sas_definition_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates or updates a new SAS definition for the specified storage + account. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionCreateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.set_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def update_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri=None, sas_type=None, validity_period=None, sas_definition_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given SAS + definition. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionUpdateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.update_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/__init__.py new file mode 100644 index 000000000000..68ccf6d2e5f5 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/__init__.py @@ -0,0 +1,303 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import Action + from ._models_py3 import AdministratorDetails + from ._models_py3 import Attributes + from ._models_py3 import BackupCertificateResult + from ._models_py3 import BackupKeyResult + from ._models_py3 import BackupSecretResult + from ._models_py3 import BackupStorageResult + from ._models_py3 import CertificateAttributes + from ._models_py3 import CertificateBundle + from ._models_py3 import CertificateCreateParameters + from ._models_py3 import CertificateImportParameters + from ._models_py3 import CertificateIssuerItem + from ._models_py3 import CertificateIssuerListResult + from ._models_py3 import CertificateIssuerSetParameters + from ._models_py3 import CertificateIssuerUpdateParameters + from ._models_py3 import CertificateItem + from ._models_py3 import CertificateListResult + from ._models_py3 import CertificateMergeParameters + from ._models_py3 import CertificateOperation + from ._models_py3 import CertificateOperationUpdateParameter + from ._models_py3 import CertificatePolicy + from ._models_py3 import CertificateRestoreParameters + from ._models_py3 import CertificateUpdateParameters + from ._models_py3 import Contact + from ._models_py3 import Contacts + from ._models_py3 import DeletedCertificateBundle + from ._models_py3 import DeletedCertificateItem + from ._models_py3 import DeletedCertificateListResult + from ._models_py3 import DeletedKeyBundle + from ._models_py3 import DeletedKeyItem + from ._models_py3 import DeletedKeyListResult + from ._models_py3 import DeletedSasDefinitionBundle + from ._models_py3 import DeletedSasDefinitionItem + from ._models_py3 import DeletedSasDefinitionListResult + from ._models_py3 import DeletedSecretBundle + from ._models_py3 import DeletedSecretItem + from ._models_py3 import DeletedSecretListResult + from ._models_py3 import DeletedStorageAccountItem + from ._models_py3 import DeletedStorageBundle + from ._models_py3 import DeletedStorageListResult + from ._models_py3 import Error + from ._models_py3 import IssuerAttributes + from ._models_py3 import IssuerBundle + from ._models_py3 import IssuerCredentials + from ._models_py3 import IssuerParameters + from ._models_py3 import JsonWebKey + from ._models_py3 import KeyAttributes + from ._models_py3 import KeyBundle + from ._models_py3 import KeyCreateParameters + from ._models_py3 import KeyImportParameters + from ._models_py3 import KeyItem + from ._models_py3 import KeyListResult + from ._models_py3 import KeyOperationResult + from ._models_py3 import KeyOperationsParameters + from ._models_py3 import KeyProperties + from ._models_py3 import KeyRestoreParameters + from ._models_py3 import KeySignParameters + from ._models_py3 import KeyUpdateParameters + from ._models_py3 import KeyVaultError, KeyVaultErrorException + from ._models_py3 import KeyVerifyParameters + from ._models_py3 import KeyVerifyResult + from ._models_py3 import LifetimeAction + from ._models_py3 import OrganizationDetails + from ._models_py3 import PendingCertificateSigningRequestResult + from ._models_py3 import SasDefinitionAttributes + from ._models_py3 import SasDefinitionBundle + from ._models_py3 import SasDefinitionCreateParameters + from ._models_py3 import SasDefinitionItem + from ._models_py3 import SasDefinitionListResult + from ._models_py3 import SasDefinitionUpdateParameters + from ._models_py3 import SecretAttributes + from ._models_py3 import SecretBundle + from ._models_py3 import SecretItem + from ._models_py3 import SecretListResult + from ._models_py3 import SecretProperties + from ._models_py3 import SecretRestoreParameters + from ._models_py3 import SecretSetParameters + from ._models_py3 import SecretUpdateParameters + from ._models_py3 import StorageAccountAttributes + from ._models_py3 import StorageAccountCreateParameters + from ._models_py3 import StorageAccountItem + from ._models_py3 import StorageAccountRegenerteKeyParameters + from ._models_py3 import StorageAccountUpdateParameters + from ._models_py3 import StorageBundle + from ._models_py3 import StorageListResult + from ._models_py3 import StorageRestoreParameters + from ._models_py3 import SubjectAlternativeNames + from ._models_py3 import Trigger + from ._models_py3 import X509CertificateProperties +except (SyntaxError, ImportError): + from ._models import Action + from ._models import AdministratorDetails + from ._models import Attributes + from ._models import BackupCertificateResult + from ._models import BackupKeyResult + from ._models import BackupSecretResult + from ._models import BackupStorageResult + from ._models import CertificateAttributes + from ._models import CertificateBundle + from ._models import CertificateCreateParameters + from ._models import CertificateImportParameters + from ._models import CertificateIssuerItem + from ._models import CertificateIssuerListResult + from ._models import CertificateIssuerSetParameters + from ._models import CertificateIssuerUpdateParameters + from ._models import CertificateItem + from ._models import CertificateListResult + from ._models import CertificateMergeParameters + from ._models import CertificateOperation + from ._models import CertificateOperationUpdateParameter + from ._models import CertificatePolicy + from ._models import CertificateRestoreParameters + from ._models import CertificateUpdateParameters + from ._models import Contact + from ._models import Contacts + from ._models import DeletedCertificateBundle + from ._models import DeletedCertificateItem + from ._models import DeletedCertificateListResult + from ._models import DeletedKeyBundle + from ._models import DeletedKeyItem + from ._models import DeletedKeyListResult + from ._models import DeletedSasDefinitionBundle + from ._models import DeletedSasDefinitionItem + from ._models import DeletedSasDefinitionListResult + from ._models import DeletedSecretBundle + from ._models import DeletedSecretItem + from ._models import DeletedSecretListResult + from ._models import DeletedStorageAccountItem + from ._models import DeletedStorageBundle + from ._models import DeletedStorageListResult + from ._models import Error + from ._models import IssuerAttributes + from ._models import IssuerBundle + from ._models import IssuerCredentials + from ._models import IssuerParameters + from ._models import JsonWebKey + from ._models import KeyAttributes + from ._models import KeyBundle + from ._models import KeyCreateParameters + from ._models import KeyImportParameters + from ._models import KeyItem + from ._models import KeyListResult + from ._models import KeyOperationResult + from ._models import KeyOperationsParameters + from ._models import KeyProperties + from ._models import KeyRestoreParameters + from ._models import KeySignParameters + from ._models import KeyUpdateParameters + from ._models import KeyVaultError, KeyVaultErrorException + from ._models import KeyVerifyParameters + from ._models import KeyVerifyResult + from ._models import LifetimeAction + from ._models import OrganizationDetails + from ._models import PendingCertificateSigningRequestResult + from ._models import SasDefinitionAttributes + from ._models import SasDefinitionBundle + from ._models import SasDefinitionCreateParameters + from ._models import SasDefinitionItem + from ._models import SasDefinitionListResult + from ._models import SasDefinitionUpdateParameters + from ._models import SecretAttributes + from ._models import SecretBundle + from ._models import SecretItem + from ._models import SecretListResult + from ._models import SecretProperties + from ._models import SecretRestoreParameters + from ._models import SecretSetParameters + from ._models import SecretUpdateParameters + from ._models import StorageAccountAttributes + from ._models import StorageAccountCreateParameters + from ._models import StorageAccountItem + from ._models import StorageAccountRegenerteKeyParameters + from ._models import StorageAccountUpdateParameters + from ._models import StorageBundle + from ._models import StorageListResult + from ._models import StorageRestoreParameters + from ._models import SubjectAlternativeNames + from ._models import Trigger + from ._models import X509CertificateProperties +from ._key_vault_client_enums import ( + DeletionRecoveryLevel, + JsonWebKeyType, + JsonWebKeyCurveName, + KeyUsageType, + ActionType, + JsonWebKeyOperation, + JsonWebKeyEncryptionAlgorithm, + JsonWebKeySignatureAlgorithm, + SasTokenType, +) + +__all__ = [ + 'Action', + 'AdministratorDetails', + 'Attributes', + 'BackupCertificateResult', + 'BackupKeyResult', + 'BackupSecretResult', + 'BackupStorageResult', + 'CertificateAttributes', + 'CertificateBundle', + 'CertificateCreateParameters', + 'CertificateImportParameters', + 'CertificateIssuerItem', + 'CertificateIssuerListResult', + 'CertificateIssuerSetParameters', + 'CertificateIssuerUpdateParameters', + 'CertificateItem', + 'CertificateListResult', + 'CertificateMergeParameters', + 'CertificateOperation', + 'CertificateOperationUpdateParameter', + 'CertificatePolicy', + 'CertificateRestoreParameters', + 'CertificateUpdateParameters', + 'Contact', + 'Contacts', + 'DeletedCertificateBundle', + 'DeletedCertificateItem', + 'DeletedCertificateListResult', + 'DeletedKeyBundle', + 'DeletedKeyItem', + 'DeletedKeyListResult', + 'DeletedSasDefinitionBundle', + 'DeletedSasDefinitionItem', + 'DeletedSasDefinitionListResult', + 'DeletedSecretBundle', + 'DeletedSecretItem', + 'DeletedSecretListResult', + 'DeletedStorageAccountItem', + 'DeletedStorageBundle', + 'DeletedStorageListResult', + 'Error', + 'IssuerAttributes', + 'IssuerBundle', + 'IssuerCredentials', + 'IssuerParameters', + 'JsonWebKey', + 'KeyAttributes', + 'KeyBundle', + 'KeyCreateParameters', + 'KeyImportParameters', + 'KeyItem', + 'KeyListResult', + 'KeyOperationResult', + 'KeyOperationsParameters', + 'KeyProperties', + 'KeyRestoreParameters', + 'KeySignParameters', + 'KeyUpdateParameters', + 'KeyVaultError', 'KeyVaultErrorException', + 'KeyVerifyParameters', + 'KeyVerifyResult', + 'LifetimeAction', + 'OrganizationDetails', + 'PendingCertificateSigningRequestResult', + 'SasDefinitionAttributes', + 'SasDefinitionBundle', + 'SasDefinitionCreateParameters', + 'SasDefinitionItem', + 'SasDefinitionListResult', + 'SasDefinitionUpdateParameters', + 'SecretAttributes', + 'SecretBundle', + 'SecretItem', + 'SecretListResult', + 'SecretProperties', + 'SecretRestoreParameters', + 'SecretSetParameters', + 'SecretUpdateParameters', + 'StorageAccountAttributes', + 'StorageAccountCreateParameters', + 'StorageAccountItem', + 'StorageAccountRegenerteKeyParameters', + 'StorageAccountUpdateParameters', + 'StorageBundle', + 'StorageListResult', + 'StorageRestoreParameters', + 'SubjectAlternativeNames', + 'Trigger', + 'X509CertificateProperties', + 'DeletionRecoveryLevel', + 'JsonWebKeyType', + 'JsonWebKeyCurveName', + 'KeyUsageType', + 'ActionType', + 'JsonWebKeyOperation', + 'JsonWebKeyEncryptionAlgorithm', + 'JsonWebKeySignatureAlgorithm', + 'SasTokenType', +] diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py new file mode 100644 index 000000000000..936353e5bb83 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py @@ -0,0 +1,98 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum + + +class DeletionRecoveryLevel(str, Enum): + + purgeable = "Purgeable" + recoverable_purgeable = "Recoverable+Purgeable" + recoverable = "Recoverable" + recoverable_protected_subscription = "Recoverable+ProtectedSubscription" + customized_recoverable_purgeable = "CustomizedRecoverable+Purgeable" + customized_recoverable = "CustomizedRecoverable" + customized_recoverable_protected_subscription = "CustomizedRecoverable+ProtectedSubscription" + + +class JsonWebKeyType(str, Enum): + + ec = "EC" + ec_hsm = "EC-HSM" + rsa = "RSA" + rsa_hsm = "RSA-HSM" + oct = "oct" + + +class JsonWebKeyCurveName(str, Enum): + + p_256 = "P-256" + p_384 = "P-384" + p_521 = "P-521" + p_256_k = "P-256K" + + +class KeyUsageType(str, Enum): + + digital_signature = "digitalSignature" + non_repudiation = "nonRepudiation" + key_encipherment = "keyEncipherment" + data_encipherment = "dataEncipherment" + key_agreement = "keyAgreement" + key_cert_sign = "keyCertSign" + c_rl_sign = "cRLSign" + encipher_only = "encipherOnly" + decipher_only = "decipherOnly" + + +class ActionType(str, Enum): + + email_contacts = "EmailContacts" + auto_renew = "AutoRenew" + + +class JsonWebKeyOperation(str, Enum): + + encrypt = "encrypt" + decrypt = "decrypt" + sign = "sign" + verify = "verify" + wrap_key = "wrapKey" + unwrap_key = "unwrapKey" + import_enum = "import" + + +class JsonWebKeyEncryptionAlgorithm(str, Enum): + + rsa_oaep = "RSA-OAEP" + rsa_oaep_256 = "RSA-OAEP-256" + rsa1_5 = "RSA1_5" + + +class JsonWebKeySignatureAlgorithm(str, Enum): + + ps256 = "PS256" #: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 + ps384 = "PS384" #: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 + ps512 = "PS512" #: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 + rs256 = "RS256" #: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 + rs384 = "RS384" #: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 + rs512 = "RS512" #: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 + rsnull = "RSNULL" #: Reserved + es256 = "ES256" #: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. + es384 = "ES384" #: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 + es512 = "ES512" #: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 + es256_k = "ES256K" #: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 + + +class SasTokenType(str, Enum): + + account = "account" + service = "service" diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models.py new file mode 100644 index 000000000000..ea5379c44cc0 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models.py @@ -0,0 +1,3244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from azure.core.exceptions import HttpResponseError + + +class Action(Model): + """The action that will be executed. + + :param action_type: The type of the action. Possible values include: + 'EmailContacts', 'AutoRenew' + :type action_type: str or ~azure.keyvault.v7_1.models.ActionType + """ + + _attribute_map = { + 'action_type': {'key': 'action_type', 'type': 'ActionType'}, + } + + def __init__(self, **kwargs): + super(Action, self).__init__(**kwargs) + self.action_type = kwargs.get('action_type', None) + + +class AdministratorDetails(Model): + """Details of the organization administrator of the certificate issuer. + + :param first_name: First name. + :type first_name: str + :param last_name: Last name. + :type last_name: str + :param email_address: Email address. + :type email_address: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'first_name': {'key': 'first_name', 'type': 'str'}, + 'last_name': {'key': 'last_name', 'type': 'str'}, + 'email_address': {'key': 'email', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AdministratorDetails, self).__init__(**kwargs) + self.first_name = kwargs.get('first_name', None) + self.last_name = kwargs.get('last_name', None) + self.email_address = kwargs.get('email_address', None) + self.phone = kwargs.get('phone', None) + + +class Attributes(Model): + """The object attributes managed by the KeyVault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(Attributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.not_before = kwargs.get('not_before', None) + self.expires = kwargs.get('expires', None) + self.created = None + self.updated = None + + +class BackupCertificateResult(Model): + """The backup certificate result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up certificate. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupCertificateResult, self).__init__(**kwargs) + self.value = None + + +class BackupKeyResult(Model): + """The backup key result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up key. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupKeyResult, self).__init__(**kwargs) + self.value = None + + +class BackupSecretResult(Model): + """The backup secret result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up secret. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupSecretResult, self).__init__(**kwargs) + self.value = None + + +class BackupStorageResult(Model): + """The backup storage result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up storage account. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupStorageResult, self).__init__(**kwargs) + self.value = None + + +class CertificateAttributes(Attributes): + """The certificate management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for certificates in the current vault. If it contains 'Purgeable', + the certificate can be permanently deleted by a privileged user; + otherwise, only the system can purge the certificate, at the end of the + retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class CertificateBundle(Model): + """A certificate bundle consists of a certificate (X509) plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateBundle, self).__init__(**kwargs) + self.id = None + self.kid = None + self.sid = None + self.x509_thumbprint = None + self.policy = None + self.cer = kwargs.get('cer', None) + self.content_type = kwargs.get('content_type', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateCreateParameters(Model): + """The certificate create parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateCreateParameters, self).__init__(**kwargs) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateImportParameters(Model): + """The certificate import parameters. + + All required parameters must be populated in order to send to Azure. + + :param base64_encoded_certificate: Required. Base64 encoded representation + of the certificate object to import. This certificate needs to contain the + private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'base64_encoded_certificate': {'required': True}, + } + + _attribute_map = { + 'base64_encoded_certificate': {'key': 'value', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateImportParameters, self).__init__(**kwargs) + self.base64_encoded_certificate = kwargs.get('base64_encoded_certificate', None) + self.password = kwargs.get('password', None) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateIssuerItem(Model): + """The certificate issuer item containing certificate issuer metadata. + + :param id: Certificate Identifier. + :type id: str + :param provider: The issuer provider. + :type provider: str + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.provider = kwargs.get('provider', None) + + +class CertificateIssuerListResult(Model): + """The certificate issuer list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificate issuers + in the key vault along with a link to the next page of certificate + issuers. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :ivar next_link: The URL to get the next set of certificate issuers. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateIssuerItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateIssuerSetParameters(Model): + """The certificate issuer set parameters. + + All required parameters must be populated in order to send to Azure. + + :param provider: Required. The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'provider': {'required': True}, + } + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerSetParameters, self).__init__(**kwargs) + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateIssuerUpdateParameters(Model): + """The certificate issuer update parameters. + + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerUpdateParameters, self).__init__(**kwargs) + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateItem(Model): + """The certificate item containing certificate metadata. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(CertificateItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.x509_thumbprint = kwargs.get('x509_thumbprint', None) + + +class CertificateListResult(Model): + """The certificate list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificates in the + key vault along with a link to the next page of certificates. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateItem] + :ivar next_link: The URL to get the next set of certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateMergeParameters(Model): + """The certificate merge parameters. + + All required parameters must be populated in order to send to Azure. + + :param x509_certificates: Required. The certificate or the certificate + chain to merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'x509_certificates': {'required': True}, + } + + _attribute_map = { + 'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateMergeParameters, self).__init__(**kwargs) + self.x509_certificates = kwargs.get('x509_certificates', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateOperation(Model): + """A certificate operation is returned in case of asynchronous requests. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param csr: The certificate signing request (CSR) that is being used in + the certificate operation. + :type csr: bytearray + :param cancellation_requested: Indicates if cancellation was requested on + the certificate operation. + :type cancellation_requested: bool + :param status: Status of the certificate operation. + :type status: str + :param status_details: The status details of the certificate operation. + :type status_details: str + :param error: Error encountered, if any, during the certificate operation. + :type error: ~azure.keyvault.v7_1.models.Error + :param target: Location which contains the result of the certificate + operation. + :type target: str + :param request_id: Identifier for the certificate operation. + :type request_id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'csr': {'key': 'csr', 'type': 'bytearray'}, + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + 'status': {'key': 'status', 'type': 'str'}, + 'status_details': {'key': 'status_details', 'type': 'str'}, + 'error': {'key': 'error', 'type': 'Error'}, + 'target': {'key': 'target', 'type': 'str'}, + 'request_id': {'key': 'request_id', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateOperation, self).__init__(**kwargs) + self.id = None + self.issuer_parameters = kwargs.get('issuer_parameters', None) + self.csr = kwargs.get('csr', None) + self.cancellation_requested = kwargs.get('cancellation_requested', None) + self.status = kwargs.get('status', None) + self.status_details = kwargs.get('status_details', None) + self.error = kwargs.get('error', None) + self.target = kwargs.get('target', None) + self.request_id = kwargs.get('request_id', None) + + +class CertificateOperationUpdateParameter(Model): + """The certificate operation update parameters. + + All required parameters must be populated in order to send to Azure. + + :param cancellation_requested: Required. Indicates if cancellation was + requested on the certificate operation. + :type cancellation_requested: bool + """ + + _validation = { + 'cancellation_requested': {'required': True}, + } + + _attribute_map = { + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(CertificateOperationUpdateParameter, self).__init__(**kwargs) + self.cancellation_requested = kwargs.get('cancellation_requested', None) + + +class CertificatePolicy(Model): + """Management policy for a certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param key_properties: Properties of the key backing a certificate. + :type key_properties: ~azure.keyvault.v7_1.models.KeyProperties + :param secret_properties: Properties of the secret backing a certificate. + :type secret_properties: ~azure.keyvault.v7_1.models.SecretProperties + :param x509_certificate_properties: Properties of the X509 component of a + certificate. + :type x509_certificate_properties: + ~azure.keyvault.v7_1.models.X509CertificateProperties + :param lifetime_actions: Actions that will be performed by Key Vault over + the lifetime of a certificate. + :type lifetime_actions: list[~azure.keyvault.v7_1.models.LifetimeAction] + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'key_properties': {'key': 'key_props', 'type': 'KeyProperties'}, + 'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'}, + 'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'}, + 'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificatePolicy, self).__init__(**kwargs) + self.id = None + self.key_properties = kwargs.get('key_properties', None) + self.secret_properties = kwargs.get('secret_properties', None) + self.x509_certificate_properties = kwargs.get('x509_certificate_properties', None) + self.lifetime_actions = kwargs.get('lifetime_actions', None) + self.issuer_parameters = kwargs.get('issuer_parameters', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateRestoreParameters(Model): + """The certificate restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param certificate_bundle_backup: Required. The backup blob associated + with a certificate bundle. + :type certificate_bundle_backup: bytes + """ + + _validation = { + 'certificate_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'certificate_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(CertificateRestoreParameters, self).__init__(**kwargs) + self.certificate_bundle_backup = kwargs.get('certificate_bundle_backup', None) + + +class CertificateUpdateParameters(Model): + """The certificate update parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateUpdateParameters, self).__init__(**kwargs) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class Contact(Model): + """The contact information for the vault certificates. + + :param email_address: Email address. + :type email_address: str + :param name: Name. + :type name: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'email_address': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Contact, self).__init__(**kwargs) + self.email_address = kwargs.get('email_address', None) + self.name = kwargs.get('name', None) + self.phone = kwargs.get('phone', None) + + +class Contacts(Model): + """The contacts for the vault certificates. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the contacts collection. + :vartype id: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'contact_list': {'key': 'contacts', 'type': '[Contact]'}, + } + + def __init__(self, **kwargs): + super(Contacts, self).__init__(**kwargs) + self.id = None + self.contact_list = kwargs.get('contact_list', None) + + +class DeletedCertificateBundle(CertificateBundle): + """A Deleted Certificate consisting of its previous id, attributes and its + tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateItem(CertificateItem): + """The deleted certificate item containing metadata about the deleted + certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateListResult(Model): + """A list of certificates that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted certificates + in the vault along with a link to the next page of deleted certificates + :vartype value: list[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :ivar next_link: The URL to get the next set of deleted certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedCertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyBundle(Model): + """A KeyBundle consisting of a WebKey plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyBundle, self).__init__(**kwargs) + self.key = kwargs.get('key', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.managed = None + + +class DeletedKeyBundle(KeyBundle): + """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion + info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class KeyItem(Model): + """The key item containing key metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyItem, self).__init__(**kwargs) + self.kid = kwargs.get('kid', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.managed = None + + +class DeletedKeyItem(KeyItem): + """The deleted key item containing the deleted key metadata and information + about deletion. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedKeyListResult(Model): + """A list of keys that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted keys in the + vault along with a link to the next page of deleted keys + :vartype value: list[~azure.keyvault.v7_1.models.DeletedKeyItem] + :ivar next_link: The URL to get the next set of deleted keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedKeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionBundle(Model): + """A SAS definition bundle consists of key vault SAS definition details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionBundle, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.template_uri = None + self.sas_type = None + self.validity_period = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionBundle(SasDefinitionBundle): + """A deleted SAS definition bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class SasDefinitionItem(Model): + """The SAS definition item containing storage SAS definition metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionItem, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionItem(SasDefinitionItem): + """The deleted SAS definition item containing metadata about the deleted SAS + definition. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSasDefinitionListResult(Model): + """The deleted SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted SAS + definitions in the vault along with a link to the next page of deleted sas + definitions + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :ivar next_link: The URL to get the next set of deleted SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretBundle(Model): + """A secret consisting of a value, id and its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(SecretBundle, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.id = kwargs.get('id', None) + self.content_type = kwargs.get('content_type', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.kid = None + self.managed = None + + +class DeletedSecretBundle(SecretBundle): + """A Deleted Secret consisting of its previous id, attributes and its tags, as + well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class SecretItem(Model): + """The secret item containing secret metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(SecretItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.content_type = kwargs.get('content_type', None) + self.managed = None + + +class DeletedSecretItem(SecretItem): + """The deleted secret item containing metadata about the deleted secret. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSecretListResult(Model): + """The deleted secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted secrets + in the vault along with a link to the next page of deleted secrets + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSecretItem] + :ivar next_link: The URL to get the next set of deleted secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageAccountItem(Model): + """The storage account item containing storage account metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountItem, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.attributes = None + self.tags = None + + +class DeletedStorageAccountItem(StorageAccountItem): + """The deleted storage account item containing metadata about the deleted + storage account. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageAccountItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class StorageBundle(Model): + """A Storage account bundle consists of key vault storage account details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageBundle, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.active_key_name = None + self.auto_regenerate_key = None + self.regeneration_period = None + self.attributes = None + self.tags = None + + +class DeletedStorageBundle(StorageBundle): + """A deleted storage account bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedStorageListResult(Model): + """The deleted storage account list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted storage + accounts in the vault along with a link to the next page of deleted + storage accounts + :vartype value: + list[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :ivar next_link: The URL to get the next set of deleted storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedStorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class Error(Model): + """The key vault server error. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar inner_error: + :vartype inner_error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'inner_error': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'inner_error': {'key': 'innererror', 'type': 'Error'}, + } + + def __init__(self, **kwargs): + super(Error, self).__init__(**kwargs) + self.code = None + self.message = None + self.inner_error = None + + +class IssuerAttributes(Model): + """The attributes of an issuer managed by the Key Vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the issuer is enabled. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(IssuerAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + + +class IssuerBundle(Model): + """The issuer for Key Vault certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the issuer object. + :vartype id: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(IssuerBundle, self).__init__(**kwargs) + self.id = None + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class IssuerCredentials(Model): + """The credentials to be used for the certificate issuer. + + :param account_id: The user name/account name/account id. + :type account_id: str + :param password: The password/secret/account key. + :type password: str + """ + + _attribute_map = { + 'account_id': {'key': 'account_id', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IssuerCredentials, self).__init__(**kwargs) + self.account_id = kwargs.get('account_id', None) + self.password = kwargs.get('password', None) + + +class IssuerParameters(Model): + """Parameters for the issuer of the X509 component of a certificate. + + :param name: Name of the referenced issuer object or reserved names; for + example, 'Self' or 'Unknown'. + :type name: str + :param certificate_type: Certificate type as supported by the provider + (optional); for example 'OV-SSL', 'EV-SSL' + :type certificate_type: str + :param certificate_transparency: Indicates if the certificates generated + under this policy should be published to certificate transparency logs. + :type certificate_transparency: bool + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'certificate_type': {'key': 'cty', 'type': 'str'}, + 'certificate_transparency': {'key': 'cert_transparency', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(IssuerParameters, self).__init__(**kwargs) + self.name = kwargs.get('name', None) + self.certificate_type = kwargs.get('certificate_type', None) + self.certificate_transparency = kwargs.get('certificate_transparency', None) + + +class JsonWebKey(Model): + """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. + + :param kid: Key identifier. + :type kid: str + :param kty: JsonWebKey Key Type (kty), as defined in + https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_ops: + :type key_ops: list[str] + :param n: RSA modulus. + :type n: bytes + :param e: RSA public exponent. + :type e: bytes + :param d: RSA private exponent, or the D component of an EC private key. + :type d: bytes + :param dp: RSA private key parameter. + :type dp: bytes + :param dq: RSA private key parameter. + :type dq: bytes + :param qi: RSA private key parameter. + :type qi: bytes + :param p: RSA secret prime. + :type p: bytes + :param q: RSA secret prime, with p < q. + :type q: bytes + :param k: Symmetric key. + :type k: bytes + :param t: HSM Token, used with 'Bring Your Own Key'. + :type t: bytes + :param crv: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type crv: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param x: X component of an EC public key. + :type x: bytes + :param y: Y component of an EC public key. + :type y: bytes + """ + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'n': {'key': 'n', 'type': 'base64'}, + 'e': {'key': 'e', 'type': 'base64'}, + 'd': {'key': 'd', 'type': 'base64'}, + 'dp': {'key': 'dp', 'type': 'base64'}, + 'dq': {'key': 'dq', 'type': 'base64'}, + 'qi': {'key': 'qi', 'type': 'base64'}, + 'p': {'key': 'p', 'type': 'base64'}, + 'q': {'key': 'q', 'type': 'base64'}, + 'k': {'key': 'k', 'type': 'base64'}, + 't': {'key': 'key_hsm', 'type': 'base64'}, + 'crv': {'key': 'crv', 'type': 'str'}, + 'x': {'key': 'x', 'type': 'base64'}, + 'y': {'key': 'y', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(JsonWebKey, self).__init__(**kwargs) + self.kid = kwargs.get('kid', None) + self.kty = kwargs.get('kty', None) + self.key_ops = kwargs.get('key_ops', None) + self.n = kwargs.get('n', None) + self.e = kwargs.get('e', None) + self.d = kwargs.get('d', None) + self.dp = kwargs.get('dp', None) + self.dq = kwargs.get('dq', None) + self.qi = kwargs.get('qi', None) + self.p = kwargs.get('p', None) + self.q = kwargs.get('q', None) + self.k = kwargs.get('k', None) + self.t = kwargs.get('t', None) + self.crv = kwargs.get('crv', None) + self.x = kwargs.get('x', None) + self.y = kwargs.get('y', None) + + +class KeyAttributes(Attributes): + """The attributes of a key managed by the key vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for keys in the current vault. If it contains 'Purgeable' the key + can be permanently deleted by a privileged user; otherwise, only the + system can purge the key, at the end of the retention interval. Possible + values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class KeyCreateParameters(Model): + """The key create parameters. + + All required parameters must be populated in order to send to Azure. + + :param kty: Required. The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', + 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _validation = { + 'kty': {'required': True, 'min_length': 1}, + } + + _attribute_map = { + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyCreateParameters, self).__init__(**kwargs) + self.kty = kwargs.get('kty', None) + self.key_size = kwargs.get('key_size', None) + self.key_ops = kwargs.get('key_ops', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + self.curve = kwargs.get('curve', None) + + +class KeyImportParameters(Model): + """The key import parameters. + + All required parameters must be populated in order to send to Azure. + + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key: Required. The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'key': {'required': True}, + } + + _attribute_map = { + 'hsm': {'key': 'Hsm', 'type': 'bool'}, + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(KeyImportParameters, self).__init__(**kwargs) + self.hsm = kwargs.get('hsm', None) + self.key = kwargs.get('key', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + + +class KeyListResult(Model): + """The key list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of keys in the key vault + along with a link to the next page of keys. + :vartype value: list[~azure.keyvault.v7_1.models.KeyItem] + :ivar next_link: The URL to get the next set of keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[KeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyOperationResult(Model): + """The key operation result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar kid: Key identifier + :vartype kid: str + :ivar result: + :vartype result: bytes + """ + + _validation = { + 'kid': {'readonly': True}, + 'result': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'result': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyOperationResult, self).__init__(**kwargs) + self.kid = None + self.result = None + + +class KeyOperationsParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyOperationsParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.value = kwargs.get('value', None) + + +class KeyProperties(Model): + """Properties of the key pair backing a certificate. + + :param exportable: Indicates if the private key can be exported. + :type exportable: bool + :param key_type: The type of key pair to be used for the certificate. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type key_type: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param reuse_key: Indicates if the same key pair will be used on + certificate renewal. + :type reuse_key: bool + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _attribute_map = { + 'exportable': {'key': 'exportable', 'type': 'bool'}, + 'key_type': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'reuse_key': {'key': 'reuse_key', 'type': 'bool'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyProperties, self).__init__(**kwargs) + self.exportable = kwargs.get('exportable', None) + self.key_type = kwargs.get('key_type', None) + self.key_size = kwargs.get('key_size', None) + self.reuse_key = kwargs.get('reuse_key', None) + self.curve = kwargs.get('curve', None) + + +class KeyRestoreParameters(Model): + """The key restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_bundle_backup: Required. The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + """ + + _validation = { + 'key_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'key_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyRestoreParameters, self).__init__(**kwargs) + self.key_bundle_backup = kwargs.get('key_bundle_backup', None) + + +class KeySignParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm identifier. + For more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', + 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', + 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeySignParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.value = kwargs.get('value', None) + + +class KeyUpdateParameters(Model): + """The key update parameters. + + :param key_ops: Json web key operations. For more information on possible + key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(KeyUpdateParameters, self).__init__(**kwargs) + self.key_ops = kwargs.get('key_ops', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + + +class KeyVaultError(Model): + """The key vault error exception. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar error: + :vartype error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'error': {'readonly': True}, + } + + _attribute_map = { + 'error': {'key': 'error', 'type': 'Error'}, + } + + def __init__(self, **kwargs): + super(KeyVaultError, self).__init__(**kwargs) + self.error = None + + +class KeyVaultErrorException(HttpResponseError): + """Server responsed with exception of type: 'KeyVaultError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, response, deserialize, *args): + + model_name = 'KeyVaultError' + self.error = deserialize(model_name, response) + if self.error is None: + self.error = deserialize.dependencies[model_name]() + super(KeyVaultErrorException, self).__init__(response=response) + + +class KeyVerifyParameters(Model): + """The key verify parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm. For more + information on possible algorithm types, see JsonWebKeySignatureAlgorithm. + Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', + 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: Required. The digest used for signing. + :type digest: bytes + :param signature: Required. The signature to be verified. + :type signature: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'digest': {'required': True}, + 'signature': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'digest': {'key': 'digest', 'type': 'base64'}, + 'signature': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyVerifyParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.digest = kwargs.get('digest', None) + self.signature = kwargs.get('signature', None) + + +class KeyVerifyResult(Model): + """The key verify result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: True if the signature is verified, otherwise false. + :vartype value: bool + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyVerifyResult, self).__init__(**kwargs) + self.value = None + + +class LifetimeAction(Model): + """Action and its trigger that will be performed by Key Vault over the + lifetime of a certificate. + + :param trigger: The condition that will execute the action. + :type trigger: ~azure.keyvault.v7_1.models.Trigger + :param action: The action that will be executed. + :type action: ~azure.keyvault.v7_1.models.Action + """ + + _attribute_map = { + 'trigger': {'key': 'trigger', 'type': 'Trigger'}, + 'action': {'key': 'action', 'type': 'Action'}, + } + + def __init__(self, **kwargs): + super(LifetimeAction, self).__init__(**kwargs) + self.trigger = kwargs.get('trigger', None) + self.action = kwargs.get('action', None) + + +class OrganizationDetails(Model): + """Details of the organization of the certificate issuer. + + :param id: Id of the organization. + :type id: str + :param admin_details: Details of the organization administrator. + :type admin_details: + list[~azure.keyvault.v7_1.models.AdministratorDetails] + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'}, + } + + def __init__(self, **kwargs): + super(OrganizationDetails, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.admin_details = kwargs.get('admin_details', None) + + +class PendingCertificateSigningRequestResult(Model): + """The pending certificate signing request result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The pending certificate signing request as Base64 encoded + string. + :vartype value: str + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(PendingCertificateSigningRequestResult, self).__init__(**kwargs) + self.value = None + + +class SasDefinitionAttributes(Model): + """The SAS definition management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for SAS definitions in the current vault. If it contains + 'Purgeable' the SAS definition can be permanently deleted by a privileged + user; otherwise, only the system can purge the SAS definition, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class SasDefinitionCreateParameters(Model): + """The SAS definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param template_uri: Required. The SAS definition token template signed + with an arbitrary key. Tokens created according to the SAS definition + will have the same properties as the template. + :type template_uri: str + :param sas_type: Required. The type of SAS token the SAS definition will + create. Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: Required. The validity period of SAS tokens + created according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'template_uri': {'required': True}, + 'sas_type': {'required': True}, + 'validity_period': {'required': True}, + } + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionCreateParameters, self).__init__(**kwargs) + self.template_uri = kwargs.get('template_uri', None) + self.sas_type = kwargs.get('sas_type', None) + self.validity_period = kwargs.get('validity_period', None) + self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None) + self.tags = kwargs.get('tags', None) + + +class SasDefinitionListResult(Model): + """The storage account SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of SAS definitions along + with a link to the next page of SAS definitions. + :vartype value: list[~azure.keyvault.v7_1.models.SasDefinitionItem] + :ivar next_link: The URL to get the next set of SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionUpdateParameters(Model): + """The SAS definition update parameters. + + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionUpdateParameters, self).__init__(**kwargs) + self.template_uri = kwargs.get('template_uri', None) + self.sas_type = kwargs.get('sas_type', None) + self.validity_period = kwargs.get('validity_period', None) + self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None) + self.tags = kwargs.get('tags', None) + + +class SecretAttributes(Attributes): + """The secret management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for secrets in the current vault. If it contains 'Purgeable', the + secret can be permanently deleted by a privileged user; otherwise, only + the system can purge the secret, at the end of the retention interval. + Possible values include: 'Purgeable', 'Recoverable+Purgeable', + 'Recoverable', 'Recoverable+ProtectedSubscription', + 'CustomizedRecoverable+Purgeable', 'CustomizedRecoverable', + 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class SecretListResult(Model): + """The secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of secrets in the key + vault along with a link to the next page of secrets. + :vartype value: list[~azure.keyvault.v7_1.models.SecretItem] + :ivar next_link: The URL to get the next set of secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretProperties(Model): + """Properties of the key backing a certificate. + + :param content_type: The media type (MIME type). + :type content_type: str + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretProperties, self).__init__(**kwargs) + self.content_type = kwargs.get('content_type', None) + + +class SecretRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param secret_bundle_backup: Required. The backup blob associated with a + secret bundle. + :type secret_bundle_backup: bytes + """ + + _validation = { + 'secret_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'secret_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(SecretRestoreParameters, self).__init__(**kwargs) + self.secret_bundle_backup = kwargs.get('secret_bundle_backup', None) + + +class SecretSetParameters(Model): + """The secret set parameters. + + All required parameters must be populated in order to send to Azure. + + :param value: Required. The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + } + + def __init__(self, **kwargs): + super(SecretSetParameters, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.tags = kwargs.get('tags', None) + self.content_type = kwargs.get('content_type', None) + self.secret_attributes = kwargs.get('secret_attributes', None) + + +class SecretUpdateParameters(Model): + """The secret update parameters. + + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SecretUpdateParameters, self).__init__(**kwargs) + self.content_type = kwargs.get('content_type', None) + self.secret_attributes = kwargs.get('secret_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageAccountAttributes(Model): + """The storage account management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for storage accounts in the current vault. If it contains + 'Purgeable' the storage account can be permanently deleted by a privileged + user; otherwise, only the system can purge the storage account, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageAccountAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class StorageAccountCreateParameters(Model): + """The storage account create parameters. + + All required parameters must be populated in order to send to Azure. + + :param resource_id: Required. Storage account resource id. + :type resource_id: str + :param active_key_name: Required. Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: Required. whether keyvault should manage the + storage account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'resource_id': {'required': True}, + 'active_key_name': {'required': True}, + 'auto_regenerate_key': {'required': True}, + } + + _attribute_map = { + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountCreateParameters, self).__init__(**kwargs) + self.resource_id = kwargs.get('resource_id', None) + self.active_key_name = kwargs.get('active_key_name', None) + self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None) + self.regeneration_period = kwargs.get('regeneration_period', None) + self.storage_account_attributes = kwargs.get('storage_account_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageAccountRegenerteKeyParameters(Model): + """The storage account key regenerate parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_name: Required. The storage account key name. + :type key_name: str + """ + + _validation = { + 'key_name': {'required': True}, + } + + _attribute_map = { + 'key_name': {'key': 'keyName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs) + self.key_name = kwargs.get('key_name', None) + + +class StorageAccountUpdateParameters(Model): + """The storage account update parameters. + + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountUpdateParameters, self).__init__(**kwargs) + self.active_key_name = kwargs.get('active_key_name', None) + self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None) + self.regeneration_period = kwargs.get('regeneration_period', None) + self.storage_account_attributes = kwargs.get('storage_account_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageListResult(Model): + """The storage accounts list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of storage accounts in + the key vault along with a link to the next page of storage accounts. + :vartype value: list[~azure.keyvault.v7_1.models.StorageAccountItem] + :ivar next_link: The URL to get the next set of storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[StorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param storage_bundle_backup: Required. The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + """ + + _validation = { + 'storage_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'storage_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(StorageRestoreParameters, self).__init__(**kwargs) + self.storage_bundle_backup = kwargs.get('storage_bundle_backup', None) + + +class SubjectAlternativeNames(Model): + """The subject alternate names of a X509 object. + + :param emails: Email addresses. + :type emails: list[str] + :param dns_names: Domain names. + :type dns_names: list[str] + :param upns: User principal names. + :type upns: list[str] + """ + + _attribute_map = { + 'emails': {'key': 'emails', 'type': '[str]'}, + 'dns_names': {'key': 'dns_names', 'type': '[str]'}, + 'upns': {'key': 'upns', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(SubjectAlternativeNames, self).__init__(**kwargs) + self.emails = kwargs.get('emails', None) + self.dns_names = kwargs.get('dns_names', None) + self.upns = kwargs.get('upns', None) + + +class Trigger(Model): + """A condition to be satisfied for an action to be executed. + + :param lifetime_percentage: Percentage of lifetime at which to trigger. + Value should be between 1 and 99. + :type lifetime_percentage: int + :param days_before_expiry: Days before expiry to attempt renewal. Value + should be between 1 and validity_in_months multiplied by 27. If + validity_in_months is 36, then value should be between 1 and 972 (36 * + 27). + :type days_before_expiry: int + """ + + _validation = { + 'lifetime_percentage': {'maximum': 99, 'minimum': 1}, + } + + _attribute_map = { + 'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'}, + 'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(Trigger, self).__init__(**kwargs) + self.lifetime_percentage = kwargs.get('lifetime_percentage', None) + self.days_before_expiry = kwargs.get('days_before_expiry', None) + + +class X509CertificateProperties(Model): + """Properties of the X509 component of a certificate. + + :param subject: The subject name. Should be a valid X509 distinguished + Name. + :type subject: str + :param ekus: The enhanced key usage. + :type ekus: list[str] + :param subject_alternative_names: The subject alternative names. + :type subject_alternative_names: + ~azure.keyvault.v7_1.models.SubjectAlternativeNames + :param key_usage: List of key usages. + :type key_usage: list[str or ~azure.keyvault.v7_1.models.KeyUsageType] + :param validity_in_months: The duration that the certificate is valid in + months. + :type validity_in_months: int + """ + + _validation = { + 'validity_in_months': {'minimum': 0}, + } + + _attribute_map = { + 'subject': {'key': 'subject', 'type': 'str'}, + 'ekus': {'key': 'ekus', 'type': '[str]'}, + 'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'}, + 'key_usage': {'key': 'key_usage', 'type': '[str]'}, + 'validity_in_months': {'key': 'validity_months', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(X509CertificateProperties, self).__init__(**kwargs) + self.subject = kwargs.get('subject', None) + self.ekus = kwargs.get('ekus', None) + self.subject_alternative_names = kwargs.get('subject_alternative_names', None) + self.key_usage = kwargs.get('key_usage', None) + self.validity_in_months = kwargs.get('validity_in_months', None) diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models_py3.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models_py3.py new file mode 100644 index 000000000000..b57835037d85 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/models/_models_py3.py @@ -0,0 +1,3244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from azure.core.exceptions import HttpResponseError + + +class Action(Model): + """The action that will be executed. + + :param action_type: The type of the action. Possible values include: + 'EmailContacts', 'AutoRenew' + :type action_type: str or ~azure.keyvault.v7_1.models.ActionType + """ + + _attribute_map = { + 'action_type': {'key': 'action_type', 'type': 'ActionType'}, + } + + def __init__(self, *, action_type=None, **kwargs) -> None: + super(Action, self).__init__(**kwargs) + self.action_type = action_type + + +class AdministratorDetails(Model): + """Details of the organization administrator of the certificate issuer. + + :param first_name: First name. + :type first_name: str + :param last_name: Last name. + :type last_name: str + :param email_address: Email address. + :type email_address: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'first_name': {'key': 'first_name', 'type': 'str'}, + 'last_name': {'key': 'last_name', 'type': 'str'}, + 'email_address': {'key': 'email', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, *, first_name: str=None, last_name: str=None, email_address: str=None, phone: str=None, **kwargs) -> None: + super(AdministratorDetails, self).__init__(**kwargs) + self.first_name = first_name + self.last_name = last_name + self.email_address = email_address + self.phone = phone + + +class Attributes(Model): + """The object attributes managed by the KeyVault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(Attributes, self).__init__(**kwargs) + self.enabled = enabled + self.not_before = not_before + self.expires = expires + self.created = None + self.updated = None + + +class BackupCertificateResult(Model): + """The backup certificate result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up certificate. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupCertificateResult, self).__init__(**kwargs) + self.value = None + + +class BackupKeyResult(Model): + """The backup key result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up key. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupKeyResult, self).__init__(**kwargs) + self.value = None + + +class BackupSecretResult(Model): + """The backup secret result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up secret. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupSecretResult, self).__init__(**kwargs) + self.value = None + + +class BackupStorageResult(Model): + """The backup storage result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up storage account. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupStorageResult, self).__init__(**kwargs) + self.value = None + + +class CertificateAttributes(Attributes): + """The certificate management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for certificates in the current vault. If it contains 'Purgeable', + the certificate can be permanently deleted by a privileged user; + otherwise, only the system can purge the certificate, at the end of the + retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(CertificateAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class CertificateBundle(Model): + """A certificate bundle consists of a certificate (X509) plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None: + super(CertificateBundle, self).__init__(**kwargs) + self.id = None + self.kid = None + self.sid = None + self.x509_thumbprint = None + self.policy = None + self.cer = cer + self.content_type = content_type + self.attributes = attributes + self.tags = tags + + +class CertificateCreateParameters(Model): + """The certificate create parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateCreateParameters, self).__init__(**kwargs) + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateImportParameters(Model): + """The certificate import parameters. + + All required parameters must be populated in order to send to Azure. + + :param base64_encoded_certificate: Required. Base64 encoded representation + of the certificate object to import. This certificate needs to contain the + private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'base64_encoded_certificate': {'required': True}, + } + + _attribute_map = { + 'base64_encoded_certificate': {'key': 'value', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, base64_encoded_certificate: str, password: str=None, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateImportParameters, self).__init__(**kwargs) + self.base64_encoded_certificate = base64_encoded_certificate + self.password = password + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateIssuerItem(Model): + """The certificate issuer item containing certificate issuer metadata. + + :param id: Certificate Identifier. + :type id: str + :param provider: The issuer provider. + :type provider: str + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + } + + def __init__(self, *, id: str=None, provider: str=None, **kwargs) -> None: + super(CertificateIssuerItem, self).__init__(**kwargs) + self.id = id + self.provider = provider + + +class CertificateIssuerListResult(Model): + """The certificate issuer list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificate issuers + in the key vault along with a link to the next page of certificate + issuers. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :ivar next_link: The URL to get the next set of certificate issuers. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateIssuerItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CertificateIssuerListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateIssuerSetParameters(Model): + """The certificate issuer set parameters. + + All required parameters must be populated in order to send to Azure. + + :param provider: Required. The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'provider': {'required': True}, + } + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(CertificateIssuerSetParameters, self).__init__(**kwargs) + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class CertificateIssuerUpdateParameters(Model): + """The certificate issuer update parameters. + + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(CertificateIssuerUpdateParameters, self).__init__(**kwargs) + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class CertificateItem(Model): + """The certificate item containing certificate metadata. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, **kwargs) -> None: + super(CertificateItem, self).__init__(**kwargs) + self.id = id + self.attributes = attributes + self.tags = tags + self.x509_thumbprint = x509_thumbprint + + +class CertificateListResult(Model): + """The certificate list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificates in the + key vault along with a link to the next page of certificates. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateItem] + :ivar next_link: The URL to get the next set of certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateMergeParameters(Model): + """The certificate merge parameters. + + All required parameters must be populated in order to send to Azure. + + :param x509_certificates: Required. The certificate or the certificate + chain to merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'x509_certificates': {'required': True}, + } + + _attribute_map = { + 'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, x509_certificates, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateMergeParameters, self).__init__(**kwargs) + self.x509_certificates = x509_certificates + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateOperation(Model): + """A certificate operation is returned in case of asynchronous requests. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param csr: The certificate signing request (CSR) that is being used in + the certificate operation. + :type csr: bytearray + :param cancellation_requested: Indicates if cancellation was requested on + the certificate operation. + :type cancellation_requested: bool + :param status: Status of the certificate operation. + :type status: str + :param status_details: The status details of the certificate operation. + :type status_details: str + :param error: Error encountered, if any, during the certificate operation. + :type error: ~azure.keyvault.v7_1.models.Error + :param target: Location which contains the result of the certificate + operation. + :type target: str + :param request_id: Identifier for the certificate operation. + :type request_id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'csr': {'key': 'csr', 'type': 'bytearray'}, + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + 'status': {'key': 'status', 'type': 'str'}, + 'status_details': {'key': 'status_details', 'type': 'str'}, + 'error': {'key': 'error', 'type': 'Error'}, + 'target': {'key': 'target', 'type': 'str'}, + 'request_id': {'key': 'request_id', 'type': 'str'}, + } + + def __init__(self, *, issuer_parameters=None, csr: bytearray=None, cancellation_requested: bool=None, status: str=None, status_details: str=None, error=None, target: str=None, request_id: str=None, **kwargs) -> None: + super(CertificateOperation, self).__init__(**kwargs) + self.id = None + self.issuer_parameters = issuer_parameters + self.csr = csr + self.cancellation_requested = cancellation_requested + self.status = status + self.status_details = status_details + self.error = error + self.target = target + self.request_id = request_id + + +class CertificateOperationUpdateParameter(Model): + """The certificate operation update parameters. + + All required parameters must be populated in order to send to Azure. + + :param cancellation_requested: Required. Indicates if cancellation was + requested on the certificate operation. + :type cancellation_requested: bool + """ + + _validation = { + 'cancellation_requested': {'required': True}, + } + + _attribute_map = { + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + } + + def __init__(self, *, cancellation_requested: bool, **kwargs) -> None: + super(CertificateOperationUpdateParameter, self).__init__(**kwargs) + self.cancellation_requested = cancellation_requested + + +class CertificatePolicy(Model): + """Management policy for a certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param key_properties: Properties of the key backing a certificate. + :type key_properties: ~azure.keyvault.v7_1.models.KeyProperties + :param secret_properties: Properties of the secret backing a certificate. + :type secret_properties: ~azure.keyvault.v7_1.models.SecretProperties + :param x509_certificate_properties: Properties of the X509 component of a + certificate. + :type x509_certificate_properties: + ~azure.keyvault.v7_1.models.X509CertificateProperties + :param lifetime_actions: Actions that will be performed by Key Vault over + the lifetime of a certificate. + :type lifetime_actions: list[~azure.keyvault.v7_1.models.LifetimeAction] + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'key_properties': {'key': 'key_props', 'type': 'KeyProperties'}, + 'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'}, + 'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'}, + 'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + } + + def __init__(self, *, key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None, **kwargs) -> None: + super(CertificatePolicy, self).__init__(**kwargs) + self.id = None + self.key_properties = key_properties + self.secret_properties = secret_properties + self.x509_certificate_properties = x509_certificate_properties + self.lifetime_actions = lifetime_actions + self.issuer_parameters = issuer_parameters + self.attributes = attributes + + +class CertificateRestoreParameters(Model): + """The certificate restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param certificate_bundle_backup: Required. The backup blob associated + with a certificate bundle. + :type certificate_bundle_backup: bytes + """ + + _validation = { + 'certificate_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'certificate_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, certificate_bundle_backup: bytes, **kwargs) -> None: + super(CertificateRestoreParameters, self).__init__(**kwargs) + self.certificate_bundle_backup = certificate_bundle_backup + + +class CertificateUpdateParameters(Model): + """The certificate update parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateUpdateParameters, self).__init__(**kwargs) + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class Contact(Model): + """The contact information for the vault certificates. + + :param email_address: Email address. + :type email_address: str + :param name: Name. + :type name: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'email_address': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, *, email_address: str=None, name: str=None, phone: str=None, **kwargs) -> None: + super(Contact, self).__init__(**kwargs) + self.email_address = email_address + self.name = name + self.phone = phone + + +class Contacts(Model): + """The contacts for the vault certificates. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the contacts collection. + :vartype id: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'contact_list': {'key': 'contacts', 'type': '[Contact]'}, + } + + def __init__(self, *, contact_list=None, **kwargs) -> None: + super(Contacts, self).__init__(**kwargs) + self.id = None + self.contact_list = contact_list + + +class DeletedCertificateBundle(CertificateBundle): + """A Deleted Certificate consisting of its previous id, attributes and its + tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedCertificateBundle, self).__init__(cer=cer, content_type=content_type, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateItem(CertificateItem): + """The deleted certificate item containing metadata about the deleted + certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedCertificateItem, self).__init__(id=id, attributes=attributes, tags=tags, x509_thumbprint=x509_thumbprint, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateListResult(Model): + """A list of certificates that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted certificates + in the vault along with a link to the next page of deleted certificates + :vartype value: list[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :ivar next_link: The URL to get the next set of deleted certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedCertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedCertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyBundle(Model): + """A KeyBundle consisting of a WebKey plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, key=None, attributes=None, tags=None, **kwargs) -> None: + super(KeyBundle, self).__init__(**kwargs) + self.key = key + self.attributes = attributes + self.tags = tags + self.managed = None + + +class DeletedKeyBundle(KeyBundle): + """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion + info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, key=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedKeyBundle, self).__init__(key=key, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class KeyItem(Model): + """The key item containing key metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, kid: str=None, attributes=None, tags=None, **kwargs) -> None: + super(KeyItem, self).__init__(**kwargs) + self.kid = kid + self.attributes = attributes + self.tags = tags + self.managed = None + + +class DeletedKeyItem(KeyItem): + """The deleted key item containing the deleted key metadata and information + about deletion. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, kid: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedKeyItem, self).__init__(kid=kid, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedKeyListResult(Model): + """A list of keys that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted keys in the + vault along with a link to the next page of deleted keys + :vartype value: list[~azure.keyvault.v7_1.models.DeletedKeyItem] + :ivar next_link: The URL to get the next set of deleted keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedKeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedKeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionBundle(Model): + """A SAS definition bundle consists of key vault SAS definition details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionBundle, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.template_uri = None + self.sas_type = None + self.validity_period = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionBundle(SasDefinitionBundle): + """A deleted SAS definition bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedSasDefinitionBundle, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class SasDefinitionItem(Model): + """The SAS definition item containing storage SAS definition metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionItem, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionItem(SasDefinitionItem): + """The deleted SAS definition item containing metadata about the deleted SAS + definition. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedSasDefinitionItem, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSasDefinitionListResult(Model): + """The deleted SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted SAS + definitions in the vault along with a link to the next page of deleted sas + definitions + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :ivar next_link: The URL to get the next set of deleted SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedSasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretBundle(Model): + """A secret consisting of a value, id and its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None: + super(SecretBundle, self).__init__(**kwargs) + self.value = value + self.id = id + self.content_type = content_type + self.attributes = attributes + self.tags = tags + self.kid = None + self.managed = None + + +class DeletedSecretBundle(SecretBundle): + """A Deleted Secret consisting of its previous id, attributes and its tags, as + well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedSecretBundle, self).__init__(value=value, id=id, content_type=content_type, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class SecretItem(Model): + """The secret item containing secret metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, **kwargs) -> None: + super(SecretItem, self).__init__(**kwargs) + self.id = id + self.attributes = attributes + self.tags = tags + self.content_type = content_type + self.managed = None + + +class DeletedSecretItem(SecretItem): + """The deleted secret item containing metadata about the deleted secret. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedSecretItem, self).__init__(id=id, attributes=attributes, tags=tags, content_type=content_type, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSecretListResult(Model): + """The deleted secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted secrets + in the vault along with a link to the next page of deleted secrets + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSecretItem] + :ivar next_link: The URL to get the next set of deleted secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedSecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageAccountItem(Model): + """The storage account item containing storage account metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageAccountItem, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.attributes = None + self.tags = None + + +class DeletedStorageAccountItem(StorageAccountItem): + """The deleted storage account item containing metadata about the deleted + storage account. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedStorageAccountItem, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class StorageBundle(Model): + """A Storage account bundle consists of key vault storage account details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageBundle, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.active_key_name = None + self.auto_regenerate_key = None + self.regeneration_period = None + self.attributes = None + self.tags = None + + +class DeletedStorageBundle(StorageBundle): + """A deleted storage account bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedStorageBundle, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedStorageListResult(Model): + """The deleted storage account list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted storage + accounts in the vault along with a link to the next page of deleted + storage accounts + :vartype value: + list[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :ivar next_link: The URL to get the next set of deleted storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedStorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedStorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class Error(Model): + """The key vault server error. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar inner_error: + :vartype inner_error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'inner_error': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'inner_error': {'key': 'innererror', 'type': 'Error'}, + } + + def __init__(self, **kwargs) -> None: + super(Error, self).__init__(**kwargs) + self.code = None + self.message = None + self.inner_error = None + + +class IssuerAttributes(Model): + """The attributes of an issuer managed by the Key Vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the issuer is enabled. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(IssuerAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + + +class IssuerBundle(Model): + """The issuer for Key Vault certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the issuer object. + :vartype id: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(IssuerBundle, self).__init__(**kwargs) + self.id = None + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class IssuerCredentials(Model): + """The credentials to be used for the certificate issuer. + + :param account_id: The user name/account name/account id. + :type account_id: str + :param password: The password/secret/account key. + :type password: str + """ + + _attribute_map = { + 'account_id': {'key': 'account_id', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + } + + def __init__(self, *, account_id: str=None, password: str=None, **kwargs) -> None: + super(IssuerCredentials, self).__init__(**kwargs) + self.account_id = account_id + self.password = password + + +class IssuerParameters(Model): + """Parameters for the issuer of the X509 component of a certificate. + + :param name: Name of the referenced issuer object or reserved names; for + example, 'Self' or 'Unknown'. + :type name: str + :param certificate_type: Certificate type as supported by the provider + (optional); for example 'OV-SSL', 'EV-SSL' + :type certificate_type: str + :param certificate_transparency: Indicates if the certificates generated + under this policy should be published to certificate transparency logs. + :type certificate_transparency: bool + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'certificate_type': {'key': 'cty', 'type': 'str'}, + 'certificate_transparency': {'key': 'cert_transparency', 'type': 'bool'}, + } + + def __init__(self, *, name: str=None, certificate_type: str=None, certificate_transparency: bool=None, **kwargs) -> None: + super(IssuerParameters, self).__init__(**kwargs) + self.name = name + self.certificate_type = certificate_type + self.certificate_transparency = certificate_transparency + + +class JsonWebKey(Model): + """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. + + :param kid: Key identifier. + :type kid: str + :param kty: JsonWebKey Key Type (kty), as defined in + https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_ops: + :type key_ops: list[str] + :param n: RSA modulus. + :type n: bytes + :param e: RSA public exponent. + :type e: bytes + :param d: RSA private exponent, or the D component of an EC private key. + :type d: bytes + :param dp: RSA private key parameter. + :type dp: bytes + :param dq: RSA private key parameter. + :type dq: bytes + :param qi: RSA private key parameter. + :type qi: bytes + :param p: RSA secret prime. + :type p: bytes + :param q: RSA secret prime, with p < q. + :type q: bytes + :param k: Symmetric key. + :type k: bytes + :param t: HSM Token, used with 'Bring Your Own Key'. + :type t: bytes + :param crv: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type crv: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param x: X component of an EC public key. + :type x: bytes + :param y: Y component of an EC public key. + :type y: bytes + """ + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'n': {'key': 'n', 'type': 'base64'}, + 'e': {'key': 'e', 'type': 'base64'}, + 'd': {'key': 'd', 'type': 'base64'}, + 'dp': {'key': 'dp', 'type': 'base64'}, + 'dq': {'key': 'dq', 'type': 'base64'}, + 'qi': {'key': 'qi', 'type': 'base64'}, + 'p': {'key': 'p', 'type': 'base64'}, + 'q': {'key': 'q', 'type': 'base64'}, + 'k': {'key': 'k', 'type': 'base64'}, + 't': {'key': 'key_hsm', 'type': 'base64'}, + 'crv': {'key': 'crv', 'type': 'str'}, + 'x': {'key': 'x', 'type': 'base64'}, + 'y': {'key': 'y', 'type': 'base64'}, + } + + def __init__(self, *, kid: str=None, kty=None, key_ops=None, n: bytes=None, e: bytes=None, d: bytes=None, dp: bytes=None, dq: bytes=None, qi: bytes=None, p: bytes=None, q: bytes=None, k: bytes=None, t: bytes=None, crv=None, x: bytes=None, y: bytes=None, **kwargs) -> None: + super(JsonWebKey, self).__init__(**kwargs) + self.kid = kid + self.kty = kty + self.key_ops = key_ops + self.n = n + self.e = e + self.d = d + self.dp = dp + self.dq = dq + self.qi = qi + self.p = p + self.q = q + self.k = k + self.t = t + self.crv = crv + self.x = x + self.y = y + + +class KeyAttributes(Attributes): + """The attributes of a key managed by the key vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for keys in the current vault. If it contains 'Purgeable' the key + can be permanently deleted by a privileged user; otherwise, only the + system can purge the key, at the end of the retention interval. Possible + values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(KeyAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class KeyCreateParameters(Model): + """The key create parameters. + + All required parameters must be populated in order to send to Azure. + + :param kty: Required. The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', + 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _validation = { + 'kty': {'required': True, 'min_length': 1}, + } + + _attribute_map = { + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, *, kty, key_size: int=None, key_ops=None, key_attributes=None, tags=None, curve=None, **kwargs) -> None: + super(KeyCreateParameters, self).__init__(**kwargs) + self.kty = kty + self.key_size = key_size + self.key_ops = key_ops + self.key_attributes = key_attributes + self.tags = tags + self.curve = curve + + +class KeyImportParameters(Model): + """The key import parameters. + + All required parameters must be populated in order to send to Azure. + + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key: Required. The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'key': {'required': True}, + } + + _attribute_map = { + 'hsm': {'key': 'Hsm', 'type': 'bool'}, + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, key, hsm: bool=None, key_attributes=None, tags=None, **kwargs) -> None: + super(KeyImportParameters, self).__init__(**kwargs) + self.hsm = hsm + self.key = key + self.key_attributes = key_attributes + self.tags = tags + + +class KeyListResult(Model): + """The key list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of keys in the key vault + along with a link to the next page of keys. + :vartype value: list[~azure.keyvault.v7_1.models.KeyItem] + :ivar next_link: The URL to get the next set of keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[KeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyOperationResult(Model): + """The key operation result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar kid: Key identifier + :vartype kid: str + :ivar result: + :vartype result: bytes + """ + + _validation = { + 'kid': {'readonly': True}, + 'result': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'result': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyOperationResult, self).__init__(**kwargs) + self.kid = None + self.result = None + + +class KeyOperationsParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, value: bytes, **kwargs) -> None: + super(KeyOperationsParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.value = value + + +class KeyProperties(Model): + """Properties of the key pair backing a certificate. + + :param exportable: Indicates if the private key can be exported. + :type exportable: bool + :param key_type: The type of key pair to be used for the certificate. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type key_type: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param reuse_key: Indicates if the same key pair will be used on + certificate renewal. + :type reuse_key: bool + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _attribute_map = { + 'exportable': {'key': 'exportable', 'type': 'bool'}, + 'key_type': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'reuse_key': {'key': 'reuse_key', 'type': 'bool'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, *, exportable: bool=None, key_type=None, key_size: int=None, reuse_key: bool=None, curve=None, **kwargs) -> None: + super(KeyProperties, self).__init__(**kwargs) + self.exportable = exportable + self.key_type = key_type + self.key_size = key_size + self.reuse_key = reuse_key + self.curve = curve + + +class KeyRestoreParameters(Model): + """The key restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_bundle_backup: Required. The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + """ + + _validation = { + 'key_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'key_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, key_bundle_backup: bytes, **kwargs) -> None: + super(KeyRestoreParameters, self).__init__(**kwargs) + self.key_bundle_backup = key_bundle_backup + + +class KeySignParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm identifier. + For more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', + 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', + 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, value: bytes, **kwargs) -> None: + super(KeySignParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.value = value + + +class KeyUpdateParameters(Model): + """The key update parameters. + + :param key_ops: Json web key operations. For more information on possible + key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, key_ops=None, key_attributes=None, tags=None, **kwargs) -> None: + super(KeyUpdateParameters, self).__init__(**kwargs) + self.key_ops = key_ops + self.key_attributes = key_attributes + self.tags = tags + + +class KeyVaultError(Model): + """The key vault error exception. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar error: + :vartype error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'error': {'readonly': True}, + } + + _attribute_map = { + 'error': {'key': 'error', 'type': 'Error'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyVaultError, self).__init__(**kwargs) + self.error = None + + +class KeyVaultErrorException(HttpResponseError): + """Server responsed with exception of type: 'KeyVaultError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, response, deserialize, *args): + + model_name = 'KeyVaultError' + self.error = deserialize(model_name, response) + if self.error is None: + self.error = deserialize.dependencies[model_name]() + super(KeyVaultErrorException, self).__init__(response=response) + + +class KeyVerifyParameters(Model): + """The key verify parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm. For more + information on possible algorithm types, see JsonWebKeySignatureAlgorithm. + Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', + 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: Required. The digest used for signing. + :type digest: bytes + :param signature: Required. The signature to be verified. + :type signature: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'digest': {'required': True}, + 'signature': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'digest': {'key': 'digest', 'type': 'base64'}, + 'signature': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, digest: bytes, signature: bytes, **kwargs) -> None: + super(KeyVerifyParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.digest = digest + self.signature = signature + + +class KeyVerifyResult(Model): + """The key verify result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: True if the signature is verified, otherwise false. + :vartype value: bool + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'bool'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyVerifyResult, self).__init__(**kwargs) + self.value = None + + +class LifetimeAction(Model): + """Action and its trigger that will be performed by Key Vault over the + lifetime of a certificate. + + :param trigger: The condition that will execute the action. + :type trigger: ~azure.keyvault.v7_1.models.Trigger + :param action: The action that will be executed. + :type action: ~azure.keyvault.v7_1.models.Action + """ + + _attribute_map = { + 'trigger': {'key': 'trigger', 'type': 'Trigger'}, + 'action': {'key': 'action', 'type': 'Action'}, + } + + def __init__(self, *, trigger=None, action=None, **kwargs) -> None: + super(LifetimeAction, self).__init__(**kwargs) + self.trigger = trigger + self.action = action + + +class OrganizationDetails(Model): + """Details of the organization of the certificate issuer. + + :param id: Id of the organization. + :type id: str + :param admin_details: Details of the organization administrator. + :type admin_details: + list[~azure.keyvault.v7_1.models.AdministratorDetails] + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'}, + } + + def __init__(self, *, id: str=None, admin_details=None, **kwargs) -> None: + super(OrganizationDetails, self).__init__(**kwargs) + self.id = id + self.admin_details = admin_details + + +class PendingCertificateSigningRequestResult(Model): + """The pending certificate signing request result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The pending certificate signing request as Base64 encoded + string. + :vartype value: str + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(PendingCertificateSigningRequestResult, self).__init__(**kwargs) + self.value = None + + +class SasDefinitionAttributes(Model): + """The SAS definition management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for SAS definitions in the current vault. If it contains + 'Purgeable' the SAS definition can be permanently deleted by a privileged + user; otherwise, only the system can purge the SAS definition, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(SasDefinitionAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class SasDefinitionCreateParameters(Model): + """The SAS definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param template_uri: Required. The SAS definition token template signed + with an arbitrary key. Tokens created according to the SAS definition + will have the same properties as the template. + :type template_uri: str + :param sas_type: Required. The type of SAS token the SAS definition will + create. Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: Required. The validity period of SAS tokens + created according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'template_uri': {'required': True}, + 'sas_type': {'required': True}, + 'validity_period': {'required': True}, + } + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, template_uri: str, sas_type, validity_period: str, sas_definition_attributes=None, tags=None, **kwargs) -> None: + super(SasDefinitionCreateParameters, self).__init__(**kwargs) + self.template_uri = template_uri + self.sas_type = sas_type + self.validity_period = validity_period + self.sas_definition_attributes = sas_definition_attributes + self.tags = tags + + +class SasDefinitionListResult(Model): + """The storage account SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of SAS definitions along + with a link to the next page of SAS definitions. + :vartype value: list[~azure.keyvault.v7_1.models.SasDefinitionItem] + :ivar next_link: The URL to get the next set of SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionUpdateParameters(Model): + """The SAS definition update parameters. + + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, template_uri: str=None, sas_type=None, validity_period: str=None, sas_definition_attributes=None, tags=None, **kwargs) -> None: + super(SasDefinitionUpdateParameters, self).__init__(**kwargs) + self.template_uri = template_uri + self.sas_type = sas_type + self.validity_period = validity_period + self.sas_definition_attributes = sas_definition_attributes + self.tags = tags + + +class SecretAttributes(Attributes): + """The secret management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for secrets in the current vault. If it contains 'Purgeable', the + secret can be permanently deleted by a privileged user; otherwise, only + the system can purge the secret, at the end of the retention interval. + Possible values include: 'Purgeable', 'Recoverable+Purgeable', + 'Recoverable', 'Recoverable+ProtectedSubscription', + 'CustomizedRecoverable+Purgeable', 'CustomizedRecoverable', + 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(SecretAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class SecretListResult(Model): + """The secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of secrets in the key + vault along with a link to the next page of secrets. + :vartype value: list[~azure.keyvault.v7_1.models.SecretItem] + :ivar next_link: The URL to get the next set of secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretProperties(Model): + """Properties of the key backing a certificate. + + :param content_type: The media type (MIME type). + :type content_type: str + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + } + + def __init__(self, *, content_type: str=None, **kwargs) -> None: + super(SecretProperties, self).__init__(**kwargs) + self.content_type = content_type + + +class SecretRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param secret_bundle_backup: Required. The backup blob associated with a + secret bundle. + :type secret_bundle_backup: bytes + """ + + _validation = { + 'secret_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'secret_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, secret_bundle_backup: bytes, **kwargs) -> None: + super(SecretRestoreParameters, self).__init__(**kwargs) + self.secret_bundle_backup = secret_bundle_backup + + +class SecretSetParameters(Model): + """The secret set parameters. + + All required parameters must be populated in order to send to Azure. + + :param value: Required. The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + } + + def __init__(self, *, value: str, tags=None, content_type: str=None, secret_attributes=None, **kwargs) -> None: + super(SecretSetParameters, self).__init__(**kwargs) + self.value = value + self.tags = tags + self.content_type = content_type + self.secret_attributes = secret_attributes + + +class SecretUpdateParameters(Model): + """The secret update parameters. + + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, content_type: str=None, secret_attributes=None, tags=None, **kwargs) -> None: + super(SecretUpdateParameters, self).__init__(**kwargs) + self.content_type = content_type + self.secret_attributes = secret_attributes + self.tags = tags + + +class StorageAccountAttributes(Model): + """The storage account management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for storage accounts in the current vault. If it contains + 'Purgeable' the storage account can be permanently deleted by a privileged + user; otherwise, only the system can purge the storage account, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(StorageAccountAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class StorageAccountCreateParameters(Model): + """The storage account create parameters. + + All required parameters must be populated in order to send to Azure. + + :param resource_id: Required. Storage account resource id. + :type resource_id: str + :param active_key_name: Required. Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: Required. whether keyvault should manage the + storage account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'resource_id': {'required': True}, + 'active_key_name': {'required': True}, + 'auto_regenerate_key': {'required': True}, + } + + _attribute_map = { + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, resource_id: str, active_key_name: str, auto_regenerate_key: bool, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None: + super(StorageAccountCreateParameters, self).__init__(**kwargs) + self.resource_id = resource_id + self.active_key_name = active_key_name + self.auto_regenerate_key = auto_regenerate_key + self.regeneration_period = regeneration_period + self.storage_account_attributes = storage_account_attributes + self.tags = tags + + +class StorageAccountRegenerteKeyParameters(Model): + """The storage account key regenerate parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_name: Required. The storage account key name. + :type key_name: str + """ + + _validation = { + 'key_name': {'required': True}, + } + + _attribute_map = { + 'key_name': {'key': 'keyName', 'type': 'str'}, + } + + def __init__(self, *, key_name: str, **kwargs) -> None: + super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs) + self.key_name = key_name + + +class StorageAccountUpdateParameters(Model): + """The storage account update parameters. + + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, active_key_name: str=None, auto_regenerate_key: bool=None, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None: + super(StorageAccountUpdateParameters, self).__init__(**kwargs) + self.active_key_name = active_key_name + self.auto_regenerate_key = auto_regenerate_key + self.regeneration_period = regeneration_period + self.storage_account_attributes = storage_account_attributes + self.tags = tags + + +class StorageListResult(Model): + """The storage accounts list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of storage accounts in + the key vault along with a link to the next page of storage accounts. + :vartype value: list[~azure.keyvault.v7_1.models.StorageAccountItem] + :ivar next_link: The URL to get the next set of storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[StorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param storage_bundle_backup: Required. The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + """ + + _validation = { + 'storage_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'storage_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, storage_bundle_backup: bytes, **kwargs) -> None: + super(StorageRestoreParameters, self).__init__(**kwargs) + self.storage_bundle_backup = storage_bundle_backup + + +class SubjectAlternativeNames(Model): + """The subject alternate names of a X509 object. + + :param emails: Email addresses. + :type emails: list[str] + :param dns_names: Domain names. + :type dns_names: list[str] + :param upns: User principal names. + :type upns: list[str] + """ + + _attribute_map = { + 'emails': {'key': 'emails', 'type': '[str]'}, + 'dns_names': {'key': 'dns_names', 'type': '[str]'}, + 'upns': {'key': 'upns', 'type': '[str]'}, + } + + def __init__(self, *, emails=None, dns_names=None, upns=None, **kwargs) -> None: + super(SubjectAlternativeNames, self).__init__(**kwargs) + self.emails = emails + self.dns_names = dns_names + self.upns = upns + + +class Trigger(Model): + """A condition to be satisfied for an action to be executed. + + :param lifetime_percentage: Percentage of lifetime at which to trigger. + Value should be between 1 and 99. + :type lifetime_percentage: int + :param days_before_expiry: Days before expiry to attempt renewal. Value + should be between 1 and validity_in_months multiplied by 27. If + validity_in_months is 36, then value should be between 1 and 972 (36 * + 27). + :type days_before_expiry: int + """ + + _validation = { + 'lifetime_percentage': {'maximum': 99, 'minimum': 1}, + } + + _attribute_map = { + 'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'}, + 'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'}, + } + + def __init__(self, *, lifetime_percentage: int=None, days_before_expiry: int=None, **kwargs) -> None: + super(Trigger, self).__init__(**kwargs) + self.lifetime_percentage = lifetime_percentage + self.days_before_expiry = days_before_expiry + + +class X509CertificateProperties(Model): + """Properties of the X509 component of a certificate. + + :param subject: The subject name. Should be a valid X509 distinguished + Name. + :type subject: str + :param ekus: The enhanced key usage. + :type ekus: list[str] + :param subject_alternative_names: The subject alternative names. + :type subject_alternative_names: + ~azure.keyvault.v7_1.models.SubjectAlternativeNames + :param key_usage: List of key usages. + :type key_usage: list[str or ~azure.keyvault.v7_1.models.KeyUsageType] + :param validity_in_months: The duration that the certificate is valid in + months. + :type validity_in_months: int + """ + + _validation = { + 'validity_in_months': {'minimum': 0}, + } + + _attribute_map = { + 'subject': {'key': 'subject', 'type': 'str'}, + 'ekus': {'key': 'ekus', 'type': '[str]'}, + 'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'}, + 'key_usage': {'key': 'key_usage', 'type': '[str]'}, + 'validity_in_months': {'key': 'validity_months', 'type': 'int'}, + } + + def __init__(self, *, subject: str=None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months: int=None, **kwargs) -> None: + super(X509CertificateProperties, self).__init__(**kwargs) + self.subject = subject + self.ekus = ekus + self.subject_alternative_names = subject_alternative_names + self.key_usage = key_usage + self.validity_in_months = validity_in_months diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/__init__.py new file mode 100644 index 000000000000..603e37d3ee07 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_operations import KeyVaultClientOperationsMixin + +__all__ = [ + 'KeyVaultClientOperationsMixin', +] diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py new file mode 100644 index 000000000000..449c73af3bb1 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py @@ -0,0 +1,5224 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core.exceptions import map_error +from azure.core.paging import ItemPaged +from .. import models +import uuid + + +class KeyVaultClientOperationsMixin(object): + + def get_certificates( + self, vault_base_url, maxresults=None, include_pending=None, cls=None, **kwargs): + """List certificates in a specified key vault. + + The GetCertificates operation returns the set of certificates resources + in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificates.metadata = {'url': '/certificates'} + + def delete_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Deletes a certificate from a specified key vault. + + Deletes all versions of a certificate object along with its associated + policy. Delete certificate cannot be used to remove individual versions + of a certificate object. This operation requires the + certificates/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate.metadata = {'url': '/certificates/{certificate-name}'} + + def set_certificate_contacts(self, vault_base_url, contact_list=None, cls=None, **kwargs): + """Sets the certificate contacts for the specified key vault. + + Sets the certificate contacts for the specified key vault. This + operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + contacts = models.Contacts(contact_list=contact_list) + + # Construct URL + url = self.set_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(contacts, 'Contacts') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_contacts(self, vault_base_url, cls=None, **kwargs): + """Lists the certificate contacts for a specified key vault. + + The GetCertificateContacts operation returns the set of certificate + contact resources in the specified key vault. This operation requires + the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def delete_certificate_contacts(self, vault_base_url, cls=None, **kwargs): + """Deletes the certificate contacts for a specified key vault. + + Deletes the certificate contacts for a specified key vault certificate. + This operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_issuers( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List certificate issuers for a specified key vault. + + The GetCertificateIssuers operation returns the set of certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateIssuerItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_issuers.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateIssuerListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificate_issuers.metadata = {'url': '/certificates/issuers'} + + def set_certificate_issuer(self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, cls=None, **kwargs): + """Sets the specified certificate issuer. + + The SetCertificateIssuer operation adds or updates the specified + certificate issuer. This operation requires the certificates/setissuers + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.set_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def update_certificate_issuer(self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, cls=None, **kwargs): + """Updates the specified certificate issuer. + + The UpdateCertificateIssuer operation performs an update on the + specified certificate issuer entity. This operation requires the + certificates/setissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.update_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def get_certificate_issuer(self, vault_base_url, issuer_name, cls=None, **kwargs): + """Lists the specified certificate issuer. + + The GetCertificateIssuer operation returns the specified certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def delete_certificate_issuer(self, vault_base_url, issuer_name, cls=None, **kwargs): + """Deletes the specified certificate issuer. + + The DeleteCertificateIssuer operation permanently removes the specified + certificate issuer from the vault. This operation requires the + certificates/manageissuers/deleteissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def create_certificate(self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Creates a new certificate. + + If this is the first version, the certificate resource is created. This + operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.create_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'} + + def import_certificate(self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Imports a certificate into a specified key vault. + + Imports an existing valid certificate, containing a private key, into + Azure Key Vault. The certificate to be imported can be in either PFX or + PEM format. If the certificate is in PEM format the PEM file must + contain the key as well as x509 certificates. This operation requires + the certificates/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param base64_encoded_certificate: Base64 encoded representation of + the certificate object to import. This certificate needs to contain + the private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.import_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateImportParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'} + + def get_certificate_versions( + self, vault_base_url, certificate_name, maxresults=None, cls=None, **kwargs): + """List the versions of a certificate. + + The GetCertificateVersions operation returns the versions of a + certificate in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'} + + def get_certificate_policy(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Lists the policy for a certificate. + + The GetCertificatePolicy operation returns the specified certificate + policy resources in the specified key vault. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in a given key + vault. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + def update_certificate_policy(self, vault_base_url, certificate_name, certificate_policy, cls=None, **kwargs): + """Updates the policy for a certificate. + + Set specified members in the certificate policy. Leave others as null. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_policy: The policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.update_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_policy, 'CertificatePolicy') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + def update_certificate(self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given certificate. + + The UpdateCertificate operation applies the specified update on the + given certificate; the only elements updated are the certificate's + attributes. This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given key + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.update_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + def get_certificate(self, vault_base_url, certificate_name, certificate_version, cls=None, **kwargs): + """Gets information about a certificate. + + Gets information about a specific certificate. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + def update_certificate_operation(self, vault_base_url, certificate_name, cancellation_requested, cls=None, **kwargs): + """Updates a certificate operation. + + Updates a certificate creation operation that is already in progress. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param cancellation_requested: Indicates if cancellation was requested + on the certificate operation. + :type cancellation_requested: bool + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested) + + # Construct URL + url = self.update_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_operation, 'CertificateOperationUpdateParameter') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def get_certificate_operation(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Gets the creation operation of a certificate. + + Gets the creation operation associated with a specified certificate. + This operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def delete_certificate_operation(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Deletes the creation operation for a specific certificate. + + Deletes the creation operation for a specified certificate that is in + the process of being created. The certificate is no longer created. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def merge_certificate(self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Merges a certificate or a certificate chain with a key pair existing on + the server. + + The MergeCertificate operation performs the merging of a certificate or + certificate chain with a key pair currently available in the service. + This operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param x509_certificates: The certificate or the certificate chain to + merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.merge_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateMergeParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'} + + def backup_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Backs up the specified certificate. + + Requests that a backup of the specified certificate be downloaded to + the client. All versions of the certificate will be downloaded. This + operation requires the certificates/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupCertificateResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupCertificateResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupCertificateResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_certificate.metadata = {'url': '/certificates/{certificate-name}/backup'} + + def restore_certificate(self, vault_base_url, certificate_bundle_backup, cls=None, **kwargs): + """Restores a backed up certificate to a vault. + + Restores a backed up certificate, and all its versions, to a vault. + This operation requires the certificates/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_bundle_backup: The backup blob associated with a + certificate bundle. + :type certificate_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateRestoreParameters(certificate_bundle_backup=certificate_bundle_backup) + + # Construct URL + url = self.restore_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_certificate.metadata = {'url': '/certificates/restore'} + + def get_deleted_certificates( + self, vault_base_url, maxresults=None, include_pending=None, cls=None, **kwargs): + """Lists the deleted certificates in the specified vault currently + available for recovery. + + The GetDeletedCertificates operation retrieves the certificates in the + current vault which are in a deleted state and ready for recovery or + purging. This operation includes deletion-specific information. This + operation requires the certificates/get/list permission. This operation + can only be enabled on soft-delete enabled vaults. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of DeletedCertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedCertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_certificates.metadata = {'url': '/deletedcertificates'} + + def get_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Retrieves information about the specified deleted certificate. + + The GetDeletedCertificate operation retrieves the deleted certificate + information plus its attributes, such as retention interval, scheduled + permanent deletion and the current deletion recovery level. This + operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + def purge_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Permanently deletes the specified deleted certificate. + + The PurgeDeletedCertificate operation performs an irreversible deletion + of the specified certificate, without possibility for recovery. The + operation is not available if the recovery level does not specify + 'Purgeable'. This operation requires the certificate/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + def recover_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Recovers the deleted certificate back to its current version under + /certificates. + + The RecoverDeletedCertificate operation performs the reversal of the + Delete operation. The operation is applicable in vaults enabled for + soft-delete, and must be issued during the retention interval + (available in the deleted certificate's attributes). This operation + requires the certificates/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the deleted certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'} + + def create_key(self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, cls=None, **kwargs): + """Creates a new key, stores it, then returns key parameters and + attributes to the client. + + The create key operation can be used to create any key type in Azure + Key Vault. If the named key already exists, Azure Key Vault creates a + new version of the key. It requires the keys/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name for the new key. The system will generate + the version name for the new key. + :type key_name: str + :param kty: The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', + 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or + 4096 for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', + 'P-521', 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve) + + # Construct URL + url = self.create_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_key.metadata = {'url': '/keys/{key-name}/create'} + + def import_key(self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, cls=None, **kwargs): + """Imports an externally created key, stores it, and returns key + parameters and attributes to the client. + + The import key operation may be used to import any key type into an + Azure Key Vault. If the named key already exists, Azure Key Vault + creates a new version of the key. This operation requires the + keys/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: Name for the imported key. + :type key_name: str + :param key: The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.import_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyImportParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_key.metadata = {'url': '/keys/{key-name}'} + + def delete_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Deletes a key of any type from storage in Azure Key Vault. + + The delete key operation cannot be used to remove individual versions + of a key. This operation removes the cryptographic material associated + with the key, which means the key is not usable for Sign/Verify, + Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the + keys/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to delete. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_key.metadata = {'url': '/keys/{key-name}'} + + def update_key(self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, cls=None, **kwargs): + """The update key operation changes specified attributes of a stored key + and can be applied to any key type and key version stored in Azure Key + Vault. + + In order to perform this operation, the key must already exist in the + Key Vault. Note: The cryptographic material of a key itself cannot be + changed. This operation requires the keys/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of key to update. + :type key_name: str + :param key_version: The version of the key to update. + :type key_version: str + :param key_ops: Json web key operations. For more information on + possible key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.update_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key(self, vault_base_url, key_name, key_version, cls=None, **kwargs): + """Gets the public part of a stored key. + + The get key operation is applicable to all key types. If the requested + key is symmetric, then no key material is released in the response. + This operation requires the keys/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to get. + :type key_name: str + :param key_version: Adding the version parameter retrieves a specific + version of a key. + :type key_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key_versions( + self, vault_base_url, key_name, maxresults=None, cls=None, **kwargs): + """Retrieves a list of individual key versions with the same key name. + + The full key identifier, attributes, and tags are provided in the + response. This operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_key_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_key_versions.metadata = {'url': '/keys/{key-name}/versions'} + + def get_keys( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a stored key. The LIST + operation is applicable to all key types, however only the base key + identifier, attributes, and tags are provided in the response. + Individual versions of a key are not listed in the response. This + operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_keys.metadata = {'url': '/keys'} + + def backup_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Requests that a backup of the specified key be downloaded to the + client. + + The Key Backup operation exports a key from Azure Key Vault in a + protected form. Note that this operation does NOT return key material + in a form that can be used outside the Azure Key Vault system, the + returned key material is either protected to a Azure Key Vault HSM or + to Azure Key Vault itself. The intent of this operation is to allow a + client to GENERATE a key in one Azure Key Vault instance, BACKUP the + key, and then RESTORE it into another Azure Key Vault instance. The + BACKUP operation may be used to export, in protected form, any key type + from Azure Key Vault. Individual versions of a key cannot be backed up. + BACKUP / RESTORE can be performed within geographical boundaries only; + meaning that a BACKUP from one geographical area cannot be restored to + another geographical area. For example, a backup from the US + geographical area cannot be restored in an EU geographical area. This + operation requires the key/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupKeyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupKeyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupKeyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_key.metadata = {'url': '/keys/{key-name}/backup'} + + def restore_key(self, vault_base_url, key_bundle_backup, cls=None, **kwargs): + """Restores a backed up key to a vault. + + Imports a previously backed up key into Azure Key Vault, restoring the + key, its key identifier, attributes and access control policies. The + RESTORE operation may be used to import a previously backed up key. + Individual versions of a key cannot be restored. The key is restored in + its entirety with the same key name as it had when it was backed up. If + the key name is not available in the target Key Vault, the RESTORE + operation will be rejected. While the key name is retained during + restore, the final key identifier will change if the key is restored to + a different vault. Restore will restore all versions and preserve + version identifiers. The RESTORE operation is subject to security + constraints: The target Key Vault must be owned by the same Microsoft + Azure Subscription as the source Key Vault The user must have RESTORE + permission in the target Key Vault. This operation requires the + keys/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_bundle_backup: The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup) + + # Construct URL + url = self.restore_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_key.metadata = {'url': '/keys/restore'} + + def encrypt(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Encrypts an arbitrary sequence of bytes using an encryption key that is + stored in a key vault. + + The ENCRYPT operation encrypts an arbitrary sequence of bytes using an + encryption key that is stored in Azure Key Vault. Note that the ENCRYPT + operation only supports a single block of data, the size of which is + dependent on the target key and the encryption algorithm to be used. + The ENCRYPT operation is only strictly necessary for symmetric keys + stored in Azure Key Vault since protection with an asymmetric key can + be performed using public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/encrypt permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.encrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'} + + def decrypt(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Decrypts a single block of encrypted data. + + The DECRYPT operation decrypts a well-formed block of ciphertext using + the target encryption key and specified algorithm. This operation is + the reverse of the ENCRYPT operation; only a single block of data may + be decrypted, the size of this block is dependent on the target key and + the algorithm to be used. The DECRYPT operation applies to asymmetric + and symmetric keys stored in Azure Key Vault since it uses the private + portion of the key. This operation requires the keys/decrypt + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.decrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'} + + def sign(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Creates a signature from a digest using the specified key. + + The SIGN operation is applicable to asymmetric and symmetric keys + stored in Azure Key Vault since this operation uses the private portion + of the key. This operation requires the keys/sign permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm identifier. For + more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeySignParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.sign.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeySignParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'} + + def verify(self, vault_base_url, key_name, key_version, algorithm, digest, signature, cls=None, **kwargs): + """Verifies a signature using a specified key. + + The VERIFY operation is applicable to symmetric keys stored in Azure + Key Vault. VERIFY is not strictly necessary for asymmetric keys stored + in Azure Key Vault since signature verification can be performed using + the public portion of the key but this operation is supported as a + convenience for callers that only have a key-reference and not the + public portion of the key. This operation requires the keys/verify + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm. For more + information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: The digest used for signing. + :type digest: bytes + :param signature: The signature to be verified. + :type signature: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyVerifyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyVerifyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature) + + # Construct URL + url = self.verify.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyVerifyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyVerifyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'} + + def wrap_key(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Wraps a symmetric key using a specified key. + + The WRAP operation supports encryption of a symmetric key using a key + encryption key that has previously been stored in an Azure Key Vault. + The WRAP operation is only strictly necessary for symmetric keys stored + in Azure Key Vault since protection with an asymmetric key can be + performed using the public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/wrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.wrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'} + + def unwrap_key(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Unwraps a symmetric key using the specified key that was initially used + for wrapping that key. + + The UNWRAP operation supports decryption of a symmetric key using the + target key encryption key. This operation is the reverse of the WRAP + operation. The UNWRAP operation applies to asymmetric and symmetric + keys stored in Azure Key Vault since it uses the private portion of the + key. This operation requires the keys/unwrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.unwrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'} + + def get_deleted_keys( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists the deleted keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a deleted key. This + operation includes deletion-specific information. The Get Deleted Keys + operation is applicable for vaults enabled for soft-delete. While the + operation can be invoked on any vault, it will return an error if + invoked on a non soft-delete enabled vault. This operation requires the + keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedKeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedKeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedKeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_keys.metadata = {'url': '/deletedkeys'} + + def get_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Gets the public part of a deleted key. + + The Get Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/get permission. . + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + def purge_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Permanently deletes the specified key. + + The Purge Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + def recover_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Recovers the deleted key to its latest version. + + The Recover Deleted Key operation is applicable for deleted keys in + soft-delete enabled vaults. It recovers the deleted key back to its + latest version under /keys. An attempt to recover an non-deleted key + will return an error. Consider this the inverse of the delete operation + on soft-delete enabled vaults. This operation requires the keys/recover + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the deleted key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'} + + def set_secret(self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, cls=None, **kwargs): + """Sets a secret in a specified key vault. + + The SET operation adds a secret to the Azure Key Vault. If the named + secret already exists, Azure Key Vault creates a new version of that + secret. This operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param value: The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes) + + # Construct URL + url = self.set_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_secret.metadata = {'url': '/secrets/{secret-name}'} + + def delete_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Deletes a secret from a specified key vault. + + The DELETE operation applies to any secret stored in Azure Key Vault. + DELETE cannot be applied to an individual version of a secret. This + operation requires the secrets/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_secret.metadata = {'url': '/secrets/{secret-name}'} + + def update_secret(self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, cls=None, **kwargs): + """Updates the attributes associated with a specified secret in a given + key vault. + + The UPDATE operation changes specified attributes of an existing stored + secret. Attributes that are not specified in the request are left + unchanged. The value of a secret itself cannot be changed. This + operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags) + + # Construct URL + url = self.update_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secret(self, vault_base_url, secret_name, secret_version, cls=None, **kwargs): + """Get a specified secret from a given key vault. + + The GET operation is applicable to any secret stored in Azure Key + Vault. This operation requires the secrets/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secrets( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List secrets in a specified key vault. + + The Get Secrets operation is applicable to the entire vault. However, + only the base secret identifier and its attributes are provided in the + response. Individual secret versions are not listed in the response. + This operation requires the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_secrets.metadata = {'url': '/secrets'} + + def get_secret_versions( + self, vault_base_url, secret_name, maxresults=None, cls=None, **kwargs): + """List all versions of the specified secret. + + The full secret identifier and attributes are provided in the response. + No values are returned for the secrets. This operations requires the + secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secret_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'} + + def get_deleted_secrets( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists deleted secrets for the specified vault. + + The Get Deleted Secrets operation returns the secrets that have been + deleted for a vault enabled for soft-delete. This operation requires + the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedSecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedSecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_secrets.metadata = {'url': '/deletedsecrets'} + + def get_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Gets the specified deleted secret. + + The Get Deleted Secret operation returns the specified deleted secret + along with its attributes. This operation requires the secrets/get + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + def purge_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Permanently deletes the specified secret. + + The purge deleted secret operation removes the secret permanently, + without the possibility of recovery. This operation can only be enabled + on a soft-delete enabled vault. This operation requires the + secrets/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + def recover_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Recovers the deleted secret to the latest version. + + Recovers the deleted secret in the specified vault. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the secrets/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the deleted secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'} + + def backup_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Backs up the specified secret. + + Requests that a backup of the specified secret be downloaded to the + client. All versions of the secret will be downloaded. This operation + requires the secrets/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupSecretResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupSecretResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupSecretResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'} + + def restore_secret(self, vault_base_url, secret_bundle_backup, cls=None, **kwargs): + """Restores a backed up secret to a vault. + + Restores a backed up secret, and all its versions, to a vault. This + operation requires the secrets/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_bundle_backup: The backup blob associated with a secret + bundle. + :type secret_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup) + + # Construct URL + url = self.restore_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_secret.metadata = {'url': '/secrets/restore'} + + def get_storage_accounts( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List storage accounts managed by the specified key vault. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of StorageAccountItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.StorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('StorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_storage_accounts.metadata = {'url': '/storage'} + + def get_deleted_storage_accounts( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists deleted storage accounts for the specified vault. + + The Get Deleted Storage Accounts operation returns the storage accounts + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedStorageAccountItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedStorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_storage_accounts.metadata = {'url': '/deletedstorage'} + + def get_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Gets the specified deleted storage account. + + The Get Deleted Storage Account operation returns the specified deleted + storage account along with its attributes. This operation requires the + storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + def purge_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Permanently deletes the specified storage account. + + The purge deleted storage account operation removes the secret + permanently, without the possibility of recovery. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the storage/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + def recover_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Recovers the deleted storage account. + + Recovers the deleted storage account in the specified vault. This + operation can only be performed on a soft-delete enabled vault. This + operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}/recover'} + + def backup_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Backs up the specified storage account. + + Requests that a backup of the specified storage account be downloaded + to the client. This operation requires the storage/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupStorageResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupStorageResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupStorageResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_storage_account.metadata = {'url': '/storage/{storage-account-name}/backup'} + + def restore_storage_account(self, vault_base_url, storage_bundle_backup, cls=None, **kwargs): + """Restores a backed up storage account to a vault. + + Restores a backed up storage account to a vault. This operation + requires the storage/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_bundle_backup: The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageRestoreParameters(storage_bundle_backup=storage_bundle_backup) + + # Construct URL + url = self.restore_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_storage_account.metadata = {'url': '/storage/restore'} + + def delete_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Deletes a storage account. This operation requires the storage/delete + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def get_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Gets information about a specified storage account. This operation + requires the storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def set_storage_account(self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, cls=None, **kwargs): + """Creates or updates a new storage account. This operation requires the + storage/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param resource_id: Storage account resource id. + :type resource_id: str + :param active_key_name: Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.set_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def update_storage_account(self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given storage + account. This operation requires the storage/set/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.update_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def regenerate_storage_account_key(self, vault_base_url, storage_account_name, key_name, cls=None, **kwargs): + """Regenerates the specified key value for the given storage account. This + operation requires the storage/regeneratekey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param key_name: The storage account key name. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name) + + # Construct URL + url = self.regenerate_storage_account_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountRegenerteKeyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'} + + def get_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, cls=None, **kwargs): + """List storage SAS definitions for the given storage account. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SasDefinitionItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'} + + def get_deleted_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, cls=None, **kwargs): + """Lists deleted SAS definitions for the specified vault and storage + account. + + The Get Deleted Sas Definitions operation returns the SAS definitions + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSasDefinitionItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedSasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_sas_definitions.metadata = {'url': '/deletedstorage/{storage-account-name}/sas'} + + def get_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Gets the specified deleted sas definition. + + The Get Deleted SAS Definition operation returns the specified deleted + SAS definition along with its attributes. This operation requires the + storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}'} + + def recover_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Recovers the deleted SAS definition. + + Recovers the deleted SAS definition for the specified storage account. + This operation can only be performed on a soft-delete enabled vault. + This operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}/recover'} + + def delete_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Deletes a SAS definition from a specified storage account. This + operation requires the storage/deletesas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def get_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Gets information about a SAS definition for the specified storage + account. This operation requires the storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def set_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri, sas_type, validity_period, sas_definition_attributes=None, tags=None, cls=None, **kwargs): + """Creates or updates a new SAS definition for the specified storage + account. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionCreateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.set_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def update_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri=None, sas_type=None, validity_period=None, sas_definition_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given SAS + definition. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionUpdateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.update_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/version.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/version.py new file mode 100644 index 000000000000..d92d63667368 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_generated/v7_1_preview/version.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +VERSION = "7.1-preview" + diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/__init__.py new file mode 100644 index 000000000000..e913d4cf6c46 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/__init__.py @@ -0,0 +1,18 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client import KeyVaultClient +__all__ = ['KeyVaultClient'] + +from .version import VERSION + +__version__ = VERSION + diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_configuration.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_configuration.py new file mode 100644 index 000000000000..68d6f5b6bd2c --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_configuration.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from .version import VERSION + + +class KeyVaultClientConfiguration(Configuration): + """Configuration for KeyVaultClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__(self, credentials, **kwargs): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + + super(KeyVaultClientConfiguration, self).__init__(**kwargs) + self._configure(**kwargs) + + self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION)) + self.generate_client_request_id = True + + self.credentials = credentials + + def _configure(self, **kwargs): + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_key_vault_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_key_vault_client.py new file mode 100644 index 000000000000..f380f67e0a87 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/_key_vault_client.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core import PipelineClient +from msrest import Serializer, Deserializer + +from ._configuration import KeyVaultClientConfiguration +from .operations import KeyVaultClientOperationsMixin +from . import models + + +class KeyVaultClient(KeyVaultClientOperationsMixin): + """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. + + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials, **kwargs): + + base_url = '{vaultBaseUrl}' + self._config = KeyVaultClientConfiguration(credentials, **kwargs) + self._client = PipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '7.1-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + + def close(self): + self._client.close() + def __enter__(self): + self._client.__enter__() + return self + def __exit__(self, *exc_details): + self._client.__exit__(*exc_details) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/__init__.py new file mode 100644 index 000000000000..fb2e6c3866fd --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/__init__.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_async import KeyVaultClient +__all__ = ['KeyVaultClient'] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_configuration_async.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_configuration_async.py new file mode 100644 index 000000000000..fb961bb4bd2d --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_configuration_async.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from ..version import VERSION + + +class KeyVaultClientConfiguration(Configuration): + """Configuration for KeyVaultClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__(self, credentials, **kwargs): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + + super(KeyVaultClientConfiguration, self).__init__(**kwargs) + self._configure(**kwargs) + + self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION)) + self.generate_client_request_id = True + + self.credentials = credentials + + def _configure(self, **kwargs): + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py new file mode 100644 index 000000000000..b2b908c4a757 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core import AsyncPipelineClient +from msrest import Serializer, Deserializer + +from ._configuration_async import KeyVaultClientConfiguration +from .operations_async import KeyVaultClientOperationsMixin +from .. import models + + +class KeyVaultClient(KeyVaultClientOperationsMixin): + """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. + + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials, **kwargs): + + base_url = '{vaultBaseUrl}' + self._config = KeyVaultClientConfiguration(credentials, **kwargs) + self._client = AsyncPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '7.1-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + + async def close(self): + await self._client.close() + async def __aenter__(self): + await self._client.__aenter__() + return self + async def __aexit__(self, *exc_details): + await self._client.__aexit__(*exc_details) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py new file mode 100644 index 000000000000..771a17ceb80d --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin + +__all__ = [ + 'KeyVaultClientOperationsMixin', +] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py new file mode 100644 index 000000000000..5701d4354d9b --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py @@ -0,0 +1,5224 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core.exceptions import map_error +from azure.core.async_paging import AsyncItemPaged, AsyncList +from ... import models +import uuid + + +class KeyVaultClientOperationsMixin: + + def get_certificates( + self, vault_base_url, maxresults=None, include_pending=None, *, cls=None, **kwargs): + """List certificates in a specified key vault. + + The GetCertificates operation returns the set of certificates resources + in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificates.metadata = {'url': '/certificates'} + + async def delete_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Deletes a certificate from a specified key vault. + + Deletes all versions of a certificate object along with its associated + policy. Delete certificate cannot be used to remove individual versions + of a certificate object. This operation requires the + certificates/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate.metadata = {'url': '/certificates/{certificate-name}'} + + async def set_certificate_contacts(self, vault_base_url, contact_list=None, *, cls=None, **kwargs): + """Sets the certificate contacts for the specified key vault. + + Sets the certificate contacts for the specified key vault. This + operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + contacts = models.Contacts(contact_list=contact_list) + + # Construct URL + url = self.set_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(contacts, 'Contacts') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + async def get_certificate_contacts(self, vault_base_url, *, cls=None, **kwargs): + """Lists the certificate contacts for a specified key vault. + + The GetCertificateContacts operation returns the set of certificate + contact resources in the specified key vault. This operation requires + the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + async def delete_certificate_contacts(self, vault_base_url, *, cls=None, **kwargs): + """Deletes the certificate contacts for a specified key vault. + + Deletes the certificate contacts for a specified key vault certificate. + This operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_issuers( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List certificate issuers for a specified key vault. + + The GetCertificateIssuers operation returns the set of certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateIssuerItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_issuers.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateIssuerListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificate_issuers.metadata = {'url': '/certificates/issuers'} + + async def set_certificate_issuer(self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, *, cls=None, **kwargs): + """Sets the specified certificate issuer. + + The SetCertificateIssuer operation adds or updates the specified + certificate issuer. This operation requires the certificates/setissuers + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.set_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def update_certificate_issuer(self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, *, cls=None, **kwargs): + """Updates the specified certificate issuer. + + The UpdateCertificateIssuer operation performs an update on the + specified certificate issuer entity. This operation requires the + certificates/setissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.update_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def get_certificate_issuer(self, vault_base_url, issuer_name, *, cls=None, **kwargs): + """Lists the specified certificate issuer. + + The GetCertificateIssuer operation returns the specified certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def delete_certificate_issuer(self, vault_base_url, issuer_name, *, cls=None, **kwargs): + """Deletes the specified certificate issuer. + + The DeleteCertificateIssuer operation permanently removes the specified + certificate issuer from the vault. This operation requires the + certificates/manageissuers/deleteissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def create_certificate(self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates a new certificate. + + If this is the first version, the certificate resource is created. This + operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.create_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'} + + async def import_certificate(self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Imports a certificate into a specified key vault. + + Imports an existing valid certificate, containing a private key, into + Azure Key Vault. The certificate to be imported can be in either PFX or + PEM format. If the certificate is in PEM format the PEM file must + contain the key as well as x509 certificates. This operation requires + the certificates/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param base64_encoded_certificate: Base64 encoded representation of + the certificate object to import. This certificate needs to contain + the private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.import_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateImportParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'} + + def get_certificate_versions( + self, vault_base_url, certificate_name, maxresults=None, *, cls=None, **kwargs): + """List the versions of a certificate. + + The GetCertificateVersions operation returns the versions of a + certificate in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'} + + async def get_certificate_policy(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Lists the policy for a certificate. + + The GetCertificatePolicy operation returns the specified certificate + policy resources in the specified key vault. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in a given key + vault. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + async def update_certificate_policy(self, vault_base_url, certificate_name, certificate_policy, *, cls=None, **kwargs): + """Updates the policy for a certificate. + + Set specified members in the certificate policy. Leave others as null. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_policy: The policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.update_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_policy, 'CertificatePolicy') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + async def update_certificate(self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given certificate. + + The UpdateCertificate operation applies the specified update on the + given certificate; the only elements updated are the certificate's + attributes. This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given key + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.update_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + async def get_certificate(self, vault_base_url, certificate_name, certificate_version, *, cls=None, **kwargs): + """Gets information about a certificate. + + Gets information about a specific certificate. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + async def update_certificate_operation(self, vault_base_url, certificate_name, cancellation_requested, *, cls=None, **kwargs): + """Updates a certificate operation. + + Updates a certificate creation operation that is already in progress. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param cancellation_requested: Indicates if cancellation was requested + on the certificate operation. + :type cancellation_requested: bool + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested) + + # Construct URL + url = self.update_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_operation, 'CertificateOperationUpdateParameter') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def get_certificate_operation(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Gets the creation operation of a certificate. + + Gets the creation operation associated with a specified certificate. + This operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def delete_certificate_operation(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Deletes the creation operation for a specific certificate. + + Deletes the creation operation for a specified certificate that is in + the process of being created. The certificate is no longer created. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def merge_certificate(self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Merges a certificate or a certificate chain with a key pair existing on + the server. + + The MergeCertificate operation performs the merging of a certificate or + certificate chain with a key pair currently available in the service. + This operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param x509_certificates: The certificate or the certificate chain to + merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.merge_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateMergeParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'} + + async def backup_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Backs up the specified certificate. + + Requests that a backup of the specified certificate be downloaded to + the client. All versions of the certificate will be downloaded. This + operation requires the certificates/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupCertificateResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupCertificateResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupCertificateResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_certificate.metadata = {'url': '/certificates/{certificate-name}/backup'} + + async def restore_certificate(self, vault_base_url, certificate_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up certificate to a vault. + + Restores a backed up certificate, and all its versions, to a vault. + This operation requires the certificates/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_bundle_backup: The backup blob associated with a + certificate bundle. + :type certificate_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateRestoreParameters(certificate_bundle_backup=certificate_bundle_backup) + + # Construct URL + url = self.restore_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_certificate.metadata = {'url': '/certificates/restore'} + + def get_deleted_certificates( + self, vault_base_url, maxresults=None, include_pending=None, *, cls=None, **kwargs): + """Lists the deleted certificates in the specified vault currently + available for recovery. + + The GetDeletedCertificates operation retrieves the certificates in the + current vault which are in a deleted state and ready for recovery or + purging. This operation includes deletion-specific information. This + operation requires the certificates/get/list permission. This operation + can only be enabled on soft-delete enabled vaults. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of DeletedCertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedCertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_certificates.metadata = {'url': '/deletedcertificates'} + + async def get_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Retrieves information about the specified deleted certificate. + + The GetDeletedCertificate operation retrieves the deleted certificate + information plus its attributes, such as retention interval, scheduled + permanent deletion and the current deletion recovery level. This + operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + async def purge_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Permanently deletes the specified deleted certificate. + + The PurgeDeletedCertificate operation performs an irreversible deletion + of the specified certificate, without possibility for recovery. The + operation is not available if the recovery level does not specify + 'Purgeable'. This operation requires the certificate/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + async def recover_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Recovers the deleted certificate back to its current version under + /certificates. + + The RecoverDeletedCertificate operation performs the reversal of the + Delete operation. The operation is applicable in vaults enabled for + soft-delete, and must be issued during the retention interval + (available in the deleted certificate's attributes). This operation + requires the certificates/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the deleted certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'} + + async def create_key(self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, *, cls=None, **kwargs): + """Creates a new key, stores it, then returns key parameters and + attributes to the client. + + The create key operation can be used to create any key type in Azure + Key Vault. If the named key already exists, Azure Key Vault creates a + new version of the key. It requires the keys/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name for the new key. The system will generate + the version name for the new key. + :type key_name: str + :param kty: The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', + 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or + 4096 for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', + 'P-521', 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve) + + # Construct URL + url = self.create_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_key.metadata = {'url': '/keys/{key-name}/create'} + + async def import_key(self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, *, cls=None, **kwargs): + """Imports an externally created key, stores it, and returns key + parameters and attributes to the client. + + The import key operation may be used to import any key type into an + Azure Key Vault. If the named key already exists, Azure Key Vault + creates a new version of the key. This operation requires the + keys/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: Name for the imported key. + :type key_name: str + :param key: The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.import_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyImportParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_key.metadata = {'url': '/keys/{key-name}'} + + async def delete_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Deletes a key of any type from storage in Azure Key Vault. + + The delete key operation cannot be used to remove individual versions + of a key. This operation removes the cryptographic material associated + with the key, which means the key is not usable for Sign/Verify, + Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the + keys/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to delete. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_key.metadata = {'url': '/keys/{key-name}'} + + async def update_key(self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, *, cls=None, **kwargs): + """The update key operation changes specified attributes of a stored key + and can be applied to any key type and key version stored in Azure Key + Vault. + + In order to perform this operation, the key must already exist in the + Key Vault. Note: The cryptographic material of a key itself cannot be + changed. This operation requires the keys/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of key to update. + :type key_name: str + :param key_version: The version of the key to update. + :type key_version: str + :param key_ops: Json web key operations. For more information on + possible key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.update_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + async def get_key(self, vault_base_url, key_name, key_version, *, cls=None, **kwargs): + """Gets the public part of a stored key. + + The get key operation is applicable to all key types. If the requested + key is symmetric, then no key material is released in the response. + This operation requires the keys/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to get. + :type key_name: str + :param key_version: Adding the version parameter retrieves a specific + version of a key. + :type key_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key_versions( + self, vault_base_url, key_name, maxresults=None, *, cls=None, **kwargs): + """Retrieves a list of individual key versions with the same key name. + + The full key identifier, attributes, and tags are provided in the + response. This operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_key_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_key_versions.metadata = {'url': '/keys/{key-name}/versions'} + + def get_keys( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a stored key. The LIST + operation is applicable to all key types, however only the base key + identifier, attributes, and tags are provided in the response. + Individual versions of a key are not listed in the response. This + operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_keys.metadata = {'url': '/keys'} + + async def backup_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Requests that a backup of the specified key be downloaded to the + client. + + The Key Backup operation exports a key from Azure Key Vault in a + protected form. Note that this operation does NOT return key material + in a form that can be used outside the Azure Key Vault system, the + returned key material is either protected to a Azure Key Vault HSM or + to Azure Key Vault itself. The intent of this operation is to allow a + client to GENERATE a key in one Azure Key Vault instance, BACKUP the + key, and then RESTORE it into another Azure Key Vault instance. The + BACKUP operation may be used to export, in protected form, any key type + from Azure Key Vault. Individual versions of a key cannot be backed up. + BACKUP / RESTORE can be performed within geographical boundaries only; + meaning that a BACKUP from one geographical area cannot be restored to + another geographical area. For example, a backup from the US + geographical area cannot be restored in an EU geographical area. This + operation requires the key/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupKeyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupKeyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupKeyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_key.metadata = {'url': '/keys/{key-name}/backup'} + + async def restore_key(self, vault_base_url, key_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up key to a vault. + + Imports a previously backed up key into Azure Key Vault, restoring the + key, its key identifier, attributes and access control policies. The + RESTORE operation may be used to import a previously backed up key. + Individual versions of a key cannot be restored. The key is restored in + its entirety with the same key name as it had when it was backed up. If + the key name is not available in the target Key Vault, the RESTORE + operation will be rejected. While the key name is retained during + restore, the final key identifier will change if the key is restored to + a different vault. Restore will restore all versions and preserve + version identifiers. The RESTORE operation is subject to security + constraints: The target Key Vault must be owned by the same Microsoft + Azure Subscription as the source Key Vault The user must have RESTORE + permission in the target Key Vault. This operation requires the + keys/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_bundle_backup: The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup) + + # Construct URL + url = self.restore_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_key.metadata = {'url': '/keys/restore'} + + async def encrypt(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Encrypts an arbitrary sequence of bytes using an encryption key that is + stored in a key vault. + + The ENCRYPT operation encrypts an arbitrary sequence of bytes using an + encryption key that is stored in Azure Key Vault. Note that the ENCRYPT + operation only supports a single block of data, the size of which is + dependent on the target key and the encryption algorithm to be used. + The ENCRYPT operation is only strictly necessary for symmetric keys + stored in Azure Key Vault since protection with an asymmetric key can + be performed using public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/encrypt permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.encrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'} + + async def decrypt(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Decrypts a single block of encrypted data. + + The DECRYPT operation decrypts a well-formed block of ciphertext using + the target encryption key and specified algorithm. This operation is + the reverse of the ENCRYPT operation; only a single block of data may + be decrypted, the size of this block is dependent on the target key and + the algorithm to be used. The DECRYPT operation applies to asymmetric + and symmetric keys stored in Azure Key Vault since it uses the private + portion of the key. This operation requires the keys/decrypt + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.decrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'} + + async def sign(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Creates a signature from a digest using the specified key. + + The SIGN operation is applicable to asymmetric and symmetric keys + stored in Azure Key Vault since this operation uses the private portion + of the key. This operation requires the keys/sign permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm identifier. For + more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeySignParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.sign.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeySignParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'} + + async def verify(self, vault_base_url, key_name, key_version, algorithm, digest, signature, *, cls=None, **kwargs): + """Verifies a signature using a specified key. + + The VERIFY operation is applicable to symmetric keys stored in Azure + Key Vault. VERIFY is not strictly necessary for asymmetric keys stored + in Azure Key Vault since signature verification can be performed using + the public portion of the key but this operation is supported as a + convenience for callers that only have a key-reference and not the + public portion of the key. This operation requires the keys/verify + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm. For more + information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: The digest used for signing. + :type digest: bytes + :param signature: The signature to be verified. + :type signature: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyVerifyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyVerifyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature) + + # Construct URL + url = self.verify.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyVerifyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyVerifyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'} + + async def wrap_key(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Wraps a symmetric key using a specified key. + + The WRAP operation supports encryption of a symmetric key using a key + encryption key that has previously been stored in an Azure Key Vault. + The WRAP operation is only strictly necessary for symmetric keys stored + in Azure Key Vault since protection with an asymmetric key can be + performed using the public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/wrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.wrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'} + + async def unwrap_key(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Unwraps a symmetric key using the specified key that was initially used + for wrapping that key. + + The UNWRAP operation supports decryption of a symmetric key using the + target key encryption key. This operation is the reverse of the WRAP + operation. The UNWRAP operation applies to asymmetric and symmetric + keys stored in Azure Key Vault since it uses the private portion of the + key. This operation requires the keys/unwrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.unwrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'} + + def get_deleted_keys( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists the deleted keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a deleted key. This + operation includes deletion-specific information. The Get Deleted Keys + operation is applicable for vaults enabled for soft-delete. While the + operation can be invoked on any vault, it will return an error if + invoked on a non soft-delete enabled vault. This operation requires the + keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedKeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedKeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedKeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_keys.metadata = {'url': '/deletedkeys'} + + async def get_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Gets the public part of a deleted key. + + The Get Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/get permission. . + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + async def purge_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Permanently deletes the specified key. + + The Purge Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + async def recover_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Recovers the deleted key to its latest version. + + The Recover Deleted Key operation is applicable for deleted keys in + soft-delete enabled vaults. It recovers the deleted key back to its + latest version under /keys. An attempt to recover an non-deleted key + will return an error. Consider this the inverse of the delete operation + on soft-delete enabled vaults. This operation requires the keys/recover + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the deleted key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'} + + async def set_secret(self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, *, cls=None, **kwargs): + """Sets a secret in a specified key vault. + + The SET operation adds a secret to the Azure Key Vault. If the named + secret already exists, Azure Key Vault creates a new version of that + secret. This operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param value: The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes) + + # Construct URL + url = self.set_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_secret.metadata = {'url': '/secrets/{secret-name}'} + + async def delete_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Deletes a secret from a specified key vault. + + The DELETE operation applies to any secret stored in Azure Key Vault. + DELETE cannot be applied to an individual version of a secret. This + operation requires the secrets/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_secret.metadata = {'url': '/secrets/{secret-name}'} + + async def update_secret(self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the attributes associated with a specified secret in a given + key vault. + + The UPDATE operation changes specified attributes of an existing stored + secret. Attributes that are not specified in the request are left + unchanged. The value of a secret itself cannot be changed. This + operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags) + + # Construct URL + url = self.update_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + async def get_secret(self, vault_base_url, secret_name, secret_version, *, cls=None, **kwargs): + """Get a specified secret from a given key vault. + + The GET operation is applicable to any secret stored in Azure Key + Vault. This operation requires the secrets/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secrets( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List secrets in a specified key vault. + + The Get Secrets operation is applicable to the entire vault. However, + only the base secret identifier and its attributes are provided in the + response. Individual secret versions are not listed in the response. + This operation requires the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_secrets.metadata = {'url': '/secrets'} + + def get_secret_versions( + self, vault_base_url, secret_name, maxresults=None, *, cls=None, **kwargs): + """List all versions of the specified secret. + + The full secret identifier and attributes are provided in the response. + No values are returned for the secrets. This operations requires the + secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secret_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'} + + def get_deleted_secrets( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists deleted secrets for the specified vault. + + The Get Deleted Secrets operation returns the secrets that have been + deleted for a vault enabled for soft-delete. This operation requires + the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedSecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedSecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_secrets.metadata = {'url': '/deletedsecrets'} + + async def get_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Gets the specified deleted secret. + + The Get Deleted Secret operation returns the specified deleted secret + along with its attributes. This operation requires the secrets/get + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + async def purge_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Permanently deletes the specified secret. + + The purge deleted secret operation removes the secret permanently, + without the possibility of recovery. This operation can only be enabled + on a soft-delete enabled vault. This operation requires the + secrets/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + async def recover_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Recovers the deleted secret to the latest version. + + Recovers the deleted secret in the specified vault. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the secrets/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the deleted secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'} + + async def backup_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Backs up the specified secret. + + Requests that a backup of the specified secret be downloaded to the + client. All versions of the secret will be downloaded. This operation + requires the secrets/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupSecretResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupSecretResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupSecretResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'} + + async def restore_secret(self, vault_base_url, secret_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up secret to a vault. + + Restores a backed up secret, and all its versions, to a vault. This + operation requires the secrets/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_bundle_backup: The backup blob associated with a secret + bundle. + :type secret_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup) + + # Construct URL + url = self.restore_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_secret.metadata = {'url': '/secrets/restore'} + + def get_storage_accounts( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List storage accounts managed by the specified key vault. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of StorageAccountItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.StorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('StorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_storage_accounts.metadata = {'url': '/storage'} + + def get_deleted_storage_accounts( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists deleted storage accounts for the specified vault. + + The Get Deleted Storage Accounts operation returns the storage accounts + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedStorageAccountItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedStorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_storage_accounts.metadata = {'url': '/deletedstorage'} + + async def get_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Gets the specified deleted storage account. + + The Get Deleted Storage Account operation returns the specified deleted + storage account along with its attributes. This operation requires the + storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + async def purge_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Permanently deletes the specified storage account. + + The purge deleted storage account operation removes the secret + permanently, without the possibility of recovery. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the storage/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + async def recover_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Recovers the deleted storage account. + + Recovers the deleted storage account in the specified vault. This + operation can only be performed on a soft-delete enabled vault. This + operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}/recover'} + + async def backup_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Backs up the specified storage account. + + Requests that a backup of the specified storage account be downloaded + to the client. This operation requires the storage/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupStorageResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupStorageResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupStorageResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_storage_account.metadata = {'url': '/storage/{storage-account-name}/backup'} + + async def restore_storage_account(self, vault_base_url, storage_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up storage account to a vault. + + Restores a backed up storage account to a vault. This operation + requires the storage/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_bundle_backup: The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageRestoreParameters(storage_bundle_backup=storage_bundle_backup) + + # Construct URL + url = self.restore_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_storage_account.metadata = {'url': '/storage/restore'} + + async def delete_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Deletes a storage account. This operation requires the storage/delete + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def get_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Gets information about a specified storage account. This operation + requires the storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def set_storage_account(self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates or updates a new storage account. This operation requires the + storage/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param resource_id: Storage account resource id. + :type resource_id: str + :param active_key_name: Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.set_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def update_storage_account(self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given storage + account. This operation requires the storage/set/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.update_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def regenerate_storage_account_key(self, vault_base_url, storage_account_name, key_name, *, cls=None, **kwargs): + """Regenerates the specified key value for the given storage account. This + operation requires the storage/regeneratekey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param key_name: The storage account key name. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name) + + # Construct URL + url = self.regenerate_storage_account_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountRegenerteKeyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'} + + def get_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, *, cls=None, **kwargs): + """List storage SAS definitions for the given storage account. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SasDefinitionItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'} + + def get_deleted_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, *, cls=None, **kwargs): + """Lists deleted SAS definitions for the specified vault and storage + account. + + The Get Deleted Sas Definitions operation returns the SAS definitions + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSasDefinitionItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedSasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_sas_definitions.metadata = {'url': '/deletedstorage/{storage-account-name}/sas'} + + async def get_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Gets the specified deleted sas definition. + + The Get Deleted SAS Definition operation returns the specified deleted + SAS definition along with its attributes. This operation requires the + storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}'} + + async def recover_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Recovers the deleted SAS definition. + + Recovers the deleted SAS definition for the specified storage account. + This operation can only be performed on a soft-delete enabled vault. + This operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}/recover'} + + async def delete_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Deletes a SAS definition from a specified storage account. This + operation requires the storage/deletesas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def get_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Gets information about a SAS definition for the specified storage + account. This operation requires the storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def set_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri, sas_type, validity_period, sas_definition_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates or updates a new SAS definition for the specified storage + account. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionCreateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.set_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def update_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri=None, sas_type=None, validity_period=None, sas_definition_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given SAS + definition. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionUpdateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.update_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/__init__.py new file mode 100644 index 000000000000..68ccf6d2e5f5 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/__init__.py @@ -0,0 +1,303 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import Action + from ._models_py3 import AdministratorDetails + from ._models_py3 import Attributes + from ._models_py3 import BackupCertificateResult + from ._models_py3 import BackupKeyResult + from ._models_py3 import BackupSecretResult + from ._models_py3 import BackupStorageResult + from ._models_py3 import CertificateAttributes + from ._models_py3 import CertificateBundle + from ._models_py3 import CertificateCreateParameters + from ._models_py3 import CertificateImportParameters + from ._models_py3 import CertificateIssuerItem + from ._models_py3 import CertificateIssuerListResult + from ._models_py3 import CertificateIssuerSetParameters + from ._models_py3 import CertificateIssuerUpdateParameters + from ._models_py3 import CertificateItem + from ._models_py3 import CertificateListResult + from ._models_py3 import CertificateMergeParameters + from ._models_py3 import CertificateOperation + from ._models_py3 import CertificateOperationUpdateParameter + from ._models_py3 import CertificatePolicy + from ._models_py3 import CertificateRestoreParameters + from ._models_py3 import CertificateUpdateParameters + from ._models_py3 import Contact + from ._models_py3 import Contacts + from ._models_py3 import DeletedCertificateBundle + from ._models_py3 import DeletedCertificateItem + from ._models_py3 import DeletedCertificateListResult + from ._models_py3 import DeletedKeyBundle + from ._models_py3 import DeletedKeyItem + from ._models_py3 import DeletedKeyListResult + from ._models_py3 import DeletedSasDefinitionBundle + from ._models_py3 import DeletedSasDefinitionItem + from ._models_py3 import DeletedSasDefinitionListResult + from ._models_py3 import DeletedSecretBundle + from ._models_py3 import DeletedSecretItem + from ._models_py3 import DeletedSecretListResult + from ._models_py3 import DeletedStorageAccountItem + from ._models_py3 import DeletedStorageBundle + from ._models_py3 import DeletedStorageListResult + from ._models_py3 import Error + from ._models_py3 import IssuerAttributes + from ._models_py3 import IssuerBundle + from ._models_py3 import IssuerCredentials + from ._models_py3 import IssuerParameters + from ._models_py3 import JsonWebKey + from ._models_py3 import KeyAttributes + from ._models_py3 import KeyBundle + from ._models_py3 import KeyCreateParameters + from ._models_py3 import KeyImportParameters + from ._models_py3 import KeyItem + from ._models_py3 import KeyListResult + from ._models_py3 import KeyOperationResult + from ._models_py3 import KeyOperationsParameters + from ._models_py3 import KeyProperties + from ._models_py3 import KeyRestoreParameters + from ._models_py3 import KeySignParameters + from ._models_py3 import KeyUpdateParameters + from ._models_py3 import KeyVaultError, KeyVaultErrorException + from ._models_py3 import KeyVerifyParameters + from ._models_py3 import KeyVerifyResult + from ._models_py3 import LifetimeAction + from ._models_py3 import OrganizationDetails + from ._models_py3 import PendingCertificateSigningRequestResult + from ._models_py3 import SasDefinitionAttributes + from ._models_py3 import SasDefinitionBundle + from ._models_py3 import SasDefinitionCreateParameters + from ._models_py3 import SasDefinitionItem + from ._models_py3 import SasDefinitionListResult + from ._models_py3 import SasDefinitionUpdateParameters + from ._models_py3 import SecretAttributes + from ._models_py3 import SecretBundle + from ._models_py3 import SecretItem + from ._models_py3 import SecretListResult + from ._models_py3 import SecretProperties + from ._models_py3 import SecretRestoreParameters + from ._models_py3 import SecretSetParameters + from ._models_py3 import SecretUpdateParameters + from ._models_py3 import StorageAccountAttributes + from ._models_py3 import StorageAccountCreateParameters + from ._models_py3 import StorageAccountItem + from ._models_py3 import StorageAccountRegenerteKeyParameters + from ._models_py3 import StorageAccountUpdateParameters + from ._models_py3 import StorageBundle + from ._models_py3 import StorageListResult + from ._models_py3 import StorageRestoreParameters + from ._models_py3 import SubjectAlternativeNames + from ._models_py3 import Trigger + from ._models_py3 import X509CertificateProperties +except (SyntaxError, ImportError): + from ._models import Action + from ._models import AdministratorDetails + from ._models import Attributes + from ._models import BackupCertificateResult + from ._models import BackupKeyResult + from ._models import BackupSecretResult + from ._models import BackupStorageResult + from ._models import CertificateAttributes + from ._models import CertificateBundle + from ._models import CertificateCreateParameters + from ._models import CertificateImportParameters + from ._models import CertificateIssuerItem + from ._models import CertificateIssuerListResult + from ._models import CertificateIssuerSetParameters + from ._models import CertificateIssuerUpdateParameters + from ._models import CertificateItem + from ._models import CertificateListResult + from ._models import CertificateMergeParameters + from ._models import CertificateOperation + from ._models import CertificateOperationUpdateParameter + from ._models import CertificatePolicy + from ._models import CertificateRestoreParameters + from ._models import CertificateUpdateParameters + from ._models import Contact + from ._models import Contacts + from ._models import DeletedCertificateBundle + from ._models import DeletedCertificateItem + from ._models import DeletedCertificateListResult + from ._models import DeletedKeyBundle + from ._models import DeletedKeyItem + from ._models import DeletedKeyListResult + from ._models import DeletedSasDefinitionBundle + from ._models import DeletedSasDefinitionItem + from ._models import DeletedSasDefinitionListResult + from ._models import DeletedSecretBundle + from ._models import DeletedSecretItem + from ._models import DeletedSecretListResult + from ._models import DeletedStorageAccountItem + from ._models import DeletedStorageBundle + from ._models import DeletedStorageListResult + from ._models import Error + from ._models import IssuerAttributes + from ._models import IssuerBundle + from ._models import IssuerCredentials + from ._models import IssuerParameters + from ._models import JsonWebKey + from ._models import KeyAttributes + from ._models import KeyBundle + from ._models import KeyCreateParameters + from ._models import KeyImportParameters + from ._models import KeyItem + from ._models import KeyListResult + from ._models import KeyOperationResult + from ._models import KeyOperationsParameters + from ._models import KeyProperties + from ._models import KeyRestoreParameters + from ._models import KeySignParameters + from ._models import KeyUpdateParameters + from ._models import KeyVaultError, KeyVaultErrorException + from ._models import KeyVerifyParameters + from ._models import KeyVerifyResult + from ._models import LifetimeAction + from ._models import OrganizationDetails + from ._models import PendingCertificateSigningRequestResult + from ._models import SasDefinitionAttributes + from ._models import SasDefinitionBundle + from ._models import SasDefinitionCreateParameters + from ._models import SasDefinitionItem + from ._models import SasDefinitionListResult + from ._models import SasDefinitionUpdateParameters + from ._models import SecretAttributes + from ._models import SecretBundle + from ._models import SecretItem + from ._models import SecretListResult + from ._models import SecretProperties + from ._models import SecretRestoreParameters + from ._models import SecretSetParameters + from ._models import SecretUpdateParameters + from ._models import StorageAccountAttributes + from ._models import StorageAccountCreateParameters + from ._models import StorageAccountItem + from ._models import StorageAccountRegenerteKeyParameters + from ._models import StorageAccountUpdateParameters + from ._models import StorageBundle + from ._models import StorageListResult + from ._models import StorageRestoreParameters + from ._models import SubjectAlternativeNames + from ._models import Trigger + from ._models import X509CertificateProperties +from ._key_vault_client_enums import ( + DeletionRecoveryLevel, + JsonWebKeyType, + JsonWebKeyCurveName, + KeyUsageType, + ActionType, + JsonWebKeyOperation, + JsonWebKeyEncryptionAlgorithm, + JsonWebKeySignatureAlgorithm, + SasTokenType, +) + +__all__ = [ + 'Action', + 'AdministratorDetails', + 'Attributes', + 'BackupCertificateResult', + 'BackupKeyResult', + 'BackupSecretResult', + 'BackupStorageResult', + 'CertificateAttributes', + 'CertificateBundle', + 'CertificateCreateParameters', + 'CertificateImportParameters', + 'CertificateIssuerItem', + 'CertificateIssuerListResult', + 'CertificateIssuerSetParameters', + 'CertificateIssuerUpdateParameters', + 'CertificateItem', + 'CertificateListResult', + 'CertificateMergeParameters', + 'CertificateOperation', + 'CertificateOperationUpdateParameter', + 'CertificatePolicy', + 'CertificateRestoreParameters', + 'CertificateUpdateParameters', + 'Contact', + 'Contacts', + 'DeletedCertificateBundle', + 'DeletedCertificateItem', + 'DeletedCertificateListResult', + 'DeletedKeyBundle', + 'DeletedKeyItem', + 'DeletedKeyListResult', + 'DeletedSasDefinitionBundle', + 'DeletedSasDefinitionItem', + 'DeletedSasDefinitionListResult', + 'DeletedSecretBundle', + 'DeletedSecretItem', + 'DeletedSecretListResult', + 'DeletedStorageAccountItem', + 'DeletedStorageBundle', + 'DeletedStorageListResult', + 'Error', + 'IssuerAttributes', + 'IssuerBundle', + 'IssuerCredentials', + 'IssuerParameters', + 'JsonWebKey', + 'KeyAttributes', + 'KeyBundle', + 'KeyCreateParameters', + 'KeyImportParameters', + 'KeyItem', + 'KeyListResult', + 'KeyOperationResult', + 'KeyOperationsParameters', + 'KeyProperties', + 'KeyRestoreParameters', + 'KeySignParameters', + 'KeyUpdateParameters', + 'KeyVaultError', 'KeyVaultErrorException', + 'KeyVerifyParameters', + 'KeyVerifyResult', + 'LifetimeAction', + 'OrganizationDetails', + 'PendingCertificateSigningRequestResult', + 'SasDefinitionAttributes', + 'SasDefinitionBundle', + 'SasDefinitionCreateParameters', + 'SasDefinitionItem', + 'SasDefinitionListResult', + 'SasDefinitionUpdateParameters', + 'SecretAttributes', + 'SecretBundle', + 'SecretItem', + 'SecretListResult', + 'SecretProperties', + 'SecretRestoreParameters', + 'SecretSetParameters', + 'SecretUpdateParameters', + 'StorageAccountAttributes', + 'StorageAccountCreateParameters', + 'StorageAccountItem', + 'StorageAccountRegenerteKeyParameters', + 'StorageAccountUpdateParameters', + 'StorageBundle', + 'StorageListResult', + 'StorageRestoreParameters', + 'SubjectAlternativeNames', + 'Trigger', + 'X509CertificateProperties', + 'DeletionRecoveryLevel', + 'JsonWebKeyType', + 'JsonWebKeyCurveName', + 'KeyUsageType', + 'ActionType', + 'JsonWebKeyOperation', + 'JsonWebKeyEncryptionAlgorithm', + 'JsonWebKeySignatureAlgorithm', + 'SasTokenType', +] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py new file mode 100644 index 000000000000..936353e5bb83 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py @@ -0,0 +1,98 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum + + +class DeletionRecoveryLevel(str, Enum): + + purgeable = "Purgeable" + recoverable_purgeable = "Recoverable+Purgeable" + recoverable = "Recoverable" + recoverable_protected_subscription = "Recoverable+ProtectedSubscription" + customized_recoverable_purgeable = "CustomizedRecoverable+Purgeable" + customized_recoverable = "CustomizedRecoverable" + customized_recoverable_protected_subscription = "CustomizedRecoverable+ProtectedSubscription" + + +class JsonWebKeyType(str, Enum): + + ec = "EC" + ec_hsm = "EC-HSM" + rsa = "RSA" + rsa_hsm = "RSA-HSM" + oct = "oct" + + +class JsonWebKeyCurveName(str, Enum): + + p_256 = "P-256" + p_384 = "P-384" + p_521 = "P-521" + p_256_k = "P-256K" + + +class KeyUsageType(str, Enum): + + digital_signature = "digitalSignature" + non_repudiation = "nonRepudiation" + key_encipherment = "keyEncipherment" + data_encipherment = "dataEncipherment" + key_agreement = "keyAgreement" + key_cert_sign = "keyCertSign" + c_rl_sign = "cRLSign" + encipher_only = "encipherOnly" + decipher_only = "decipherOnly" + + +class ActionType(str, Enum): + + email_contacts = "EmailContacts" + auto_renew = "AutoRenew" + + +class JsonWebKeyOperation(str, Enum): + + encrypt = "encrypt" + decrypt = "decrypt" + sign = "sign" + verify = "verify" + wrap_key = "wrapKey" + unwrap_key = "unwrapKey" + import_enum = "import" + + +class JsonWebKeyEncryptionAlgorithm(str, Enum): + + rsa_oaep = "RSA-OAEP" + rsa_oaep_256 = "RSA-OAEP-256" + rsa1_5 = "RSA1_5" + + +class JsonWebKeySignatureAlgorithm(str, Enum): + + ps256 = "PS256" #: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 + ps384 = "PS384" #: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 + ps512 = "PS512" #: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 + rs256 = "RS256" #: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 + rs384 = "RS384" #: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 + rs512 = "RS512" #: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 + rsnull = "RSNULL" #: Reserved + es256 = "ES256" #: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. + es384 = "ES384" #: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 + es512 = "ES512" #: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 + es256_k = "ES256K" #: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 + + +class SasTokenType(str, Enum): + + account = "account" + service = "service" diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models.py new file mode 100644 index 000000000000..ea5379c44cc0 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models.py @@ -0,0 +1,3244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from azure.core.exceptions import HttpResponseError + + +class Action(Model): + """The action that will be executed. + + :param action_type: The type of the action. Possible values include: + 'EmailContacts', 'AutoRenew' + :type action_type: str or ~azure.keyvault.v7_1.models.ActionType + """ + + _attribute_map = { + 'action_type': {'key': 'action_type', 'type': 'ActionType'}, + } + + def __init__(self, **kwargs): + super(Action, self).__init__(**kwargs) + self.action_type = kwargs.get('action_type', None) + + +class AdministratorDetails(Model): + """Details of the organization administrator of the certificate issuer. + + :param first_name: First name. + :type first_name: str + :param last_name: Last name. + :type last_name: str + :param email_address: Email address. + :type email_address: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'first_name': {'key': 'first_name', 'type': 'str'}, + 'last_name': {'key': 'last_name', 'type': 'str'}, + 'email_address': {'key': 'email', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AdministratorDetails, self).__init__(**kwargs) + self.first_name = kwargs.get('first_name', None) + self.last_name = kwargs.get('last_name', None) + self.email_address = kwargs.get('email_address', None) + self.phone = kwargs.get('phone', None) + + +class Attributes(Model): + """The object attributes managed by the KeyVault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(Attributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.not_before = kwargs.get('not_before', None) + self.expires = kwargs.get('expires', None) + self.created = None + self.updated = None + + +class BackupCertificateResult(Model): + """The backup certificate result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up certificate. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupCertificateResult, self).__init__(**kwargs) + self.value = None + + +class BackupKeyResult(Model): + """The backup key result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up key. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupKeyResult, self).__init__(**kwargs) + self.value = None + + +class BackupSecretResult(Model): + """The backup secret result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up secret. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupSecretResult, self).__init__(**kwargs) + self.value = None + + +class BackupStorageResult(Model): + """The backup storage result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up storage account. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupStorageResult, self).__init__(**kwargs) + self.value = None + + +class CertificateAttributes(Attributes): + """The certificate management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for certificates in the current vault. If it contains 'Purgeable', + the certificate can be permanently deleted by a privileged user; + otherwise, only the system can purge the certificate, at the end of the + retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class CertificateBundle(Model): + """A certificate bundle consists of a certificate (X509) plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateBundle, self).__init__(**kwargs) + self.id = None + self.kid = None + self.sid = None + self.x509_thumbprint = None + self.policy = None + self.cer = kwargs.get('cer', None) + self.content_type = kwargs.get('content_type', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateCreateParameters(Model): + """The certificate create parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateCreateParameters, self).__init__(**kwargs) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateImportParameters(Model): + """The certificate import parameters. + + All required parameters must be populated in order to send to Azure. + + :param base64_encoded_certificate: Required. Base64 encoded representation + of the certificate object to import. This certificate needs to contain the + private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'base64_encoded_certificate': {'required': True}, + } + + _attribute_map = { + 'base64_encoded_certificate': {'key': 'value', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateImportParameters, self).__init__(**kwargs) + self.base64_encoded_certificate = kwargs.get('base64_encoded_certificate', None) + self.password = kwargs.get('password', None) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateIssuerItem(Model): + """The certificate issuer item containing certificate issuer metadata. + + :param id: Certificate Identifier. + :type id: str + :param provider: The issuer provider. + :type provider: str + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.provider = kwargs.get('provider', None) + + +class CertificateIssuerListResult(Model): + """The certificate issuer list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificate issuers + in the key vault along with a link to the next page of certificate + issuers. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :ivar next_link: The URL to get the next set of certificate issuers. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateIssuerItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateIssuerSetParameters(Model): + """The certificate issuer set parameters. + + All required parameters must be populated in order to send to Azure. + + :param provider: Required. The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'provider': {'required': True}, + } + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerSetParameters, self).__init__(**kwargs) + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateIssuerUpdateParameters(Model): + """The certificate issuer update parameters. + + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerUpdateParameters, self).__init__(**kwargs) + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateItem(Model): + """The certificate item containing certificate metadata. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(CertificateItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.x509_thumbprint = kwargs.get('x509_thumbprint', None) + + +class CertificateListResult(Model): + """The certificate list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificates in the + key vault along with a link to the next page of certificates. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateItem] + :ivar next_link: The URL to get the next set of certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateMergeParameters(Model): + """The certificate merge parameters. + + All required parameters must be populated in order to send to Azure. + + :param x509_certificates: Required. The certificate or the certificate + chain to merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'x509_certificates': {'required': True}, + } + + _attribute_map = { + 'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateMergeParameters, self).__init__(**kwargs) + self.x509_certificates = kwargs.get('x509_certificates', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateOperation(Model): + """A certificate operation is returned in case of asynchronous requests. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param csr: The certificate signing request (CSR) that is being used in + the certificate operation. + :type csr: bytearray + :param cancellation_requested: Indicates if cancellation was requested on + the certificate operation. + :type cancellation_requested: bool + :param status: Status of the certificate operation. + :type status: str + :param status_details: The status details of the certificate operation. + :type status_details: str + :param error: Error encountered, if any, during the certificate operation. + :type error: ~azure.keyvault.v7_1.models.Error + :param target: Location which contains the result of the certificate + operation. + :type target: str + :param request_id: Identifier for the certificate operation. + :type request_id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'csr': {'key': 'csr', 'type': 'bytearray'}, + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + 'status': {'key': 'status', 'type': 'str'}, + 'status_details': {'key': 'status_details', 'type': 'str'}, + 'error': {'key': 'error', 'type': 'Error'}, + 'target': {'key': 'target', 'type': 'str'}, + 'request_id': {'key': 'request_id', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateOperation, self).__init__(**kwargs) + self.id = None + self.issuer_parameters = kwargs.get('issuer_parameters', None) + self.csr = kwargs.get('csr', None) + self.cancellation_requested = kwargs.get('cancellation_requested', None) + self.status = kwargs.get('status', None) + self.status_details = kwargs.get('status_details', None) + self.error = kwargs.get('error', None) + self.target = kwargs.get('target', None) + self.request_id = kwargs.get('request_id', None) + + +class CertificateOperationUpdateParameter(Model): + """The certificate operation update parameters. + + All required parameters must be populated in order to send to Azure. + + :param cancellation_requested: Required. Indicates if cancellation was + requested on the certificate operation. + :type cancellation_requested: bool + """ + + _validation = { + 'cancellation_requested': {'required': True}, + } + + _attribute_map = { + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(CertificateOperationUpdateParameter, self).__init__(**kwargs) + self.cancellation_requested = kwargs.get('cancellation_requested', None) + + +class CertificatePolicy(Model): + """Management policy for a certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param key_properties: Properties of the key backing a certificate. + :type key_properties: ~azure.keyvault.v7_1.models.KeyProperties + :param secret_properties: Properties of the secret backing a certificate. + :type secret_properties: ~azure.keyvault.v7_1.models.SecretProperties + :param x509_certificate_properties: Properties of the X509 component of a + certificate. + :type x509_certificate_properties: + ~azure.keyvault.v7_1.models.X509CertificateProperties + :param lifetime_actions: Actions that will be performed by Key Vault over + the lifetime of a certificate. + :type lifetime_actions: list[~azure.keyvault.v7_1.models.LifetimeAction] + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'key_properties': {'key': 'key_props', 'type': 'KeyProperties'}, + 'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'}, + 'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'}, + 'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificatePolicy, self).__init__(**kwargs) + self.id = None + self.key_properties = kwargs.get('key_properties', None) + self.secret_properties = kwargs.get('secret_properties', None) + self.x509_certificate_properties = kwargs.get('x509_certificate_properties', None) + self.lifetime_actions = kwargs.get('lifetime_actions', None) + self.issuer_parameters = kwargs.get('issuer_parameters', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateRestoreParameters(Model): + """The certificate restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param certificate_bundle_backup: Required. The backup blob associated + with a certificate bundle. + :type certificate_bundle_backup: bytes + """ + + _validation = { + 'certificate_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'certificate_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(CertificateRestoreParameters, self).__init__(**kwargs) + self.certificate_bundle_backup = kwargs.get('certificate_bundle_backup', None) + + +class CertificateUpdateParameters(Model): + """The certificate update parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateUpdateParameters, self).__init__(**kwargs) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class Contact(Model): + """The contact information for the vault certificates. + + :param email_address: Email address. + :type email_address: str + :param name: Name. + :type name: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'email_address': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Contact, self).__init__(**kwargs) + self.email_address = kwargs.get('email_address', None) + self.name = kwargs.get('name', None) + self.phone = kwargs.get('phone', None) + + +class Contacts(Model): + """The contacts for the vault certificates. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the contacts collection. + :vartype id: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'contact_list': {'key': 'contacts', 'type': '[Contact]'}, + } + + def __init__(self, **kwargs): + super(Contacts, self).__init__(**kwargs) + self.id = None + self.contact_list = kwargs.get('contact_list', None) + + +class DeletedCertificateBundle(CertificateBundle): + """A Deleted Certificate consisting of its previous id, attributes and its + tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateItem(CertificateItem): + """The deleted certificate item containing metadata about the deleted + certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateListResult(Model): + """A list of certificates that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted certificates + in the vault along with a link to the next page of deleted certificates + :vartype value: list[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :ivar next_link: The URL to get the next set of deleted certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedCertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyBundle(Model): + """A KeyBundle consisting of a WebKey plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyBundle, self).__init__(**kwargs) + self.key = kwargs.get('key', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.managed = None + + +class DeletedKeyBundle(KeyBundle): + """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion + info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class KeyItem(Model): + """The key item containing key metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyItem, self).__init__(**kwargs) + self.kid = kwargs.get('kid', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.managed = None + + +class DeletedKeyItem(KeyItem): + """The deleted key item containing the deleted key metadata and information + about deletion. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedKeyListResult(Model): + """A list of keys that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted keys in the + vault along with a link to the next page of deleted keys + :vartype value: list[~azure.keyvault.v7_1.models.DeletedKeyItem] + :ivar next_link: The URL to get the next set of deleted keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedKeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionBundle(Model): + """A SAS definition bundle consists of key vault SAS definition details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionBundle, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.template_uri = None + self.sas_type = None + self.validity_period = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionBundle(SasDefinitionBundle): + """A deleted SAS definition bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class SasDefinitionItem(Model): + """The SAS definition item containing storage SAS definition metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionItem, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionItem(SasDefinitionItem): + """The deleted SAS definition item containing metadata about the deleted SAS + definition. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSasDefinitionListResult(Model): + """The deleted SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted SAS + definitions in the vault along with a link to the next page of deleted sas + definitions + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :ivar next_link: The URL to get the next set of deleted SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretBundle(Model): + """A secret consisting of a value, id and its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(SecretBundle, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.id = kwargs.get('id', None) + self.content_type = kwargs.get('content_type', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.kid = None + self.managed = None + + +class DeletedSecretBundle(SecretBundle): + """A Deleted Secret consisting of its previous id, attributes and its tags, as + well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class SecretItem(Model): + """The secret item containing secret metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(SecretItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.content_type = kwargs.get('content_type', None) + self.managed = None + + +class DeletedSecretItem(SecretItem): + """The deleted secret item containing metadata about the deleted secret. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSecretListResult(Model): + """The deleted secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted secrets + in the vault along with a link to the next page of deleted secrets + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSecretItem] + :ivar next_link: The URL to get the next set of deleted secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageAccountItem(Model): + """The storage account item containing storage account metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountItem, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.attributes = None + self.tags = None + + +class DeletedStorageAccountItem(StorageAccountItem): + """The deleted storage account item containing metadata about the deleted + storage account. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageAccountItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class StorageBundle(Model): + """A Storage account bundle consists of key vault storage account details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageBundle, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.active_key_name = None + self.auto_regenerate_key = None + self.regeneration_period = None + self.attributes = None + self.tags = None + + +class DeletedStorageBundle(StorageBundle): + """A deleted storage account bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedStorageListResult(Model): + """The deleted storage account list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted storage + accounts in the vault along with a link to the next page of deleted + storage accounts + :vartype value: + list[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :ivar next_link: The URL to get the next set of deleted storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedStorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class Error(Model): + """The key vault server error. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar inner_error: + :vartype inner_error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'inner_error': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'inner_error': {'key': 'innererror', 'type': 'Error'}, + } + + def __init__(self, **kwargs): + super(Error, self).__init__(**kwargs) + self.code = None + self.message = None + self.inner_error = None + + +class IssuerAttributes(Model): + """The attributes of an issuer managed by the Key Vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the issuer is enabled. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(IssuerAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + + +class IssuerBundle(Model): + """The issuer for Key Vault certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the issuer object. + :vartype id: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(IssuerBundle, self).__init__(**kwargs) + self.id = None + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class IssuerCredentials(Model): + """The credentials to be used for the certificate issuer. + + :param account_id: The user name/account name/account id. + :type account_id: str + :param password: The password/secret/account key. + :type password: str + """ + + _attribute_map = { + 'account_id': {'key': 'account_id', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IssuerCredentials, self).__init__(**kwargs) + self.account_id = kwargs.get('account_id', None) + self.password = kwargs.get('password', None) + + +class IssuerParameters(Model): + """Parameters for the issuer of the X509 component of a certificate. + + :param name: Name of the referenced issuer object or reserved names; for + example, 'Self' or 'Unknown'. + :type name: str + :param certificate_type: Certificate type as supported by the provider + (optional); for example 'OV-SSL', 'EV-SSL' + :type certificate_type: str + :param certificate_transparency: Indicates if the certificates generated + under this policy should be published to certificate transparency logs. + :type certificate_transparency: bool + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'certificate_type': {'key': 'cty', 'type': 'str'}, + 'certificate_transparency': {'key': 'cert_transparency', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(IssuerParameters, self).__init__(**kwargs) + self.name = kwargs.get('name', None) + self.certificate_type = kwargs.get('certificate_type', None) + self.certificate_transparency = kwargs.get('certificate_transparency', None) + + +class JsonWebKey(Model): + """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. + + :param kid: Key identifier. + :type kid: str + :param kty: JsonWebKey Key Type (kty), as defined in + https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_ops: + :type key_ops: list[str] + :param n: RSA modulus. + :type n: bytes + :param e: RSA public exponent. + :type e: bytes + :param d: RSA private exponent, or the D component of an EC private key. + :type d: bytes + :param dp: RSA private key parameter. + :type dp: bytes + :param dq: RSA private key parameter. + :type dq: bytes + :param qi: RSA private key parameter. + :type qi: bytes + :param p: RSA secret prime. + :type p: bytes + :param q: RSA secret prime, with p < q. + :type q: bytes + :param k: Symmetric key. + :type k: bytes + :param t: HSM Token, used with 'Bring Your Own Key'. + :type t: bytes + :param crv: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type crv: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param x: X component of an EC public key. + :type x: bytes + :param y: Y component of an EC public key. + :type y: bytes + """ + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'n': {'key': 'n', 'type': 'base64'}, + 'e': {'key': 'e', 'type': 'base64'}, + 'd': {'key': 'd', 'type': 'base64'}, + 'dp': {'key': 'dp', 'type': 'base64'}, + 'dq': {'key': 'dq', 'type': 'base64'}, + 'qi': {'key': 'qi', 'type': 'base64'}, + 'p': {'key': 'p', 'type': 'base64'}, + 'q': {'key': 'q', 'type': 'base64'}, + 'k': {'key': 'k', 'type': 'base64'}, + 't': {'key': 'key_hsm', 'type': 'base64'}, + 'crv': {'key': 'crv', 'type': 'str'}, + 'x': {'key': 'x', 'type': 'base64'}, + 'y': {'key': 'y', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(JsonWebKey, self).__init__(**kwargs) + self.kid = kwargs.get('kid', None) + self.kty = kwargs.get('kty', None) + self.key_ops = kwargs.get('key_ops', None) + self.n = kwargs.get('n', None) + self.e = kwargs.get('e', None) + self.d = kwargs.get('d', None) + self.dp = kwargs.get('dp', None) + self.dq = kwargs.get('dq', None) + self.qi = kwargs.get('qi', None) + self.p = kwargs.get('p', None) + self.q = kwargs.get('q', None) + self.k = kwargs.get('k', None) + self.t = kwargs.get('t', None) + self.crv = kwargs.get('crv', None) + self.x = kwargs.get('x', None) + self.y = kwargs.get('y', None) + + +class KeyAttributes(Attributes): + """The attributes of a key managed by the key vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for keys in the current vault. If it contains 'Purgeable' the key + can be permanently deleted by a privileged user; otherwise, only the + system can purge the key, at the end of the retention interval. Possible + values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class KeyCreateParameters(Model): + """The key create parameters. + + All required parameters must be populated in order to send to Azure. + + :param kty: Required. The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', + 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _validation = { + 'kty': {'required': True, 'min_length': 1}, + } + + _attribute_map = { + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyCreateParameters, self).__init__(**kwargs) + self.kty = kwargs.get('kty', None) + self.key_size = kwargs.get('key_size', None) + self.key_ops = kwargs.get('key_ops', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + self.curve = kwargs.get('curve', None) + + +class KeyImportParameters(Model): + """The key import parameters. + + All required parameters must be populated in order to send to Azure. + + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key: Required. The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'key': {'required': True}, + } + + _attribute_map = { + 'hsm': {'key': 'Hsm', 'type': 'bool'}, + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(KeyImportParameters, self).__init__(**kwargs) + self.hsm = kwargs.get('hsm', None) + self.key = kwargs.get('key', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + + +class KeyListResult(Model): + """The key list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of keys in the key vault + along with a link to the next page of keys. + :vartype value: list[~azure.keyvault.v7_1.models.KeyItem] + :ivar next_link: The URL to get the next set of keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[KeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyOperationResult(Model): + """The key operation result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar kid: Key identifier + :vartype kid: str + :ivar result: + :vartype result: bytes + """ + + _validation = { + 'kid': {'readonly': True}, + 'result': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'result': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyOperationResult, self).__init__(**kwargs) + self.kid = None + self.result = None + + +class KeyOperationsParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyOperationsParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.value = kwargs.get('value', None) + + +class KeyProperties(Model): + """Properties of the key pair backing a certificate. + + :param exportable: Indicates if the private key can be exported. + :type exportable: bool + :param key_type: The type of key pair to be used for the certificate. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type key_type: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param reuse_key: Indicates if the same key pair will be used on + certificate renewal. + :type reuse_key: bool + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _attribute_map = { + 'exportable': {'key': 'exportable', 'type': 'bool'}, + 'key_type': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'reuse_key': {'key': 'reuse_key', 'type': 'bool'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyProperties, self).__init__(**kwargs) + self.exportable = kwargs.get('exportable', None) + self.key_type = kwargs.get('key_type', None) + self.key_size = kwargs.get('key_size', None) + self.reuse_key = kwargs.get('reuse_key', None) + self.curve = kwargs.get('curve', None) + + +class KeyRestoreParameters(Model): + """The key restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_bundle_backup: Required. The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + """ + + _validation = { + 'key_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'key_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyRestoreParameters, self).__init__(**kwargs) + self.key_bundle_backup = kwargs.get('key_bundle_backup', None) + + +class KeySignParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm identifier. + For more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', + 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', + 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeySignParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.value = kwargs.get('value', None) + + +class KeyUpdateParameters(Model): + """The key update parameters. + + :param key_ops: Json web key operations. For more information on possible + key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(KeyUpdateParameters, self).__init__(**kwargs) + self.key_ops = kwargs.get('key_ops', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + + +class KeyVaultError(Model): + """The key vault error exception. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar error: + :vartype error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'error': {'readonly': True}, + } + + _attribute_map = { + 'error': {'key': 'error', 'type': 'Error'}, + } + + def __init__(self, **kwargs): + super(KeyVaultError, self).__init__(**kwargs) + self.error = None + + +class KeyVaultErrorException(HttpResponseError): + """Server responsed with exception of type: 'KeyVaultError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, response, deserialize, *args): + + model_name = 'KeyVaultError' + self.error = deserialize(model_name, response) + if self.error is None: + self.error = deserialize.dependencies[model_name]() + super(KeyVaultErrorException, self).__init__(response=response) + + +class KeyVerifyParameters(Model): + """The key verify parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm. For more + information on possible algorithm types, see JsonWebKeySignatureAlgorithm. + Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', + 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: Required. The digest used for signing. + :type digest: bytes + :param signature: Required. The signature to be verified. + :type signature: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'digest': {'required': True}, + 'signature': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'digest': {'key': 'digest', 'type': 'base64'}, + 'signature': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyVerifyParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.digest = kwargs.get('digest', None) + self.signature = kwargs.get('signature', None) + + +class KeyVerifyResult(Model): + """The key verify result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: True if the signature is verified, otherwise false. + :vartype value: bool + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyVerifyResult, self).__init__(**kwargs) + self.value = None + + +class LifetimeAction(Model): + """Action and its trigger that will be performed by Key Vault over the + lifetime of a certificate. + + :param trigger: The condition that will execute the action. + :type trigger: ~azure.keyvault.v7_1.models.Trigger + :param action: The action that will be executed. + :type action: ~azure.keyvault.v7_1.models.Action + """ + + _attribute_map = { + 'trigger': {'key': 'trigger', 'type': 'Trigger'}, + 'action': {'key': 'action', 'type': 'Action'}, + } + + def __init__(self, **kwargs): + super(LifetimeAction, self).__init__(**kwargs) + self.trigger = kwargs.get('trigger', None) + self.action = kwargs.get('action', None) + + +class OrganizationDetails(Model): + """Details of the organization of the certificate issuer. + + :param id: Id of the organization. + :type id: str + :param admin_details: Details of the organization administrator. + :type admin_details: + list[~azure.keyvault.v7_1.models.AdministratorDetails] + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'}, + } + + def __init__(self, **kwargs): + super(OrganizationDetails, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.admin_details = kwargs.get('admin_details', None) + + +class PendingCertificateSigningRequestResult(Model): + """The pending certificate signing request result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The pending certificate signing request as Base64 encoded + string. + :vartype value: str + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(PendingCertificateSigningRequestResult, self).__init__(**kwargs) + self.value = None + + +class SasDefinitionAttributes(Model): + """The SAS definition management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for SAS definitions in the current vault. If it contains + 'Purgeable' the SAS definition can be permanently deleted by a privileged + user; otherwise, only the system can purge the SAS definition, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class SasDefinitionCreateParameters(Model): + """The SAS definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param template_uri: Required. The SAS definition token template signed + with an arbitrary key. Tokens created according to the SAS definition + will have the same properties as the template. + :type template_uri: str + :param sas_type: Required. The type of SAS token the SAS definition will + create. Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: Required. The validity period of SAS tokens + created according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'template_uri': {'required': True}, + 'sas_type': {'required': True}, + 'validity_period': {'required': True}, + } + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionCreateParameters, self).__init__(**kwargs) + self.template_uri = kwargs.get('template_uri', None) + self.sas_type = kwargs.get('sas_type', None) + self.validity_period = kwargs.get('validity_period', None) + self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None) + self.tags = kwargs.get('tags', None) + + +class SasDefinitionListResult(Model): + """The storage account SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of SAS definitions along + with a link to the next page of SAS definitions. + :vartype value: list[~azure.keyvault.v7_1.models.SasDefinitionItem] + :ivar next_link: The URL to get the next set of SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionUpdateParameters(Model): + """The SAS definition update parameters. + + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionUpdateParameters, self).__init__(**kwargs) + self.template_uri = kwargs.get('template_uri', None) + self.sas_type = kwargs.get('sas_type', None) + self.validity_period = kwargs.get('validity_period', None) + self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None) + self.tags = kwargs.get('tags', None) + + +class SecretAttributes(Attributes): + """The secret management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for secrets in the current vault. If it contains 'Purgeable', the + secret can be permanently deleted by a privileged user; otherwise, only + the system can purge the secret, at the end of the retention interval. + Possible values include: 'Purgeable', 'Recoverable+Purgeable', + 'Recoverable', 'Recoverable+ProtectedSubscription', + 'CustomizedRecoverable+Purgeable', 'CustomizedRecoverable', + 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class SecretListResult(Model): + """The secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of secrets in the key + vault along with a link to the next page of secrets. + :vartype value: list[~azure.keyvault.v7_1.models.SecretItem] + :ivar next_link: The URL to get the next set of secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretProperties(Model): + """Properties of the key backing a certificate. + + :param content_type: The media type (MIME type). + :type content_type: str + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretProperties, self).__init__(**kwargs) + self.content_type = kwargs.get('content_type', None) + + +class SecretRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param secret_bundle_backup: Required. The backup blob associated with a + secret bundle. + :type secret_bundle_backup: bytes + """ + + _validation = { + 'secret_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'secret_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(SecretRestoreParameters, self).__init__(**kwargs) + self.secret_bundle_backup = kwargs.get('secret_bundle_backup', None) + + +class SecretSetParameters(Model): + """The secret set parameters. + + All required parameters must be populated in order to send to Azure. + + :param value: Required. The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + } + + def __init__(self, **kwargs): + super(SecretSetParameters, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.tags = kwargs.get('tags', None) + self.content_type = kwargs.get('content_type', None) + self.secret_attributes = kwargs.get('secret_attributes', None) + + +class SecretUpdateParameters(Model): + """The secret update parameters. + + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SecretUpdateParameters, self).__init__(**kwargs) + self.content_type = kwargs.get('content_type', None) + self.secret_attributes = kwargs.get('secret_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageAccountAttributes(Model): + """The storage account management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for storage accounts in the current vault. If it contains + 'Purgeable' the storage account can be permanently deleted by a privileged + user; otherwise, only the system can purge the storage account, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageAccountAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class StorageAccountCreateParameters(Model): + """The storage account create parameters. + + All required parameters must be populated in order to send to Azure. + + :param resource_id: Required. Storage account resource id. + :type resource_id: str + :param active_key_name: Required. Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: Required. whether keyvault should manage the + storage account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'resource_id': {'required': True}, + 'active_key_name': {'required': True}, + 'auto_regenerate_key': {'required': True}, + } + + _attribute_map = { + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountCreateParameters, self).__init__(**kwargs) + self.resource_id = kwargs.get('resource_id', None) + self.active_key_name = kwargs.get('active_key_name', None) + self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None) + self.regeneration_period = kwargs.get('regeneration_period', None) + self.storage_account_attributes = kwargs.get('storage_account_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageAccountRegenerteKeyParameters(Model): + """The storage account key regenerate parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_name: Required. The storage account key name. + :type key_name: str + """ + + _validation = { + 'key_name': {'required': True}, + } + + _attribute_map = { + 'key_name': {'key': 'keyName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs) + self.key_name = kwargs.get('key_name', None) + + +class StorageAccountUpdateParameters(Model): + """The storage account update parameters. + + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountUpdateParameters, self).__init__(**kwargs) + self.active_key_name = kwargs.get('active_key_name', None) + self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None) + self.regeneration_period = kwargs.get('regeneration_period', None) + self.storage_account_attributes = kwargs.get('storage_account_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageListResult(Model): + """The storage accounts list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of storage accounts in + the key vault along with a link to the next page of storage accounts. + :vartype value: list[~azure.keyvault.v7_1.models.StorageAccountItem] + :ivar next_link: The URL to get the next set of storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[StorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param storage_bundle_backup: Required. The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + """ + + _validation = { + 'storage_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'storage_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(StorageRestoreParameters, self).__init__(**kwargs) + self.storage_bundle_backup = kwargs.get('storage_bundle_backup', None) + + +class SubjectAlternativeNames(Model): + """The subject alternate names of a X509 object. + + :param emails: Email addresses. + :type emails: list[str] + :param dns_names: Domain names. + :type dns_names: list[str] + :param upns: User principal names. + :type upns: list[str] + """ + + _attribute_map = { + 'emails': {'key': 'emails', 'type': '[str]'}, + 'dns_names': {'key': 'dns_names', 'type': '[str]'}, + 'upns': {'key': 'upns', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(SubjectAlternativeNames, self).__init__(**kwargs) + self.emails = kwargs.get('emails', None) + self.dns_names = kwargs.get('dns_names', None) + self.upns = kwargs.get('upns', None) + + +class Trigger(Model): + """A condition to be satisfied for an action to be executed. + + :param lifetime_percentage: Percentage of lifetime at which to trigger. + Value should be between 1 and 99. + :type lifetime_percentage: int + :param days_before_expiry: Days before expiry to attempt renewal. Value + should be between 1 and validity_in_months multiplied by 27. If + validity_in_months is 36, then value should be between 1 and 972 (36 * + 27). + :type days_before_expiry: int + """ + + _validation = { + 'lifetime_percentage': {'maximum': 99, 'minimum': 1}, + } + + _attribute_map = { + 'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'}, + 'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(Trigger, self).__init__(**kwargs) + self.lifetime_percentage = kwargs.get('lifetime_percentage', None) + self.days_before_expiry = kwargs.get('days_before_expiry', None) + + +class X509CertificateProperties(Model): + """Properties of the X509 component of a certificate. + + :param subject: The subject name. Should be a valid X509 distinguished + Name. + :type subject: str + :param ekus: The enhanced key usage. + :type ekus: list[str] + :param subject_alternative_names: The subject alternative names. + :type subject_alternative_names: + ~azure.keyvault.v7_1.models.SubjectAlternativeNames + :param key_usage: List of key usages. + :type key_usage: list[str or ~azure.keyvault.v7_1.models.KeyUsageType] + :param validity_in_months: The duration that the certificate is valid in + months. + :type validity_in_months: int + """ + + _validation = { + 'validity_in_months': {'minimum': 0}, + } + + _attribute_map = { + 'subject': {'key': 'subject', 'type': 'str'}, + 'ekus': {'key': 'ekus', 'type': '[str]'}, + 'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'}, + 'key_usage': {'key': 'key_usage', 'type': '[str]'}, + 'validity_in_months': {'key': 'validity_months', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(X509CertificateProperties, self).__init__(**kwargs) + self.subject = kwargs.get('subject', None) + self.ekus = kwargs.get('ekus', None) + self.subject_alternative_names = kwargs.get('subject_alternative_names', None) + self.key_usage = kwargs.get('key_usage', None) + self.validity_in_months = kwargs.get('validity_in_months', None) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models_py3.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models_py3.py new file mode 100644 index 000000000000..b57835037d85 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/models/_models_py3.py @@ -0,0 +1,3244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from azure.core.exceptions import HttpResponseError + + +class Action(Model): + """The action that will be executed. + + :param action_type: The type of the action. Possible values include: + 'EmailContacts', 'AutoRenew' + :type action_type: str or ~azure.keyvault.v7_1.models.ActionType + """ + + _attribute_map = { + 'action_type': {'key': 'action_type', 'type': 'ActionType'}, + } + + def __init__(self, *, action_type=None, **kwargs) -> None: + super(Action, self).__init__(**kwargs) + self.action_type = action_type + + +class AdministratorDetails(Model): + """Details of the organization administrator of the certificate issuer. + + :param first_name: First name. + :type first_name: str + :param last_name: Last name. + :type last_name: str + :param email_address: Email address. + :type email_address: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'first_name': {'key': 'first_name', 'type': 'str'}, + 'last_name': {'key': 'last_name', 'type': 'str'}, + 'email_address': {'key': 'email', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, *, first_name: str=None, last_name: str=None, email_address: str=None, phone: str=None, **kwargs) -> None: + super(AdministratorDetails, self).__init__(**kwargs) + self.first_name = first_name + self.last_name = last_name + self.email_address = email_address + self.phone = phone + + +class Attributes(Model): + """The object attributes managed by the KeyVault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(Attributes, self).__init__(**kwargs) + self.enabled = enabled + self.not_before = not_before + self.expires = expires + self.created = None + self.updated = None + + +class BackupCertificateResult(Model): + """The backup certificate result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up certificate. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupCertificateResult, self).__init__(**kwargs) + self.value = None + + +class BackupKeyResult(Model): + """The backup key result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up key. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupKeyResult, self).__init__(**kwargs) + self.value = None + + +class BackupSecretResult(Model): + """The backup secret result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up secret. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupSecretResult, self).__init__(**kwargs) + self.value = None + + +class BackupStorageResult(Model): + """The backup storage result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up storage account. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupStorageResult, self).__init__(**kwargs) + self.value = None + + +class CertificateAttributes(Attributes): + """The certificate management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for certificates in the current vault. If it contains 'Purgeable', + the certificate can be permanently deleted by a privileged user; + otherwise, only the system can purge the certificate, at the end of the + retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(CertificateAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class CertificateBundle(Model): + """A certificate bundle consists of a certificate (X509) plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None: + super(CertificateBundle, self).__init__(**kwargs) + self.id = None + self.kid = None + self.sid = None + self.x509_thumbprint = None + self.policy = None + self.cer = cer + self.content_type = content_type + self.attributes = attributes + self.tags = tags + + +class CertificateCreateParameters(Model): + """The certificate create parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateCreateParameters, self).__init__(**kwargs) + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateImportParameters(Model): + """The certificate import parameters. + + All required parameters must be populated in order to send to Azure. + + :param base64_encoded_certificate: Required. Base64 encoded representation + of the certificate object to import. This certificate needs to contain the + private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'base64_encoded_certificate': {'required': True}, + } + + _attribute_map = { + 'base64_encoded_certificate': {'key': 'value', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, base64_encoded_certificate: str, password: str=None, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateImportParameters, self).__init__(**kwargs) + self.base64_encoded_certificate = base64_encoded_certificate + self.password = password + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateIssuerItem(Model): + """The certificate issuer item containing certificate issuer metadata. + + :param id: Certificate Identifier. + :type id: str + :param provider: The issuer provider. + :type provider: str + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + } + + def __init__(self, *, id: str=None, provider: str=None, **kwargs) -> None: + super(CertificateIssuerItem, self).__init__(**kwargs) + self.id = id + self.provider = provider + + +class CertificateIssuerListResult(Model): + """The certificate issuer list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificate issuers + in the key vault along with a link to the next page of certificate + issuers. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :ivar next_link: The URL to get the next set of certificate issuers. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateIssuerItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CertificateIssuerListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateIssuerSetParameters(Model): + """The certificate issuer set parameters. + + All required parameters must be populated in order to send to Azure. + + :param provider: Required. The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'provider': {'required': True}, + } + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(CertificateIssuerSetParameters, self).__init__(**kwargs) + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class CertificateIssuerUpdateParameters(Model): + """The certificate issuer update parameters. + + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(CertificateIssuerUpdateParameters, self).__init__(**kwargs) + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class CertificateItem(Model): + """The certificate item containing certificate metadata. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, **kwargs) -> None: + super(CertificateItem, self).__init__(**kwargs) + self.id = id + self.attributes = attributes + self.tags = tags + self.x509_thumbprint = x509_thumbprint + + +class CertificateListResult(Model): + """The certificate list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificates in the + key vault along with a link to the next page of certificates. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateItem] + :ivar next_link: The URL to get the next set of certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateMergeParameters(Model): + """The certificate merge parameters. + + All required parameters must be populated in order to send to Azure. + + :param x509_certificates: Required. The certificate or the certificate + chain to merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'x509_certificates': {'required': True}, + } + + _attribute_map = { + 'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, x509_certificates, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateMergeParameters, self).__init__(**kwargs) + self.x509_certificates = x509_certificates + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateOperation(Model): + """A certificate operation is returned in case of asynchronous requests. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param csr: The certificate signing request (CSR) that is being used in + the certificate operation. + :type csr: bytearray + :param cancellation_requested: Indicates if cancellation was requested on + the certificate operation. + :type cancellation_requested: bool + :param status: Status of the certificate operation. + :type status: str + :param status_details: The status details of the certificate operation. + :type status_details: str + :param error: Error encountered, if any, during the certificate operation. + :type error: ~azure.keyvault.v7_1.models.Error + :param target: Location which contains the result of the certificate + operation. + :type target: str + :param request_id: Identifier for the certificate operation. + :type request_id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'csr': {'key': 'csr', 'type': 'bytearray'}, + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + 'status': {'key': 'status', 'type': 'str'}, + 'status_details': {'key': 'status_details', 'type': 'str'}, + 'error': {'key': 'error', 'type': 'Error'}, + 'target': {'key': 'target', 'type': 'str'}, + 'request_id': {'key': 'request_id', 'type': 'str'}, + } + + def __init__(self, *, issuer_parameters=None, csr: bytearray=None, cancellation_requested: bool=None, status: str=None, status_details: str=None, error=None, target: str=None, request_id: str=None, **kwargs) -> None: + super(CertificateOperation, self).__init__(**kwargs) + self.id = None + self.issuer_parameters = issuer_parameters + self.csr = csr + self.cancellation_requested = cancellation_requested + self.status = status + self.status_details = status_details + self.error = error + self.target = target + self.request_id = request_id + + +class CertificateOperationUpdateParameter(Model): + """The certificate operation update parameters. + + All required parameters must be populated in order to send to Azure. + + :param cancellation_requested: Required. Indicates if cancellation was + requested on the certificate operation. + :type cancellation_requested: bool + """ + + _validation = { + 'cancellation_requested': {'required': True}, + } + + _attribute_map = { + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + } + + def __init__(self, *, cancellation_requested: bool, **kwargs) -> None: + super(CertificateOperationUpdateParameter, self).__init__(**kwargs) + self.cancellation_requested = cancellation_requested + + +class CertificatePolicy(Model): + """Management policy for a certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param key_properties: Properties of the key backing a certificate. + :type key_properties: ~azure.keyvault.v7_1.models.KeyProperties + :param secret_properties: Properties of the secret backing a certificate. + :type secret_properties: ~azure.keyvault.v7_1.models.SecretProperties + :param x509_certificate_properties: Properties of the X509 component of a + certificate. + :type x509_certificate_properties: + ~azure.keyvault.v7_1.models.X509CertificateProperties + :param lifetime_actions: Actions that will be performed by Key Vault over + the lifetime of a certificate. + :type lifetime_actions: list[~azure.keyvault.v7_1.models.LifetimeAction] + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'key_properties': {'key': 'key_props', 'type': 'KeyProperties'}, + 'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'}, + 'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'}, + 'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + } + + def __init__(self, *, key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None, **kwargs) -> None: + super(CertificatePolicy, self).__init__(**kwargs) + self.id = None + self.key_properties = key_properties + self.secret_properties = secret_properties + self.x509_certificate_properties = x509_certificate_properties + self.lifetime_actions = lifetime_actions + self.issuer_parameters = issuer_parameters + self.attributes = attributes + + +class CertificateRestoreParameters(Model): + """The certificate restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param certificate_bundle_backup: Required. The backup blob associated + with a certificate bundle. + :type certificate_bundle_backup: bytes + """ + + _validation = { + 'certificate_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'certificate_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, certificate_bundle_backup: bytes, **kwargs) -> None: + super(CertificateRestoreParameters, self).__init__(**kwargs) + self.certificate_bundle_backup = certificate_bundle_backup + + +class CertificateUpdateParameters(Model): + """The certificate update parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateUpdateParameters, self).__init__(**kwargs) + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class Contact(Model): + """The contact information for the vault certificates. + + :param email_address: Email address. + :type email_address: str + :param name: Name. + :type name: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'email_address': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, *, email_address: str=None, name: str=None, phone: str=None, **kwargs) -> None: + super(Contact, self).__init__(**kwargs) + self.email_address = email_address + self.name = name + self.phone = phone + + +class Contacts(Model): + """The contacts for the vault certificates. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the contacts collection. + :vartype id: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'contact_list': {'key': 'contacts', 'type': '[Contact]'}, + } + + def __init__(self, *, contact_list=None, **kwargs) -> None: + super(Contacts, self).__init__(**kwargs) + self.id = None + self.contact_list = contact_list + + +class DeletedCertificateBundle(CertificateBundle): + """A Deleted Certificate consisting of its previous id, attributes and its + tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedCertificateBundle, self).__init__(cer=cer, content_type=content_type, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateItem(CertificateItem): + """The deleted certificate item containing metadata about the deleted + certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedCertificateItem, self).__init__(id=id, attributes=attributes, tags=tags, x509_thumbprint=x509_thumbprint, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateListResult(Model): + """A list of certificates that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted certificates + in the vault along with a link to the next page of deleted certificates + :vartype value: list[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :ivar next_link: The URL to get the next set of deleted certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedCertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedCertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyBundle(Model): + """A KeyBundle consisting of a WebKey plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, key=None, attributes=None, tags=None, **kwargs) -> None: + super(KeyBundle, self).__init__(**kwargs) + self.key = key + self.attributes = attributes + self.tags = tags + self.managed = None + + +class DeletedKeyBundle(KeyBundle): + """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion + info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, key=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedKeyBundle, self).__init__(key=key, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class KeyItem(Model): + """The key item containing key metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, kid: str=None, attributes=None, tags=None, **kwargs) -> None: + super(KeyItem, self).__init__(**kwargs) + self.kid = kid + self.attributes = attributes + self.tags = tags + self.managed = None + + +class DeletedKeyItem(KeyItem): + """The deleted key item containing the deleted key metadata and information + about deletion. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, kid: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedKeyItem, self).__init__(kid=kid, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedKeyListResult(Model): + """A list of keys that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted keys in the + vault along with a link to the next page of deleted keys + :vartype value: list[~azure.keyvault.v7_1.models.DeletedKeyItem] + :ivar next_link: The URL to get the next set of deleted keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedKeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedKeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionBundle(Model): + """A SAS definition bundle consists of key vault SAS definition details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionBundle, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.template_uri = None + self.sas_type = None + self.validity_period = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionBundle(SasDefinitionBundle): + """A deleted SAS definition bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedSasDefinitionBundle, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class SasDefinitionItem(Model): + """The SAS definition item containing storage SAS definition metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionItem, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionItem(SasDefinitionItem): + """The deleted SAS definition item containing metadata about the deleted SAS + definition. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedSasDefinitionItem, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSasDefinitionListResult(Model): + """The deleted SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted SAS + definitions in the vault along with a link to the next page of deleted sas + definitions + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :ivar next_link: The URL to get the next set of deleted SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedSasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretBundle(Model): + """A secret consisting of a value, id and its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None: + super(SecretBundle, self).__init__(**kwargs) + self.value = value + self.id = id + self.content_type = content_type + self.attributes = attributes + self.tags = tags + self.kid = None + self.managed = None + + +class DeletedSecretBundle(SecretBundle): + """A Deleted Secret consisting of its previous id, attributes and its tags, as + well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedSecretBundle, self).__init__(value=value, id=id, content_type=content_type, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class SecretItem(Model): + """The secret item containing secret metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, **kwargs) -> None: + super(SecretItem, self).__init__(**kwargs) + self.id = id + self.attributes = attributes + self.tags = tags + self.content_type = content_type + self.managed = None + + +class DeletedSecretItem(SecretItem): + """The deleted secret item containing metadata about the deleted secret. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedSecretItem, self).__init__(id=id, attributes=attributes, tags=tags, content_type=content_type, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSecretListResult(Model): + """The deleted secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted secrets + in the vault along with a link to the next page of deleted secrets + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSecretItem] + :ivar next_link: The URL to get the next set of deleted secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedSecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageAccountItem(Model): + """The storage account item containing storage account metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageAccountItem, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.attributes = None + self.tags = None + + +class DeletedStorageAccountItem(StorageAccountItem): + """The deleted storage account item containing metadata about the deleted + storage account. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedStorageAccountItem, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class StorageBundle(Model): + """A Storage account bundle consists of key vault storage account details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageBundle, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.active_key_name = None + self.auto_regenerate_key = None + self.regeneration_period = None + self.attributes = None + self.tags = None + + +class DeletedStorageBundle(StorageBundle): + """A deleted storage account bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedStorageBundle, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedStorageListResult(Model): + """The deleted storage account list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted storage + accounts in the vault along with a link to the next page of deleted + storage accounts + :vartype value: + list[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :ivar next_link: The URL to get the next set of deleted storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedStorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedStorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class Error(Model): + """The key vault server error. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar inner_error: + :vartype inner_error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'inner_error': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'inner_error': {'key': 'innererror', 'type': 'Error'}, + } + + def __init__(self, **kwargs) -> None: + super(Error, self).__init__(**kwargs) + self.code = None + self.message = None + self.inner_error = None + + +class IssuerAttributes(Model): + """The attributes of an issuer managed by the Key Vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the issuer is enabled. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(IssuerAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + + +class IssuerBundle(Model): + """The issuer for Key Vault certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the issuer object. + :vartype id: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(IssuerBundle, self).__init__(**kwargs) + self.id = None + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class IssuerCredentials(Model): + """The credentials to be used for the certificate issuer. + + :param account_id: The user name/account name/account id. + :type account_id: str + :param password: The password/secret/account key. + :type password: str + """ + + _attribute_map = { + 'account_id': {'key': 'account_id', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + } + + def __init__(self, *, account_id: str=None, password: str=None, **kwargs) -> None: + super(IssuerCredentials, self).__init__(**kwargs) + self.account_id = account_id + self.password = password + + +class IssuerParameters(Model): + """Parameters for the issuer of the X509 component of a certificate. + + :param name: Name of the referenced issuer object or reserved names; for + example, 'Self' or 'Unknown'. + :type name: str + :param certificate_type: Certificate type as supported by the provider + (optional); for example 'OV-SSL', 'EV-SSL' + :type certificate_type: str + :param certificate_transparency: Indicates if the certificates generated + under this policy should be published to certificate transparency logs. + :type certificate_transparency: bool + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'certificate_type': {'key': 'cty', 'type': 'str'}, + 'certificate_transparency': {'key': 'cert_transparency', 'type': 'bool'}, + } + + def __init__(self, *, name: str=None, certificate_type: str=None, certificate_transparency: bool=None, **kwargs) -> None: + super(IssuerParameters, self).__init__(**kwargs) + self.name = name + self.certificate_type = certificate_type + self.certificate_transparency = certificate_transparency + + +class JsonWebKey(Model): + """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. + + :param kid: Key identifier. + :type kid: str + :param kty: JsonWebKey Key Type (kty), as defined in + https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_ops: + :type key_ops: list[str] + :param n: RSA modulus. + :type n: bytes + :param e: RSA public exponent. + :type e: bytes + :param d: RSA private exponent, or the D component of an EC private key. + :type d: bytes + :param dp: RSA private key parameter. + :type dp: bytes + :param dq: RSA private key parameter. + :type dq: bytes + :param qi: RSA private key parameter. + :type qi: bytes + :param p: RSA secret prime. + :type p: bytes + :param q: RSA secret prime, with p < q. + :type q: bytes + :param k: Symmetric key. + :type k: bytes + :param t: HSM Token, used with 'Bring Your Own Key'. + :type t: bytes + :param crv: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type crv: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param x: X component of an EC public key. + :type x: bytes + :param y: Y component of an EC public key. + :type y: bytes + """ + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'n': {'key': 'n', 'type': 'base64'}, + 'e': {'key': 'e', 'type': 'base64'}, + 'd': {'key': 'd', 'type': 'base64'}, + 'dp': {'key': 'dp', 'type': 'base64'}, + 'dq': {'key': 'dq', 'type': 'base64'}, + 'qi': {'key': 'qi', 'type': 'base64'}, + 'p': {'key': 'p', 'type': 'base64'}, + 'q': {'key': 'q', 'type': 'base64'}, + 'k': {'key': 'k', 'type': 'base64'}, + 't': {'key': 'key_hsm', 'type': 'base64'}, + 'crv': {'key': 'crv', 'type': 'str'}, + 'x': {'key': 'x', 'type': 'base64'}, + 'y': {'key': 'y', 'type': 'base64'}, + } + + def __init__(self, *, kid: str=None, kty=None, key_ops=None, n: bytes=None, e: bytes=None, d: bytes=None, dp: bytes=None, dq: bytes=None, qi: bytes=None, p: bytes=None, q: bytes=None, k: bytes=None, t: bytes=None, crv=None, x: bytes=None, y: bytes=None, **kwargs) -> None: + super(JsonWebKey, self).__init__(**kwargs) + self.kid = kid + self.kty = kty + self.key_ops = key_ops + self.n = n + self.e = e + self.d = d + self.dp = dp + self.dq = dq + self.qi = qi + self.p = p + self.q = q + self.k = k + self.t = t + self.crv = crv + self.x = x + self.y = y + + +class KeyAttributes(Attributes): + """The attributes of a key managed by the key vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for keys in the current vault. If it contains 'Purgeable' the key + can be permanently deleted by a privileged user; otherwise, only the + system can purge the key, at the end of the retention interval. Possible + values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(KeyAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class KeyCreateParameters(Model): + """The key create parameters. + + All required parameters must be populated in order to send to Azure. + + :param kty: Required. The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', + 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _validation = { + 'kty': {'required': True, 'min_length': 1}, + } + + _attribute_map = { + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, *, kty, key_size: int=None, key_ops=None, key_attributes=None, tags=None, curve=None, **kwargs) -> None: + super(KeyCreateParameters, self).__init__(**kwargs) + self.kty = kty + self.key_size = key_size + self.key_ops = key_ops + self.key_attributes = key_attributes + self.tags = tags + self.curve = curve + + +class KeyImportParameters(Model): + """The key import parameters. + + All required parameters must be populated in order to send to Azure. + + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key: Required. The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'key': {'required': True}, + } + + _attribute_map = { + 'hsm': {'key': 'Hsm', 'type': 'bool'}, + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, key, hsm: bool=None, key_attributes=None, tags=None, **kwargs) -> None: + super(KeyImportParameters, self).__init__(**kwargs) + self.hsm = hsm + self.key = key + self.key_attributes = key_attributes + self.tags = tags + + +class KeyListResult(Model): + """The key list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of keys in the key vault + along with a link to the next page of keys. + :vartype value: list[~azure.keyvault.v7_1.models.KeyItem] + :ivar next_link: The URL to get the next set of keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[KeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyOperationResult(Model): + """The key operation result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar kid: Key identifier + :vartype kid: str + :ivar result: + :vartype result: bytes + """ + + _validation = { + 'kid': {'readonly': True}, + 'result': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'result': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyOperationResult, self).__init__(**kwargs) + self.kid = None + self.result = None + + +class KeyOperationsParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, value: bytes, **kwargs) -> None: + super(KeyOperationsParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.value = value + + +class KeyProperties(Model): + """Properties of the key pair backing a certificate. + + :param exportable: Indicates if the private key can be exported. + :type exportable: bool + :param key_type: The type of key pair to be used for the certificate. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type key_type: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param reuse_key: Indicates if the same key pair will be used on + certificate renewal. + :type reuse_key: bool + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _attribute_map = { + 'exportable': {'key': 'exportable', 'type': 'bool'}, + 'key_type': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'reuse_key': {'key': 'reuse_key', 'type': 'bool'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, *, exportable: bool=None, key_type=None, key_size: int=None, reuse_key: bool=None, curve=None, **kwargs) -> None: + super(KeyProperties, self).__init__(**kwargs) + self.exportable = exportable + self.key_type = key_type + self.key_size = key_size + self.reuse_key = reuse_key + self.curve = curve + + +class KeyRestoreParameters(Model): + """The key restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_bundle_backup: Required. The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + """ + + _validation = { + 'key_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'key_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, key_bundle_backup: bytes, **kwargs) -> None: + super(KeyRestoreParameters, self).__init__(**kwargs) + self.key_bundle_backup = key_bundle_backup + + +class KeySignParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm identifier. + For more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', + 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', + 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, value: bytes, **kwargs) -> None: + super(KeySignParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.value = value + + +class KeyUpdateParameters(Model): + """The key update parameters. + + :param key_ops: Json web key operations. For more information on possible + key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, key_ops=None, key_attributes=None, tags=None, **kwargs) -> None: + super(KeyUpdateParameters, self).__init__(**kwargs) + self.key_ops = key_ops + self.key_attributes = key_attributes + self.tags = tags + + +class KeyVaultError(Model): + """The key vault error exception. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar error: + :vartype error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'error': {'readonly': True}, + } + + _attribute_map = { + 'error': {'key': 'error', 'type': 'Error'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyVaultError, self).__init__(**kwargs) + self.error = None + + +class KeyVaultErrorException(HttpResponseError): + """Server responsed with exception of type: 'KeyVaultError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, response, deserialize, *args): + + model_name = 'KeyVaultError' + self.error = deserialize(model_name, response) + if self.error is None: + self.error = deserialize.dependencies[model_name]() + super(KeyVaultErrorException, self).__init__(response=response) + + +class KeyVerifyParameters(Model): + """The key verify parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm. For more + information on possible algorithm types, see JsonWebKeySignatureAlgorithm. + Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', + 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: Required. The digest used for signing. + :type digest: bytes + :param signature: Required. The signature to be verified. + :type signature: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'digest': {'required': True}, + 'signature': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'digest': {'key': 'digest', 'type': 'base64'}, + 'signature': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, digest: bytes, signature: bytes, **kwargs) -> None: + super(KeyVerifyParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.digest = digest + self.signature = signature + + +class KeyVerifyResult(Model): + """The key verify result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: True if the signature is verified, otherwise false. + :vartype value: bool + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'bool'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyVerifyResult, self).__init__(**kwargs) + self.value = None + + +class LifetimeAction(Model): + """Action and its trigger that will be performed by Key Vault over the + lifetime of a certificate. + + :param trigger: The condition that will execute the action. + :type trigger: ~azure.keyvault.v7_1.models.Trigger + :param action: The action that will be executed. + :type action: ~azure.keyvault.v7_1.models.Action + """ + + _attribute_map = { + 'trigger': {'key': 'trigger', 'type': 'Trigger'}, + 'action': {'key': 'action', 'type': 'Action'}, + } + + def __init__(self, *, trigger=None, action=None, **kwargs) -> None: + super(LifetimeAction, self).__init__(**kwargs) + self.trigger = trigger + self.action = action + + +class OrganizationDetails(Model): + """Details of the organization of the certificate issuer. + + :param id: Id of the organization. + :type id: str + :param admin_details: Details of the organization administrator. + :type admin_details: + list[~azure.keyvault.v7_1.models.AdministratorDetails] + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'}, + } + + def __init__(self, *, id: str=None, admin_details=None, **kwargs) -> None: + super(OrganizationDetails, self).__init__(**kwargs) + self.id = id + self.admin_details = admin_details + + +class PendingCertificateSigningRequestResult(Model): + """The pending certificate signing request result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The pending certificate signing request as Base64 encoded + string. + :vartype value: str + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(PendingCertificateSigningRequestResult, self).__init__(**kwargs) + self.value = None + + +class SasDefinitionAttributes(Model): + """The SAS definition management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for SAS definitions in the current vault. If it contains + 'Purgeable' the SAS definition can be permanently deleted by a privileged + user; otherwise, only the system can purge the SAS definition, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(SasDefinitionAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class SasDefinitionCreateParameters(Model): + """The SAS definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param template_uri: Required. The SAS definition token template signed + with an arbitrary key. Tokens created according to the SAS definition + will have the same properties as the template. + :type template_uri: str + :param sas_type: Required. The type of SAS token the SAS definition will + create. Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: Required. The validity period of SAS tokens + created according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'template_uri': {'required': True}, + 'sas_type': {'required': True}, + 'validity_period': {'required': True}, + } + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, template_uri: str, sas_type, validity_period: str, sas_definition_attributes=None, tags=None, **kwargs) -> None: + super(SasDefinitionCreateParameters, self).__init__(**kwargs) + self.template_uri = template_uri + self.sas_type = sas_type + self.validity_period = validity_period + self.sas_definition_attributes = sas_definition_attributes + self.tags = tags + + +class SasDefinitionListResult(Model): + """The storage account SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of SAS definitions along + with a link to the next page of SAS definitions. + :vartype value: list[~azure.keyvault.v7_1.models.SasDefinitionItem] + :ivar next_link: The URL to get the next set of SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionUpdateParameters(Model): + """The SAS definition update parameters. + + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, template_uri: str=None, sas_type=None, validity_period: str=None, sas_definition_attributes=None, tags=None, **kwargs) -> None: + super(SasDefinitionUpdateParameters, self).__init__(**kwargs) + self.template_uri = template_uri + self.sas_type = sas_type + self.validity_period = validity_period + self.sas_definition_attributes = sas_definition_attributes + self.tags = tags + + +class SecretAttributes(Attributes): + """The secret management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for secrets in the current vault. If it contains 'Purgeable', the + secret can be permanently deleted by a privileged user; otherwise, only + the system can purge the secret, at the end of the retention interval. + Possible values include: 'Purgeable', 'Recoverable+Purgeable', + 'Recoverable', 'Recoverable+ProtectedSubscription', + 'CustomizedRecoverable+Purgeable', 'CustomizedRecoverable', + 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(SecretAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class SecretListResult(Model): + """The secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of secrets in the key + vault along with a link to the next page of secrets. + :vartype value: list[~azure.keyvault.v7_1.models.SecretItem] + :ivar next_link: The URL to get the next set of secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretProperties(Model): + """Properties of the key backing a certificate. + + :param content_type: The media type (MIME type). + :type content_type: str + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + } + + def __init__(self, *, content_type: str=None, **kwargs) -> None: + super(SecretProperties, self).__init__(**kwargs) + self.content_type = content_type + + +class SecretRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param secret_bundle_backup: Required. The backup blob associated with a + secret bundle. + :type secret_bundle_backup: bytes + """ + + _validation = { + 'secret_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'secret_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, secret_bundle_backup: bytes, **kwargs) -> None: + super(SecretRestoreParameters, self).__init__(**kwargs) + self.secret_bundle_backup = secret_bundle_backup + + +class SecretSetParameters(Model): + """The secret set parameters. + + All required parameters must be populated in order to send to Azure. + + :param value: Required. The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + } + + def __init__(self, *, value: str, tags=None, content_type: str=None, secret_attributes=None, **kwargs) -> None: + super(SecretSetParameters, self).__init__(**kwargs) + self.value = value + self.tags = tags + self.content_type = content_type + self.secret_attributes = secret_attributes + + +class SecretUpdateParameters(Model): + """The secret update parameters. + + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, content_type: str=None, secret_attributes=None, tags=None, **kwargs) -> None: + super(SecretUpdateParameters, self).__init__(**kwargs) + self.content_type = content_type + self.secret_attributes = secret_attributes + self.tags = tags + + +class StorageAccountAttributes(Model): + """The storage account management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for storage accounts in the current vault. If it contains + 'Purgeable' the storage account can be permanently deleted by a privileged + user; otherwise, only the system can purge the storage account, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(StorageAccountAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class StorageAccountCreateParameters(Model): + """The storage account create parameters. + + All required parameters must be populated in order to send to Azure. + + :param resource_id: Required. Storage account resource id. + :type resource_id: str + :param active_key_name: Required. Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: Required. whether keyvault should manage the + storage account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'resource_id': {'required': True}, + 'active_key_name': {'required': True}, + 'auto_regenerate_key': {'required': True}, + } + + _attribute_map = { + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, resource_id: str, active_key_name: str, auto_regenerate_key: bool, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None: + super(StorageAccountCreateParameters, self).__init__(**kwargs) + self.resource_id = resource_id + self.active_key_name = active_key_name + self.auto_regenerate_key = auto_regenerate_key + self.regeneration_period = regeneration_period + self.storage_account_attributes = storage_account_attributes + self.tags = tags + + +class StorageAccountRegenerteKeyParameters(Model): + """The storage account key regenerate parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_name: Required. The storage account key name. + :type key_name: str + """ + + _validation = { + 'key_name': {'required': True}, + } + + _attribute_map = { + 'key_name': {'key': 'keyName', 'type': 'str'}, + } + + def __init__(self, *, key_name: str, **kwargs) -> None: + super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs) + self.key_name = key_name + + +class StorageAccountUpdateParameters(Model): + """The storage account update parameters. + + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, active_key_name: str=None, auto_regenerate_key: bool=None, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None: + super(StorageAccountUpdateParameters, self).__init__(**kwargs) + self.active_key_name = active_key_name + self.auto_regenerate_key = auto_regenerate_key + self.regeneration_period = regeneration_period + self.storage_account_attributes = storage_account_attributes + self.tags = tags + + +class StorageListResult(Model): + """The storage accounts list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of storage accounts in + the key vault along with a link to the next page of storage accounts. + :vartype value: list[~azure.keyvault.v7_1.models.StorageAccountItem] + :ivar next_link: The URL to get the next set of storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[StorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param storage_bundle_backup: Required. The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + """ + + _validation = { + 'storage_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'storage_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, storage_bundle_backup: bytes, **kwargs) -> None: + super(StorageRestoreParameters, self).__init__(**kwargs) + self.storage_bundle_backup = storage_bundle_backup + + +class SubjectAlternativeNames(Model): + """The subject alternate names of a X509 object. + + :param emails: Email addresses. + :type emails: list[str] + :param dns_names: Domain names. + :type dns_names: list[str] + :param upns: User principal names. + :type upns: list[str] + """ + + _attribute_map = { + 'emails': {'key': 'emails', 'type': '[str]'}, + 'dns_names': {'key': 'dns_names', 'type': '[str]'}, + 'upns': {'key': 'upns', 'type': '[str]'}, + } + + def __init__(self, *, emails=None, dns_names=None, upns=None, **kwargs) -> None: + super(SubjectAlternativeNames, self).__init__(**kwargs) + self.emails = emails + self.dns_names = dns_names + self.upns = upns + + +class Trigger(Model): + """A condition to be satisfied for an action to be executed. + + :param lifetime_percentage: Percentage of lifetime at which to trigger. + Value should be between 1 and 99. + :type lifetime_percentage: int + :param days_before_expiry: Days before expiry to attempt renewal. Value + should be between 1 and validity_in_months multiplied by 27. If + validity_in_months is 36, then value should be between 1 and 972 (36 * + 27). + :type days_before_expiry: int + """ + + _validation = { + 'lifetime_percentage': {'maximum': 99, 'minimum': 1}, + } + + _attribute_map = { + 'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'}, + 'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'}, + } + + def __init__(self, *, lifetime_percentage: int=None, days_before_expiry: int=None, **kwargs) -> None: + super(Trigger, self).__init__(**kwargs) + self.lifetime_percentage = lifetime_percentage + self.days_before_expiry = days_before_expiry + + +class X509CertificateProperties(Model): + """Properties of the X509 component of a certificate. + + :param subject: The subject name. Should be a valid X509 distinguished + Name. + :type subject: str + :param ekus: The enhanced key usage. + :type ekus: list[str] + :param subject_alternative_names: The subject alternative names. + :type subject_alternative_names: + ~azure.keyvault.v7_1.models.SubjectAlternativeNames + :param key_usage: List of key usages. + :type key_usage: list[str or ~azure.keyvault.v7_1.models.KeyUsageType] + :param validity_in_months: The duration that the certificate is valid in + months. + :type validity_in_months: int + """ + + _validation = { + 'validity_in_months': {'minimum': 0}, + } + + _attribute_map = { + 'subject': {'key': 'subject', 'type': 'str'}, + 'ekus': {'key': 'ekus', 'type': '[str]'}, + 'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'}, + 'key_usage': {'key': 'key_usage', 'type': '[str]'}, + 'validity_in_months': {'key': 'validity_months', 'type': 'int'}, + } + + def __init__(self, *, subject: str=None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months: int=None, **kwargs) -> None: + super(X509CertificateProperties, self).__init__(**kwargs) + self.subject = subject + self.ekus = ekus + self.subject_alternative_names = subject_alternative_names + self.key_usage = key_usage + self.validity_in_months = validity_in_months diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/__init__.py new file mode 100644 index 000000000000..603e37d3ee07 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_operations import KeyVaultClientOperationsMixin + +__all__ = [ + 'KeyVaultClientOperationsMixin', +] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py new file mode 100644 index 000000000000..449c73af3bb1 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py @@ -0,0 +1,5224 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core.exceptions import map_error +from azure.core.paging import ItemPaged +from .. import models +import uuid + + +class KeyVaultClientOperationsMixin(object): + + def get_certificates( + self, vault_base_url, maxresults=None, include_pending=None, cls=None, **kwargs): + """List certificates in a specified key vault. + + The GetCertificates operation returns the set of certificates resources + in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificates.metadata = {'url': '/certificates'} + + def delete_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Deletes a certificate from a specified key vault. + + Deletes all versions of a certificate object along with its associated + policy. Delete certificate cannot be used to remove individual versions + of a certificate object. This operation requires the + certificates/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate.metadata = {'url': '/certificates/{certificate-name}'} + + def set_certificate_contacts(self, vault_base_url, contact_list=None, cls=None, **kwargs): + """Sets the certificate contacts for the specified key vault. + + Sets the certificate contacts for the specified key vault. This + operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + contacts = models.Contacts(contact_list=contact_list) + + # Construct URL + url = self.set_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(contacts, 'Contacts') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_contacts(self, vault_base_url, cls=None, **kwargs): + """Lists the certificate contacts for a specified key vault. + + The GetCertificateContacts operation returns the set of certificate + contact resources in the specified key vault. This operation requires + the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def delete_certificate_contacts(self, vault_base_url, cls=None, **kwargs): + """Deletes the certificate contacts for a specified key vault. + + Deletes the certificate contacts for a specified key vault certificate. + This operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_issuers( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List certificate issuers for a specified key vault. + + The GetCertificateIssuers operation returns the set of certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateIssuerItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_issuers.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateIssuerListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificate_issuers.metadata = {'url': '/certificates/issuers'} + + def set_certificate_issuer(self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, cls=None, **kwargs): + """Sets the specified certificate issuer. + + The SetCertificateIssuer operation adds or updates the specified + certificate issuer. This operation requires the certificates/setissuers + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.set_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def update_certificate_issuer(self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, cls=None, **kwargs): + """Updates the specified certificate issuer. + + The UpdateCertificateIssuer operation performs an update on the + specified certificate issuer entity. This operation requires the + certificates/setissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.update_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def get_certificate_issuer(self, vault_base_url, issuer_name, cls=None, **kwargs): + """Lists the specified certificate issuer. + + The GetCertificateIssuer operation returns the specified certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def delete_certificate_issuer(self, vault_base_url, issuer_name, cls=None, **kwargs): + """Deletes the specified certificate issuer. + + The DeleteCertificateIssuer operation permanently removes the specified + certificate issuer from the vault. This operation requires the + certificates/manageissuers/deleteissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def create_certificate(self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Creates a new certificate. + + If this is the first version, the certificate resource is created. This + operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.create_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'} + + def import_certificate(self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Imports a certificate into a specified key vault. + + Imports an existing valid certificate, containing a private key, into + Azure Key Vault. The certificate to be imported can be in either PFX or + PEM format. If the certificate is in PEM format the PEM file must + contain the key as well as x509 certificates. This operation requires + the certificates/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param base64_encoded_certificate: Base64 encoded representation of + the certificate object to import. This certificate needs to contain + the private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.import_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateImportParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'} + + def get_certificate_versions( + self, vault_base_url, certificate_name, maxresults=None, cls=None, **kwargs): + """List the versions of a certificate. + + The GetCertificateVersions operation returns the versions of a + certificate in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'} + + def get_certificate_policy(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Lists the policy for a certificate. + + The GetCertificatePolicy operation returns the specified certificate + policy resources in the specified key vault. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in a given key + vault. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + def update_certificate_policy(self, vault_base_url, certificate_name, certificate_policy, cls=None, **kwargs): + """Updates the policy for a certificate. + + Set specified members in the certificate policy. Leave others as null. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_policy: The policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.update_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_policy, 'CertificatePolicy') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + def update_certificate(self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given certificate. + + The UpdateCertificate operation applies the specified update on the + given certificate; the only elements updated are the certificate's + attributes. This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given key + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.update_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + def get_certificate(self, vault_base_url, certificate_name, certificate_version, cls=None, **kwargs): + """Gets information about a certificate. + + Gets information about a specific certificate. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + def update_certificate_operation(self, vault_base_url, certificate_name, cancellation_requested, cls=None, **kwargs): + """Updates a certificate operation. + + Updates a certificate creation operation that is already in progress. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param cancellation_requested: Indicates if cancellation was requested + on the certificate operation. + :type cancellation_requested: bool + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested) + + # Construct URL + url = self.update_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_operation, 'CertificateOperationUpdateParameter') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def get_certificate_operation(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Gets the creation operation of a certificate. + + Gets the creation operation associated with a specified certificate. + This operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def delete_certificate_operation(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Deletes the creation operation for a specific certificate. + + Deletes the creation operation for a specified certificate that is in + the process of being created. The certificate is no longer created. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def merge_certificate(self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Merges a certificate or a certificate chain with a key pair existing on + the server. + + The MergeCertificate operation performs the merging of a certificate or + certificate chain with a key pair currently available in the service. + This operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param x509_certificates: The certificate or the certificate chain to + merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.merge_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateMergeParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'} + + def backup_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Backs up the specified certificate. + + Requests that a backup of the specified certificate be downloaded to + the client. All versions of the certificate will be downloaded. This + operation requires the certificates/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupCertificateResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupCertificateResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupCertificateResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_certificate.metadata = {'url': '/certificates/{certificate-name}/backup'} + + def restore_certificate(self, vault_base_url, certificate_bundle_backup, cls=None, **kwargs): + """Restores a backed up certificate to a vault. + + Restores a backed up certificate, and all its versions, to a vault. + This operation requires the certificates/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_bundle_backup: The backup blob associated with a + certificate bundle. + :type certificate_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateRestoreParameters(certificate_bundle_backup=certificate_bundle_backup) + + # Construct URL + url = self.restore_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_certificate.metadata = {'url': '/certificates/restore'} + + def get_deleted_certificates( + self, vault_base_url, maxresults=None, include_pending=None, cls=None, **kwargs): + """Lists the deleted certificates in the specified vault currently + available for recovery. + + The GetDeletedCertificates operation retrieves the certificates in the + current vault which are in a deleted state and ready for recovery or + purging. This operation includes deletion-specific information. This + operation requires the certificates/get/list permission. This operation + can only be enabled on soft-delete enabled vaults. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of DeletedCertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedCertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_certificates.metadata = {'url': '/deletedcertificates'} + + def get_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Retrieves information about the specified deleted certificate. + + The GetDeletedCertificate operation retrieves the deleted certificate + information plus its attributes, such as retention interval, scheduled + permanent deletion and the current deletion recovery level. This + operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + def purge_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Permanently deletes the specified deleted certificate. + + The PurgeDeletedCertificate operation performs an irreversible deletion + of the specified certificate, without possibility for recovery. The + operation is not available if the recovery level does not specify + 'Purgeable'. This operation requires the certificate/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + def recover_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Recovers the deleted certificate back to its current version under + /certificates. + + The RecoverDeletedCertificate operation performs the reversal of the + Delete operation. The operation is applicable in vaults enabled for + soft-delete, and must be issued during the retention interval + (available in the deleted certificate's attributes). This operation + requires the certificates/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the deleted certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'} + + def create_key(self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, cls=None, **kwargs): + """Creates a new key, stores it, then returns key parameters and + attributes to the client. + + The create key operation can be used to create any key type in Azure + Key Vault. If the named key already exists, Azure Key Vault creates a + new version of the key. It requires the keys/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name for the new key. The system will generate + the version name for the new key. + :type key_name: str + :param kty: The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', + 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or + 4096 for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', + 'P-521', 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve) + + # Construct URL + url = self.create_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_key.metadata = {'url': '/keys/{key-name}/create'} + + def import_key(self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, cls=None, **kwargs): + """Imports an externally created key, stores it, and returns key + parameters and attributes to the client. + + The import key operation may be used to import any key type into an + Azure Key Vault. If the named key already exists, Azure Key Vault + creates a new version of the key. This operation requires the + keys/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: Name for the imported key. + :type key_name: str + :param key: The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.import_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyImportParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_key.metadata = {'url': '/keys/{key-name}'} + + def delete_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Deletes a key of any type from storage in Azure Key Vault. + + The delete key operation cannot be used to remove individual versions + of a key. This operation removes the cryptographic material associated + with the key, which means the key is not usable for Sign/Verify, + Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the + keys/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to delete. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_key.metadata = {'url': '/keys/{key-name}'} + + def update_key(self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, cls=None, **kwargs): + """The update key operation changes specified attributes of a stored key + and can be applied to any key type and key version stored in Azure Key + Vault. + + In order to perform this operation, the key must already exist in the + Key Vault. Note: The cryptographic material of a key itself cannot be + changed. This operation requires the keys/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of key to update. + :type key_name: str + :param key_version: The version of the key to update. + :type key_version: str + :param key_ops: Json web key operations. For more information on + possible key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.update_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key(self, vault_base_url, key_name, key_version, cls=None, **kwargs): + """Gets the public part of a stored key. + + The get key operation is applicable to all key types. If the requested + key is symmetric, then no key material is released in the response. + This operation requires the keys/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to get. + :type key_name: str + :param key_version: Adding the version parameter retrieves a specific + version of a key. + :type key_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key_versions( + self, vault_base_url, key_name, maxresults=None, cls=None, **kwargs): + """Retrieves a list of individual key versions with the same key name. + + The full key identifier, attributes, and tags are provided in the + response. This operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_key_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_key_versions.metadata = {'url': '/keys/{key-name}/versions'} + + def get_keys( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a stored key. The LIST + operation is applicable to all key types, however only the base key + identifier, attributes, and tags are provided in the response. + Individual versions of a key are not listed in the response. This + operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_keys.metadata = {'url': '/keys'} + + def backup_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Requests that a backup of the specified key be downloaded to the + client. + + The Key Backup operation exports a key from Azure Key Vault in a + protected form. Note that this operation does NOT return key material + in a form that can be used outside the Azure Key Vault system, the + returned key material is either protected to a Azure Key Vault HSM or + to Azure Key Vault itself. The intent of this operation is to allow a + client to GENERATE a key in one Azure Key Vault instance, BACKUP the + key, and then RESTORE it into another Azure Key Vault instance. The + BACKUP operation may be used to export, in protected form, any key type + from Azure Key Vault. Individual versions of a key cannot be backed up. + BACKUP / RESTORE can be performed within geographical boundaries only; + meaning that a BACKUP from one geographical area cannot be restored to + another geographical area. For example, a backup from the US + geographical area cannot be restored in an EU geographical area. This + operation requires the key/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupKeyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupKeyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupKeyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_key.metadata = {'url': '/keys/{key-name}/backup'} + + def restore_key(self, vault_base_url, key_bundle_backup, cls=None, **kwargs): + """Restores a backed up key to a vault. + + Imports a previously backed up key into Azure Key Vault, restoring the + key, its key identifier, attributes and access control policies. The + RESTORE operation may be used to import a previously backed up key. + Individual versions of a key cannot be restored. The key is restored in + its entirety with the same key name as it had when it was backed up. If + the key name is not available in the target Key Vault, the RESTORE + operation will be rejected. While the key name is retained during + restore, the final key identifier will change if the key is restored to + a different vault. Restore will restore all versions and preserve + version identifiers. The RESTORE operation is subject to security + constraints: The target Key Vault must be owned by the same Microsoft + Azure Subscription as the source Key Vault The user must have RESTORE + permission in the target Key Vault. This operation requires the + keys/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_bundle_backup: The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup) + + # Construct URL + url = self.restore_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_key.metadata = {'url': '/keys/restore'} + + def encrypt(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Encrypts an arbitrary sequence of bytes using an encryption key that is + stored in a key vault. + + The ENCRYPT operation encrypts an arbitrary sequence of bytes using an + encryption key that is stored in Azure Key Vault. Note that the ENCRYPT + operation only supports a single block of data, the size of which is + dependent on the target key and the encryption algorithm to be used. + The ENCRYPT operation is only strictly necessary for symmetric keys + stored in Azure Key Vault since protection with an asymmetric key can + be performed using public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/encrypt permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.encrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'} + + def decrypt(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Decrypts a single block of encrypted data. + + The DECRYPT operation decrypts a well-formed block of ciphertext using + the target encryption key and specified algorithm. This operation is + the reverse of the ENCRYPT operation; only a single block of data may + be decrypted, the size of this block is dependent on the target key and + the algorithm to be used. The DECRYPT operation applies to asymmetric + and symmetric keys stored in Azure Key Vault since it uses the private + portion of the key. This operation requires the keys/decrypt + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.decrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'} + + def sign(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Creates a signature from a digest using the specified key. + + The SIGN operation is applicable to asymmetric and symmetric keys + stored in Azure Key Vault since this operation uses the private portion + of the key. This operation requires the keys/sign permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm identifier. For + more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeySignParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.sign.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeySignParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'} + + def verify(self, vault_base_url, key_name, key_version, algorithm, digest, signature, cls=None, **kwargs): + """Verifies a signature using a specified key. + + The VERIFY operation is applicable to symmetric keys stored in Azure + Key Vault. VERIFY is not strictly necessary for asymmetric keys stored + in Azure Key Vault since signature verification can be performed using + the public portion of the key but this operation is supported as a + convenience for callers that only have a key-reference and not the + public portion of the key. This operation requires the keys/verify + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm. For more + information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: The digest used for signing. + :type digest: bytes + :param signature: The signature to be verified. + :type signature: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyVerifyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyVerifyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature) + + # Construct URL + url = self.verify.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyVerifyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyVerifyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'} + + def wrap_key(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Wraps a symmetric key using a specified key. + + The WRAP operation supports encryption of a symmetric key using a key + encryption key that has previously been stored in an Azure Key Vault. + The WRAP operation is only strictly necessary for symmetric keys stored + in Azure Key Vault since protection with an asymmetric key can be + performed using the public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/wrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.wrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'} + + def unwrap_key(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Unwraps a symmetric key using the specified key that was initially used + for wrapping that key. + + The UNWRAP operation supports decryption of a symmetric key using the + target key encryption key. This operation is the reverse of the WRAP + operation. The UNWRAP operation applies to asymmetric and symmetric + keys stored in Azure Key Vault since it uses the private portion of the + key. This operation requires the keys/unwrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.unwrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'} + + def get_deleted_keys( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists the deleted keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a deleted key. This + operation includes deletion-specific information. The Get Deleted Keys + operation is applicable for vaults enabled for soft-delete. While the + operation can be invoked on any vault, it will return an error if + invoked on a non soft-delete enabled vault. This operation requires the + keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedKeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedKeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedKeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_keys.metadata = {'url': '/deletedkeys'} + + def get_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Gets the public part of a deleted key. + + The Get Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/get permission. . + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + def purge_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Permanently deletes the specified key. + + The Purge Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + def recover_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Recovers the deleted key to its latest version. + + The Recover Deleted Key operation is applicable for deleted keys in + soft-delete enabled vaults. It recovers the deleted key back to its + latest version under /keys. An attempt to recover an non-deleted key + will return an error. Consider this the inverse of the delete operation + on soft-delete enabled vaults. This operation requires the keys/recover + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the deleted key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'} + + def set_secret(self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, cls=None, **kwargs): + """Sets a secret in a specified key vault. + + The SET operation adds a secret to the Azure Key Vault. If the named + secret already exists, Azure Key Vault creates a new version of that + secret. This operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param value: The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes) + + # Construct URL + url = self.set_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_secret.metadata = {'url': '/secrets/{secret-name}'} + + def delete_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Deletes a secret from a specified key vault. + + The DELETE operation applies to any secret stored in Azure Key Vault. + DELETE cannot be applied to an individual version of a secret. This + operation requires the secrets/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_secret.metadata = {'url': '/secrets/{secret-name}'} + + def update_secret(self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, cls=None, **kwargs): + """Updates the attributes associated with a specified secret in a given + key vault. + + The UPDATE operation changes specified attributes of an existing stored + secret. Attributes that are not specified in the request are left + unchanged. The value of a secret itself cannot be changed. This + operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags) + + # Construct URL + url = self.update_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secret(self, vault_base_url, secret_name, secret_version, cls=None, **kwargs): + """Get a specified secret from a given key vault. + + The GET operation is applicable to any secret stored in Azure Key + Vault. This operation requires the secrets/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secrets( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List secrets in a specified key vault. + + The Get Secrets operation is applicable to the entire vault. However, + only the base secret identifier and its attributes are provided in the + response. Individual secret versions are not listed in the response. + This operation requires the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_secrets.metadata = {'url': '/secrets'} + + def get_secret_versions( + self, vault_base_url, secret_name, maxresults=None, cls=None, **kwargs): + """List all versions of the specified secret. + + The full secret identifier and attributes are provided in the response. + No values are returned for the secrets. This operations requires the + secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secret_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'} + + def get_deleted_secrets( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists deleted secrets for the specified vault. + + The Get Deleted Secrets operation returns the secrets that have been + deleted for a vault enabled for soft-delete. This operation requires + the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedSecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedSecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_secrets.metadata = {'url': '/deletedsecrets'} + + def get_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Gets the specified deleted secret. + + The Get Deleted Secret operation returns the specified deleted secret + along with its attributes. This operation requires the secrets/get + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + def purge_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Permanently deletes the specified secret. + + The purge deleted secret operation removes the secret permanently, + without the possibility of recovery. This operation can only be enabled + on a soft-delete enabled vault. This operation requires the + secrets/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + def recover_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Recovers the deleted secret to the latest version. + + Recovers the deleted secret in the specified vault. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the secrets/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the deleted secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'} + + def backup_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Backs up the specified secret. + + Requests that a backup of the specified secret be downloaded to the + client. All versions of the secret will be downloaded. This operation + requires the secrets/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupSecretResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupSecretResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupSecretResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'} + + def restore_secret(self, vault_base_url, secret_bundle_backup, cls=None, **kwargs): + """Restores a backed up secret to a vault. + + Restores a backed up secret, and all its versions, to a vault. This + operation requires the secrets/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_bundle_backup: The backup blob associated with a secret + bundle. + :type secret_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup) + + # Construct URL + url = self.restore_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_secret.metadata = {'url': '/secrets/restore'} + + def get_storage_accounts( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List storage accounts managed by the specified key vault. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of StorageAccountItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.StorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('StorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_storage_accounts.metadata = {'url': '/storage'} + + def get_deleted_storage_accounts( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists deleted storage accounts for the specified vault. + + The Get Deleted Storage Accounts operation returns the storage accounts + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedStorageAccountItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedStorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_storage_accounts.metadata = {'url': '/deletedstorage'} + + def get_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Gets the specified deleted storage account. + + The Get Deleted Storage Account operation returns the specified deleted + storage account along with its attributes. This operation requires the + storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + def purge_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Permanently deletes the specified storage account. + + The purge deleted storage account operation removes the secret + permanently, without the possibility of recovery. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the storage/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + def recover_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Recovers the deleted storage account. + + Recovers the deleted storage account in the specified vault. This + operation can only be performed on a soft-delete enabled vault. This + operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}/recover'} + + def backup_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Backs up the specified storage account. + + Requests that a backup of the specified storage account be downloaded + to the client. This operation requires the storage/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupStorageResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupStorageResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupStorageResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_storage_account.metadata = {'url': '/storage/{storage-account-name}/backup'} + + def restore_storage_account(self, vault_base_url, storage_bundle_backup, cls=None, **kwargs): + """Restores a backed up storage account to a vault. + + Restores a backed up storage account to a vault. This operation + requires the storage/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_bundle_backup: The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageRestoreParameters(storage_bundle_backup=storage_bundle_backup) + + # Construct URL + url = self.restore_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_storage_account.metadata = {'url': '/storage/restore'} + + def delete_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Deletes a storage account. This operation requires the storage/delete + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def get_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Gets information about a specified storage account. This operation + requires the storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def set_storage_account(self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, cls=None, **kwargs): + """Creates or updates a new storage account. This operation requires the + storage/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param resource_id: Storage account resource id. + :type resource_id: str + :param active_key_name: Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.set_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def update_storage_account(self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given storage + account. This operation requires the storage/set/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.update_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def regenerate_storage_account_key(self, vault_base_url, storage_account_name, key_name, cls=None, **kwargs): + """Regenerates the specified key value for the given storage account. This + operation requires the storage/regeneratekey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param key_name: The storage account key name. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name) + + # Construct URL + url = self.regenerate_storage_account_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountRegenerteKeyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'} + + def get_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, cls=None, **kwargs): + """List storage SAS definitions for the given storage account. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SasDefinitionItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'} + + def get_deleted_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, cls=None, **kwargs): + """Lists deleted SAS definitions for the specified vault and storage + account. + + The Get Deleted Sas Definitions operation returns the SAS definitions + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSasDefinitionItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedSasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_sas_definitions.metadata = {'url': '/deletedstorage/{storage-account-name}/sas'} + + def get_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Gets the specified deleted sas definition. + + The Get Deleted SAS Definition operation returns the specified deleted + SAS definition along with its attributes. This operation requires the + storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}'} + + def recover_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Recovers the deleted SAS definition. + + Recovers the deleted SAS definition for the specified storage account. + This operation can only be performed on a soft-delete enabled vault. + This operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}/recover'} + + def delete_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Deletes a SAS definition from a specified storage account. This + operation requires the storage/deletesas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def get_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Gets information about a SAS definition for the specified storage + account. This operation requires the storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def set_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri, sas_type, validity_period, sas_definition_attributes=None, tags=None, cls=None, **kwargs): + """Creates or updates a new SAS definition for the specified storage + account. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionCreateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.set_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def update_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri=None, sas_type=None, validity_period=None, sas_definition_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given SAS + definition. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionUpdateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.update_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/version.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/version.py new file mode 100644 index 000000000000..d92d63667368 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_generated/v7_1_preview/version.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +VERSION = "7.1-preview" + diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/__init__.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/__init__.py new file mode 100644 index 000000000000..e913d4cf6c46 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/__init__.py @@ -0,0 +1,18 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client import KeyVaultClient +__all__ = ['KeyVaultClient'] + +from .version import VERSION + +__version__ = VERSION + diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_configuration.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_configuration.py new file mode 100644 index 000000000000..68d6f5b6bd2c --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_configuration.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from .version import VERSION + + +class KeyVaultClientConfiguration(Configuration): + """Configuration for KeyVaultClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__(self, credentials, **kwargs): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + + super(KeyVaultClientConfiguration, self).__init__(**kwargs) + self._configure(**kwargs) + + self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION)) + self.generate_client_request_id = True + + self.credentials = credentials + + def _configure(self, **kwargs): + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_key_vault_client.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_key_vault_client.py new file mode 100644 index 000000000000..f380f67e0a87 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/_key_vault_client.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core import PipelineClient +from msrest import Serializer, Deserializer + +from ._configuration import KeyVaultClientConfiguration +from .operations import KeyVaultClientOperationsMixin +from . import models + + +class KeyVaultClient(KeyVaultClientOperationsMixin): + """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. + + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials, **kwargs): + + base_url = '{vaultBaseUrl}' + self._config = KeyVaultClientConfiguration(credentials, **kwargs) + self._client = PipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '7.1-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + + def close(self): + self._client.close() + def __enter__(self): + self._client.__enter__() + return self + def __exit__(self, *exc_details): + self._client.__exit__(*exc_details) diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/__init__.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/__init__.py new file mode 100644 index 000000000000..fb2e6c3866fd --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/__init__.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_async import KeyVaultClient +__all__ = ['KeyVaultClient'] diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_configuration_async.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_configuration_async.py new file mode 100644 index 000000000000..fb961bb4bd2d --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_configuration_async.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from ..version import VERSION + + +class KeyVaultClientConfiguration(Configuration): + """Configuration for KeyVaultClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__(self, credentials, **kwargs): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + + super(KeyVaultClientConfiguration, self).__init__(**kwargs) + self._configure(**kwargs) + + self.user_agent_policy.add_user_agent('azsdk-python-azure-keyvault/{}'.format(VERSION)) + self.generate_client_request_id = True + + self.credentials = credentials + + def _configure(self, **kwargs): + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs) diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py new file mode 100644 index 000000000000..b2b908c4a757 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/_key_vault_client_async.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core import AsyncPipelineClient +from msrest import Serializer, Deserializer + +from ._configuration_async import KeyVaultClientConfiguration +from .operations_async import KeyVaultClientOperationsMixin +from .. import models + + +class KeyVaultClient(KeyVaultClientOperationsMixin): + """The key vault client performs cryptographic key operations and vault operations against the Key Vault service. + + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials, **kwargs): + + base_url = '{vaultBaseUrl}' + self._config = KeyVaultClientConfiguration(credentials, **kwargs) + self._client = AsyncPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '7.1-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + + async def close(self): + await self._client.close() + async def __aenter__(self): + await self._client.__aenter__() + return self + async def __aexit__(self, *exc_details): + await self._client.__aexit__(*exc_details) diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py new file mode 100644 index 000000000000..771a17ceb80d --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_operations_async import KeyVaultClientOperationsMixin + +__all__ = [ + 'KeyVaultClientOperationsMixin', +] diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py new file mode 100644 index 000000000000..5701d4354d9b --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/aio/operations_async/_key_vault_client_operations_async.py @@ -0,0 +1,5224 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core.exceptions import map_error +from azure.core.async_paging import AsyncItemPaged, AsyncList +from ... import models +import uuid + + +class KeyVaultClientOperationsMixin: + + def get_certificates( + self, vault_base_url, maxresults=None, include_pending=None, *, cls=None, **kwargs): + """List certificates in a specified key vault. + + The GetCertificates operation returns the set of certificates resources + in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificates.metadata = {'url': '/certificates'} + + async def delete_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Deletes a certificate from a specified key vault. + + Deletes all versions of a certificate object along with its associated + policy. Delete certificate cannot be used to remove individual versions + of a certificate object. This operation requires the + certificates/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate.metadata = {'url': '/certificates/{certificate-name}'} + + async def set_certificate_contacts(self, vault_base_url, contact_list=None, *, cls=None, **kwargs): + """Sets the certificate contacts for the specified key vault. + + Sets the certificate contacts for the specified key vault. This + operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + contacts = models.Contacts(contact_list=contact_list) + + # Construct URL + url = self.set_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(contacts, 'Contacts') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + async def get_certificate_contacts(self, vault_base_url, *, cls=None, **kwargs): + """Lists the certificate contacts for a specified key vault. + + The GetCertificateContacts operation returns the set of certificate + contact resources in the specified key vault. This operation requires + the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + async def delete_certificate_contacts(self, vault_base_url, *, cls=None, **kwargs): + """Deletes the certificate contacts for a specified key vault. + + Deletes the certificate contacts for a specified key vault certificate. + This operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_issuers( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List certificate issuers for a specified key vault. + + The GetCertificateIssuers operation returns the set of certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateIssuerItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_issuers.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateIssuerListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificate_issuers.metadata = {'url': '/certificates/issuers'} + + async def set_certificate_issuer(self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, *, cls=None, **kwargs): + """Sets the specified certificate issuer. + + The SetCertificateIssuer operation adds or updates the specified + certificate issuer. This operation requires the certificates/setissuers + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.set_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def update_certificate_issuer(self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, *, cls=None, **kwargs): + """Updates the specified certificate issuer. + + The UpdateCertificateIssuer operation performs an update on the + specified certificate issuer entity. This operation requires the + certificates/setissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.update_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def get_certificate_issuer(self, vault_base_url, issuer_name, *, cls=None, **kwargs): + """Lists the specified certificate issuer. + + The GetCertificateIssuer operation returns the specified certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def delete_certificate_issuer(self, vault_base_url, issuer_name, *, cls=None, **kwargs): + """Deletes the specified certificate issuer. + + The DeleteCertificateIssuer operation permanently removes the specified + certificate issuer from the vault. This operation requires the + certificates/manageissuers/deleteissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + async def create_certificate(self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates a new certificate. + + If this is the first version, the certificate resource is created. This + operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.create_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'} + + async def import_certificate(self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Imports a certificate into a specified key vault. + + Imports an existing valid certificate, containing a private key, into + Azure Key Vault. The certificate to be imported can be in either PFX or + PEM format. If the certificate is in PEM format the PEM file must + contain the key as well as x509 certificates. This operation requires + the certificates/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param base64_encoded_certificate: Base64 encoded representation of + the certificate object to import. This certificate needs to contain + the private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.import_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateImportParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'} + + def get_certificate_versions( + self, vault_base_url, certificate_name, maxresults=None, *, cls=None, **kwargs): + """List the versions of a certificate. + + The GetCertificateVersions operation returns the versions of a + certificate in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'} + + async def get_certificate_policy(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Lists the policy for a certificate. + + The GetCertificatePolicy operation returns the specified certificate + policy resources in the specified key vault. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in a given key + vault. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + async def update_certificate_policy(self, vault_base_url, certificate_name, certificate_policy, *, cls=None, **kwargs): + """Updates the policy for a certificate. + + Set specified members in the certificate policy. Leave others as null. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_policy: The policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.update_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_policy, 'CertificatePolicy') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + async def update_certificate(self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given certificate. + + The UpdateCertificate operation applies the specified update on the + given certificate; the only elements updated are the certificate's + attributes. This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given key + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.update_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + async def get_certificate(self, vault_base_url, certificate_name, certificate_version, *, cls=None, **kwargs): + """Gets information about a certificate. + + Gets information about a specific certificate. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + async def update_certificate_operation(self, vault_base_url, certificate_name, cancellation_requested, *, cls=None, **kwargs): + """Updates a certificate operation. + + Updates a certificate creation operation that is already in progress. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param cancellation_requested: Indicates if cancellation was requested + on the certificate operation. + :type cancellation_requested: bool + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested) + + # Construct URL + url = self.update_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_operation, 'CertificateOperationUpdateParameter') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def get_certificate_operation(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Gets the creation operation of a certificate. + + Gets the creation operation associated with a specified certificate. + This operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def delete_certificate_operation(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Deletes the creation operation for a specific certificate. + + Deletes the creation operation for a specified certificate that is in + the process of being created. The certificate is no longer created. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + async def merge_certificate(self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, *, cls=None, **kwargs): + """Merges a certificate or a certificate chain with a key pair existing on + the server. + + The MergeCertificate operation performs the merging of a certificate or + certificate chain with a key pair currently available in the service. + This operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param x509_certificates: The certificate or the certificate chain to + merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.merge_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateMergeParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'} + + async def backup_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Backs up the specified certificate. + + Requests that a backup of the specified certificate be downloaded to + the client. All versions of the certificate will be downloaded. This + operation requires the certificates/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupCertificateResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupCertificateResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupCertificateResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_certificate.metadata = {'url': '/certificates/{certificate-name}/backup'} + + async def restore_certificate(self, vault_base_url, certificate_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up certificate to a vault. + + Restores a backed up certificate, and all its versions, to a vault. + This operation requires the certificates/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_bundle_backup: The backup blob associated with a + certificate bundle. + :type certificate_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateRestoreParameters(certificate_bundle_backup=certificate_bundle_backup) + + # Construct URL + url = self.restore_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_certificate.metadata = {'url': '/certificates/restore'} + + def get_deleted_certificates( + self, vault_base_url, maxresults=None, include_pending=None, *, cls=None, **kwargs): + """Lists the deleted certificates in the specified vault currently + available for recovery. + + The GetDeletedCertificates operation retrieves the certificates in the + current vault which are in a deleted state and ready for recovery or + purging. This operation includes deletion-specific information. This + operation requires the certificates/get/list permission. This operation + can only be enabled on soft-delete enabled vaults. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of DeletedCertificateItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedCertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_certificates.metadata = {'url': '/deletedcertificates'} + + async def get_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Retrieves information about the specified deleted certificate. + + The GetDeletedCertificate operation retrieves the deleted certificate + information plus its attributes, such as retention interval, scheduled + permanent deletion and the current deletion recovery level. This + operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + async def purge_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Permanently deletes the specified deleted certificate. + + The PurgeDeletedCertificate operation performs an irreversible deletion + of the specified certificate, without possibility for recovery. The + operation is not available if the recovery level does not specify + 'Purgeable'. This operation requires the certificate/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + async def recover_deleted_certificate(self, vault_base_url, certificate_name, *, cls=None, **kwargs): + """Recovers the deleted certificate back to its current version under + /certificates. + + The RecoverDeletedCertificate operation performs the reversal of the + Delete operation. The operation is applicable in vaults enabled for + soft-delete, and must be issued during the retention interval + (available in the deleted certificate's attributes). This operation + requires the certificates/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the deleted certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'} + + async def create_key(self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, *, cls=None, **kwargs): + """Creates a new key, stores it, then returns key parameters and + attributes to the client. + + The create key operation can be used to create any key type in Azure + Key Vault. If the named key already exists, Azure Key Vault creates a + new version of the key. It requires the keys/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name for the new key. The system will generate + the version name for the new key. + :type key_name: str + :param kty: The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', + 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or + 4096 for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', + 'P-521', 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve) + + # Construct URL + url = self.create_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_key.metadata = {'url': '/keys/{key-name}/create'} + + async def import_key(self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, *, cls=None, **kwargs): + """Imports an externally created key, stores it, and returns key + parameters and attributes to the client. + + The import key operation may be used to import any key type into an + Azure Key Vault. If the named key already exists, Azure Key Vault + creates a new version of the key. This operation requires the + keys/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: Name for the imported key. + :type key_name: str + :param key: The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.import_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyImportParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_key.metadata = {'url': '/keys/{key-name}'} + + async def delete_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Deletes a key of any type from storage in Azure Key Vault. + + The delete key operation cannot be used to remove individual versions + of a key. This operation removes the cryptographic material associated + with the key, which means the key is not usable for Sign/Verify, + Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the + keys/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to delete. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_key.metadata = {'url': '/keys/{key-name}'} + + async def update_key(self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, *, cls=None, **kwargs): + """The update key operation changes specified attributes of a stored key + and can be applied to any key type and key version stored in Azure Key + Vault. + + In order to perform this operation, the key must already exist in the + Key Vault. Note: The cryptographic material of a key itself cannot be + changed. This operation requires the keys/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of key to update. + :type key_name: str + :param key_version: The version of the key to update. + :type key_version: str + :param key_ops: Json web key operations. For more information on + possible key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.update_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + async def get_key(self, vault_base_url, key_name, key_version, *, cls=None, **kwargs): + """Gets the public part of a stored key. + + The get key operation is applicable to all key types. If the requested + key is symmetric, then no key material is released in the response. + This operation requires the keys/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to get. + :type key_name: str + :param key_version: Adding the version parameter retrieves a specific + version of a key. + :type key_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key_versions( + self, vault_base_url, key_name, maxresults=None, *, cls=None, **kwargs): + """Retrieves a list of individual key versions with the same key name. + + The full key identifier, attributes, and tags are provided in the + response. This operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_key_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_key_versions.metadata = {'url': '/keys/{key-name}/versions'} + + def get_keys( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a stored key. The LIST + operation is applicable to all key types, however only the base key + identifier, attributes, and tags are provided in the response. + Individual versions of a key are not listed in the response. This + operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_keys.metadata = {'url': '/keys'} + + async def backup_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Requests that a backup of the specified key be downloaded to the + client. + + The Key Backup operation exports a key from Azure Key Vault in a + protected form. Note that this operation does NOT return key material + in a form that can be used outside the Azure Key Vault system, the + returned key material is either protected to a Azure Key Vault HSM or + to Azure Key Vault itself. The intent of this operation is to allow a + client to GENERATE a key in one Azure Key Vault instance, BACKUP the + key, and then RESTORE it into another Azure Key Vault instance. The + BACKUP operation may be used to export, in protected form, any key type + from Azure Key Vault. Individual versions of a key cannot be backed up. + BACKUP / RESTORE can be performed within geographical boundaries only; + meaning that a BACKUP from one geographical area cannot be restored to + another geographical area. For example, a backup from the US + geographical area cannot be restored in an EU geographical area. This + operation requires the key/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupKeyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupKeyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupKeyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_key.metadata = {'url': '/keys/{key-name}/backup'} + + async def restore_key(self, vault_base_url, key_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up key to a vault. + + Imports a previously backed up key into Azure Key Vault, restoring the + key, its key identifier, attributes and access control policies. The + RESTORE operation may be used to import a previously backed up key. + Individual versions of a key cannot be restored. The key is restored in + its entirety with the same key name as it had when it was backed up. If + the key name is not available in the target Key Vault, the RESTORE + operation will be rejected. While the key name is retained during + restore, the final key identifier will change if the key is restored to + a different vault. Restore will restore all versions and preserve + version identifiers. The RESTORE operation is subject to security + constraints: The target Key Vault must be owned by the same Microsoft + Azure Subscription as the source Key Vault The user must have RESTORE + permission in the target Key Vault. This operation requires the + keys/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_bundle_backup: The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup) + + # Construct URL + url = self.restore_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_key.metadata = {'url': '/keys/restore'} + + async def encrypt(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Encrypts an arbitrary sequence of bytes using an encryption key that is + stored in a key vault. + + The ENCRYPT operation encrypts an arbitrary sequence of bytes using an + encryption key that is stored in Azure Key Vault. Note that the ENCRYPT + operation only supports a single block of data, the size of which is + dependent on the target key and the encryption algorithm to be used. + The ENCRYPT operation is only strictly necessary for symmetric keys + stored in Azure Key Vault since protection with an asymmetric key can + be performed using public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/encrypt permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.encrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'} + + async def decrypt(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Decrypts a single block of encrypted data. + + The DECRYPT operation decrypts a well-formed block of ciphertext using + the target encryption key and specified algorithm. This operation is + the reverse of the ENCRYPT operation; only a single block of data may + be decrypted, the size of this block is dependent on the target key and + the algorithm to be used. The DECRYPT operation applies to asymmetric + and symmetric keys stored in Azure Key Vault since it uses the private + portion of the key. This operation requires the keys/decrypt + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.decrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'} + + async def sign(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Creates a signature from a digest using the specified key. + + The SIGN operation is applicable to asymmetric and symmetric keys + stored in Azure Key Vault since this operation uses the private portion + of the key. This operation requires the keys/sign permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm identifier. For + more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeySignParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.sign.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeySignParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'} + + async def verify(self, vault_base_url, key_name, key_version, algorithm, digest, signature, *, cls=None, **kwargs): + """Verifies a signature using a specified key. + + The VERIFY operation is applicable to symmetric keys stored in Azure + Key Vault. VERIFY is not strictly necessary for asymmetric keys stored + in Azure Key Vault since signature verification can be performed using + the public portion of the key but this operation is supported as a + convenience for callers that only have a key-reference and not the + public portion of the key. This operation requires the keys/verify + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm. For more + information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: The digest used for signing. + :type digest: bytes + :param signature: The signature to be verified. + :type signature: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyVerifyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyVerifyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature) + + # Construct URL + url = self.verify.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyVerifyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyVerifyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'} + + async def wrap_key(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Wraps a symmetric key using a specified key. + + The WRAP operation supports encryption of a symmetric key using a key + encryption key that has previously been stored in an Azure Key Vault. + The WRAP operation is only strictly necessary for symmetric keys stored + in Azure Key Vault since protection with an asymmetric key can be + performed using the public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/wrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.wrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'} + + async def unwrap_key(self, vault_base_url, key_name, key_version, algorithm, value, *, cls=None, **kwargs): + """Unwraps a symmetric key using the specified key that was initially used + for wrapping that key. + + The UNWRAP operation supports decryption of a symmetric key using the + target key encryption key. This operation is the reverse of the WRAP + operation. The UNWRAP operation applies to asymmetric and symmetric + keys stored in Azure Key Vault since it uses the private portion of the + key. This operation requires the keys/unwrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.unwrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'} + + def get_deleted_keys( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists the deleted keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a deleted key. This + operation includes deletion-specific information. The Get Deleted Keys + operation is applicable for vaults enabled for soft-delete. While the + operation can be invoked on any vault, it will return an error if + invoked on a non soft-delete enabled vault. This operation requires the + keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedKeyItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedKeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedKeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_keys.metadata = {'url': '/deletedkeys'} + + async def get_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Gets the public part of a deleted key. + + The Get Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/get permission. . + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + async def purge_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Permanently deletes the specified key. + + The Purge Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + async def recover_deleted_key(self, vault_base_url, key_name, *, cls=None, **kwargs): + """Recovers the deleted key to its latest version. + + The Recover Deleted Key operation is applicable for deleted keys in + soft-delete enabled vaults. It recovers the deleted key back to its + latest version under /keys. An attempt to recover an non-deleted key + will return an error. Consider this the inverse of the delete operation + on soft-delete enabled vaults. This operation requires the keys/recover + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the deleted key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'} + + async def set_secret(self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, *, cls=None, **kwargs): + """Sets a secret in a specified key vault. + + The SET operation adds a secret to the Azure Key Vault. If the named + secret already exists, Azure Key Vault creates a new version of that + secret. This operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param value: The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes) + + # Construct URL + url = self.set_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_secret.metadata = {'url': '/secrets/{secret-name}'} + + async def delete_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Deletes a secret from a specified key vault. + + The DELETE operation applies to any secret stored in Azure Key Vault. + DELETE cannot be applied to an individual version of a secret. This + operation requires the secrets/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_secret.metadata = {'url': '/secrets/{secret-name}'} + + async def update_secret(self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the attributes associated with a specified secret in a given + key vault. + + The UPDATE operation changes specified attributes of an existing stored + secret. Attributes that are not specified in the request are left + unchanged. The value of a secret itself cannot be changed. This + operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags) + + # Construct URL + url = self.update_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + async def get_secret(self, vault_base_url, secret_name, secret_version, *, cls=None, **kwargs): + """Get a specified secret from a given key vault. + + The GET operation is applicable to any secret stored in Azure Key + Vault. This operation requires the secrets/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secrets( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List secrets in a specified key vault. + + The Get Secrets operation is applicable to the entire vault. However, + only the base secret identifier and its attributes are provided in the + response. Individual secret versions are not listed in the response. + This operation requires the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_secrets.metadata = {'url': '/secrets'} + + def get_secret_versions( + self, vault_base_url, secret_name, maxresults=None, *, cls=None, **kwargs): + """List all versions of the specified secret. + + The full secret identifier and attributes are provided in the response. + No values are returned for the secrets. This operations requires the + secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secret_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'} + + def get_deleted_secrets( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists deleted secrets for the specified vault. + + The Get Deleted Secrets operation returns the secrets that have been + deleted for a vault enabled for soft-delete. This operation requires + the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSecretItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedSecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedSecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_secrets.metadata = {'url': '/deletedsecrets'} + + async def get_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Gets the specified deleted secret. + + The Get Deleted Secret operation returns the specified deleted secret + along with its attributes. This operation requires the secrets/get + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + async def purge_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Permanently deletes the specified secret. + + The purge deleted secret operation removes the secret permanently, + without the possibility of recovery. This operation can only be enabled + on a soft-delete enabled vault. This operation requires the + secrets/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + async def recover_deleted_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Recovers the deleted secret to the latest version. + + Recovers the deleted secret in the specified vault. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the secrets/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the deleted secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'} + + async def backup_secret(self, vault_base_url, secret_name, *, cls=None, **kwargs): + """Backs up the specified secret. + + Requests that a backup of the specified secret be downloaded to the + client. All versions of the secret will be downloaded. This operation + requires the secrets/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupSecretResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupSecretResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupSecretResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'} + + async def restore_secret(self, vault_base_url, secret_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up secret to a vault. + + Restores a backed up secret, and all its versions, to a vault. This + operation requires the secrets/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_bundle_backup: The backup blob associated with a secret + bundle. + :type secret_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup) + + # Construct URL + url = self.restore_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_secret.metadata = {'url': '/secrets/restore'} + + def get_storage_accounts( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """List storage accounts managed by the specified key vault. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of StorageAccountItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.StorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('StorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_storage_accounts.metadata = {'url': '/storage'} + + def get_deleted_storage_accounts( + self, vault_base_url, maxresults=None, *, cls=None, **kwargs): + """Lists deleted storage accounts for the specified vault. + + The Get Deleted Storage Accounts operation returns the storage accounts + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedStorageAccountItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedStorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_storage_accounts.metadata = {'url': '/deletedstorage'} + + async def get_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Gets the specified deleted storage account. + + The Get Deleted Storage Account operation returns the specified deleted + storage account along with its attributes. This operation requires the + storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + async def purge_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Permanently deletes the specified storage account. + + The purge deleted storage account operation removes the secret + permanently, without the possibility of recovery. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the storage/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + async def recover_deleted_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Recovers the deleted storage account. + + Recovers the deleted storage account in the specified vault. This + operation can only be performed on a soft-delete enabled vault. This + operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}/recover'} + + async def backup_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Backs up the specified storage account. + + Requests that a backup of the specified storage account be downloaded + to the client. This operation requires the storage/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupStorageResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupStorageResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupStorageResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_storage_account.metadata = {'url': '/storage/{storage-account-name}/backup'} + + async def restore_storage_account(self, vault_base_url, storage_bundle_backup, *, cls=None, **kwargs): + """Restores a backed up storage account to a vault. + + Restores a backed up storage account to a vault. This operation + requires the storage/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_bundle_backup: The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageRestoreParameters(storage_bundle_backup=storage_bundle_backup) + + # Construct URL + url = self.restore_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_storage_account.metadata = {'url': '/storage/restore'} + + async def delete_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Deletes a storage account. This operation requires the storage/delete + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def get_storage_account(self, vault_base_url, storage_account_name, *, cls=None, **kwargs): + """Gets information about a specified storage account. This operation + requires the storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def set_storage_account(self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates or updates a new storage account. This operation requires the + storage/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param resource_id: Storage account resource id. + :type resource_id: str + :param active_key_name: Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.set_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def update_storage_account(self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given storage + account. This operation requires the storage/set/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.update_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + async def regenerate_storage_account_key(self, vault_base_url, storage_account_name, key_name, *, cls=None, **kwargs): + """Regenerates the specified key value for the given storage account. This + operation requires the storage/regeneratekey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param key_name: The storage account key name. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name) + + # Construct URL + url = self.regenerate_storage_account_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountRegenerteKeyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'} + + def get_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, *, cls=None, **kwargs): + """List storage SAS definitions for the given storage account. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SasDefinitionItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.SasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('SasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'} + + def get_deleted_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, *, cls=None, **kwargs): + """Lists deleted SAS definitions for the specified vault and storage + account. + + The Get Deleted Sas Definitions operation returns the SAS definitions + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSasDefinitionItem + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data_async(response): + deserialized = self._deserialize('DeletedSasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, AsyncList(list_of_elem) + + async def get_next_async(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return AsyncItemPaged( + get_next_async, extract_data_async + ) + get_deleted_sas_definitions.metadata = {'url': '/deletedstorage/{storage-account-name}/sas'} + + async def get_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Gets the specified deleted sas definition. + + The Get Deleted SAS Definition operation returns the specified deleted + SAS definition along with its attributes. This operation requires the + storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}'} + + async def recover_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Recovers the deleted SAS definition. + + Recovers the deleted SAS definition for the specified storage account. + This operation can only be performed on a soft-delete enabled vault. + This operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}/recover'} + + async def delete_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Deletes a SAS definition from a specified storage account. This + operation requires the storage/deletesas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def get_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, *, cls=None, **kwargs): + """Gets information about a SAS definition for the specified storage + account. This operation requires the storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def set_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri, sas_type, validity_period, sas_definition_attributes=None, tags=None, *, cls=None, **kwargs): + """Creates or updates a new SAS definition for the specified storage + account. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionCreateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.set_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + async def update_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri=None, sas_type=None, validity_period=None, sas_definition_attributes=None, tags=None, *, cls=None, **kwargs): + """Updates the specified attributes associated with the given SAS + definition. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionUpdateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.update_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/__init__.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/__init__.py new file mode 100644 index 000000000000..68ccf6d2e5f5 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/__init__.py @@ -0,0 +1,303 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import Action + from ._models_py3 import AdministratorDetails + from ._models_py3 import Attributes + from ._models_py3 import BackupCertificateResult + from ._models_py3 import BackupKeyResult + from ._models_py3 import BackupSecretResult + from ._models_py3 import BackupStorageResult + from ._models_py3 import CertificateAttributes + from ._models_py3 import CertificateBundle + from ._models_py3 import CertificateCreateParameters + from ._models_py3 import CertificateImportParameters + from ._models_py3 import CertificateIssuerItem + from ._models_py3 import CertificateIssuerListResult + from ._models_py3 import CertificateIssuerSetParameters + from ._models_py3 import CertificateIssuerUpdateParameters + from ._models_py3 import CertificateItem + from ._models_py3 import CertificateListResult + from ._models_py3 import CertificateMergeParameters + from ._models_py3 import CertificateOperation + from ._models_py3 import CertificateOperationUpdateParameter + from ._models_py3 import CertificatePolicy + from ._models_py3 import CertificateRestoreParameters + from ._models_py3 import CertificateUpdateParameters + from ._models_py3 import Contact + from ._models_py3 import Contacts + from ._models_py3 import DeletedCertificateBundle + from ._models_py3 import DeletedCertificateItem + from ._models_py3 import DeletedCertificateListResult + from ._models_py3 import DeletedKeyBundle + from ._models_py3 import DeletedKeyItem + from ._models_py3 import DeletedKeyListResult + from ._models_py3 import DeletedSasDefinitionBundle + from ._models_py3 import DeletedSasDefinitionItem + from ._models_py3 import DeletedSasDefinitionListResult + from ._models_py3 import DeletedSecretBundle + from ._models_py3 import DeletedSecretItem + from ._models_py3 import DeletedSecretListResult + from ._models_py3 import DeletedStorageAccountItem + from ._models_py3 import DeletedStorageBundle + from ._models_py3 import DeletedStorageListResult + from ._models_py3 import Error + from ._models_py3 import IssuerAttributes + from ._models_py3 import IssuerBundle + from ._models_py3 import IssuerCredentials + from ._models_py3 import IssuerParameters + from ._models_py3 import JsonWebKey + from ._models_py3 import KeyAttributes + from ._models_py3 import KeyBundle + from ._models_py3 import KeyCreateParameters + from ._models_py3 import KeyImportParameters + from ._models_py3 import KeyItem + from ._models_py3 import KeyListResult + from ._models_py3 import KeyOperationResult + from ._models_py3 import KeyOperationsParameters + from ._models_py3 import KeyProperties + from ._models_py3 import KeyRestoreParameters + from ._models_py3 import KeySignParameters + from ._models_py3 import KeyUpdateParameters + from ._models_py3 import KeyVaultError, KeyVaultErrorException + from ._models_py3 import KeyVerifyParameters + from ._models_py3 import KeyVerifyResult + from ._models_py3 import LifetimeAction + from ._models_py3 import OrganizationDetails + from ._models_py3 import PendingCertificateSigningRequestResult + from ._models_py3 import SasDefinitionAttributes + from ._models_py3 import SasDefinitionBundle + from ._models_py3 import SasDefinitionCreateParameters + from ._models_py3 import SasDefinitionItem + from ._models_py3 import SasDefinitionListResult + from ._models_py3 import SasDefinitionUpdateParameters + from ._models_py3 import SecretAttributes + from ._models_py3 import SecretBundle + from ._models_py3 import SecretItem + from ._models_py3 import SecretListResult + from ._models_py3 import SecretProperties + from ._models_py3 import SecretRestoreParameters + from ._models_py3 import SecretSetParameters + from ._models_py3 import SecretUpdateParameters + from ._models_py3 import StorageAccountAttributes + from ._models_py3 import StorageAccountCreateParameters + from ._models_py3 import StorageAccountItem + from ._models_py3 import StorageAccountRegenerteKeyParameters + from ._models_py3 import StorageAccountUpdateParameters + from ._models_py3 import StorageBundle + from ._models_py3 import StorageListResult + from ._models_py3 import StorageRestoreParameters + from ._models_py3 import SubjectAlternativeNames + from ._models_py3 import Trigger + from ._models_py3 import X509CertificateProperties +except (SyntaxError, ImportError): + from ._models import Action + from ._models import AdministratorDetails + from ._models import Attributes + from ._models import BackupCertificateResult + from ._models import BackupKeyResult + from ._models import BackupSecretResult + from ._models import BackupStorageResult + from ._models import CertificateAttributes + from ._models import CertificateBundle + from ._models import CertificateCreateParameters + from ._models import CertificateImportParameters + from ._models import CertificateIssuerItem + from ._models import CertificateIssuerListResult + from ._models import CertificateIssuerSetParameters + from ._models import CertificateIssuerUpdateParameters + from ._models import CertificateItem + from ._models import CertificateListResult + from ._models import CertificateMergeParameters + from ._models import CertificateOperation + from ._models import CertificateOperationUpdateParameter + from ._models import CertificatePolicy + from ._models import CertificateRestoreParameters + from ._models import CertificateUpdateParameters + from ._models import Contact + from ._models import Contacts + from ._models import DeletedCertificateBundle + from ._models import DeletedCertificateItem + from ._models import DeletedCertificateListResult + from ._models import DeletedKeyBundle + from ._models import DeletedKeyItem + from ._models import DeletedKeyListResult + from ._models import DeletedSasDefinitionBundle + from ._models import DeletedSasDefinitionItem + from ._models import DeletedSasDefinitionListResult + from ._models import DeletedSecretBundle + from ._models import DeletedSecretItem + from ._models import DeletedSecretListResult + from ._models import DeletedStorageAccountItem + from ._models import DeletedStorageBundle + from ._models import DeletedStorageListResult + from ._models import Error + from ._models import IssuerAttributes + from ._models import IssuerBundle + from ._models import IssuerCredentials + from ._models import IssuerParameters + from ._models import JsonWebKey + from ._models import KeyAttributes + from ._models import KeyBundle + from ._models import KeyCreateParameters + from ._models import KeyImportParameters + from ._models import KeyItem + from ._models import KeyListResult + from ._models import KeyOperationResult + from ._models import KeyOperationsParameters + from ._models import KeyProperties + from ._models import KeyRestoreParameters + from ._models import KeySignParameters + from ._models import KeyUpdateParameters + from ._models import KeyVaultError, KeyVaultErrorException + from ._models import KeyVerifyParameters + from ._models import KeyVerifyResult + from ._models import LifetimeAction + from ._models import OrganizationDetails + from ._models import PendingCertificateSigningRequestResult + from ._models import SasDefinitionAttributes + from ._models import SasDefinitionBundle + from ._models import SasDefinitionCreateParameters + from ._models import SasDefinitionItem + from ._models import SasDefinitionListResult + from ._models import SasDefinitionUpdateParameters + from ._models import SecretAttributes + from ._models import SecretBundle + from ._models import SecretItem + from ._models import SecretListResult + from ._models import SecretProperties + from ._models import SecretRestoreParameters + from ._models import SecretSetParameters + from ._models import SecretUpdateParameters + from ._models import StorageAccountAttributes + from ._models import StorageAccountCreateParameters + from ._models import StorageAccountItem + from ._models import StorageAccountRegenerteKeyParameters + from ._models import StorageAccountUpdateParameters + from ._models import StorageBundle + from ._models import StorageListResult + from ._models import StorageRestoreParameters + from ._models import SubjectAlternativeNames + from ._models import Trigger + from ._models import X509CertificateProperties +from ._key_vault_client_enums import ( + DeletionRecoveryLevel, + JsonWebKeyType, + JsonWebKeyCurveName, + KeyUsageType, + ActionType, + JsonWebKeyOperation, + JsonWebKeyEncryptionAlgorithm, + JsonWebKeySignatureAlgorithm, + SasTokenType, +) + +__all__ = [ + 'Action', + 'AdministratorDetails', + 'Attributes', + 'BackupCertificateResult', + 'BackupKeyResult', + 'BackupSecretResult', + 'BackupStorageResult', + 'CertificateAttributes', + 'CertificateBundle', + 'CertificateCreateParameters', + 'CertificateImportParameters', + 'CertificateIssuerItem', + 'CertificateIssuerListResult', + 'CertificateIssuerSetParameters', + 'CertificateIssuerUpdateParameters', + 'CertificateItem', + 'CertificateListResult', + 'CertificateMergeParameters', + 'CertificateOperation', + 'CertificateOperationUpdateParameter', + 'CertificatePolicy', + 'CertificateRestoreParameters', + 'CertificateUpdateParameters', + 'Contact', + 'Contacts', + 'DeletedCertificateBundle', + 'DeletedCertificateItem', + 'DeletedCertificateListResult', + 'DeletedKeyBundle', + 'DeletedKeyItem', + 'DeletedKeyListResult', + 'DeletedSasDefinitionBundle', + 'DeletedSasDefinitionItem', + 'DeletedSasDefinitionListResult', + 'DeletedSecretBundle', + 'DeletedSecretItem', + 'DeletedSecretListResult', + 'DeletedStorageAccountItem', + 'DeletedStorageBundle', + 'DeletedStorageListResult', + 'Error', + 'IssuerAttributes', + 'IssuerBundle', + 'IssuerCredentials', + 'IssuerParameters', + 'JsonWebKey', + 'KeyAttributes', + 'KeyBundle', + 'KeyCreateParameters', + 'KeyImportParameters', + 'KeyItem', + 'KeyListResult', + 'KeyOperationResult', + 'KeyOperationsParameters', + 'KeyProperties', + 'KeyRestoreParameters', + 'KeySignParameters', + 'KeyUpdateParameters', + 'KeyVaultError', 'KeyVaultErrorException', + 'KeyVerifyParameters', + 'KeyVerifyResult', + 'LifetimeAction', + 'OrganizationDetails', + 'PendingCertificateSigningRequestResult', + 'SasDefinitionAttributes', + 'SasDefinitionBundle', + 'SasDefinitionCreateParameters', + 'SasDefinitionItem', + 'SasDefinitionListResult', + 'SasDefinitionUpdateParameters', + 'SecretAttributes', + 'SecretBundle', + 'SecretItem', + 'SecretListResult', + 'SecretProperties', + 'SecretRestoreParameters', + 'SecretSetParameters', + 'SecretUpdateParameters', + 'StorageAccountAttributes', + 'StorageAccountCreateParameters', + 'StorageAccountItem', + 'StorageAccountRegenerteKeyParameters', + 'StorageAccountUpdateParameters', + 'StorageBundle', + 'StorageListResult', + 'StorageRestoreParameters', + 'SubjectAlternativeNames', + 'Trigger', + 'X509CertificateProperties', + 'DeletionRecoveryLevel', + 'JsonWebKeyType', + 'JsonWebKeyCurveName', + 'KeyUsageType', + 'ActionType', + 'JsonWebKeyOperation', + 'JsonWebKeyEncryptionAlgorithm', + 'JsonWebKeySignatureAlgorithm', + 'SasTokenType', +] diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py new file mode 100644 index 000000000000..936353e5bb83 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_key_vault_client_enums.py @@ -0,0 +1,98 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum + + +class DeletionRecoveryLevel(str, Enum): + + purgeable = "Purgeable" + recoverable_purgeable = "Recoverable+Purgeable" + recoverable = "Recoverable" + recoverable_protected_subscription = "Recoverable+ProtectedSubscription" + customized_recoverable_purgeable = "CustomizedRecoverable+Purgeable" + customized_recoverable = "CustomizedRecoverable" + customized_recoverable_protected_subscription = "CustomizedRecoverable+ProtectedSubscription" + + +class JsonWebKeyType(str, Enum): + + ec = "EC" + ec_hsm = "EC-HSM" + rsa = "RSA" + rsa_hsm = "RSA-HSM" + oct = "oct" + + +class JsonWebKeyCurveName(str, Enum): + + p_256 = "P-256" + p_384 = "P-384" + p_521 = "P-521" + p_256_k = "P-256K" + + +class KeyUsageType(str, Enum): + + digital_signature = "digitalSignature" + non_repudiation = "nonRepudiation" + key_encipherment = "keyEncipherment" + data_encipherment = "dataEncipherment" + key_agreement = "keyAgreement" + key_cert_sign = "keyCertSign" + c_rl_sign = "cRLSign" + encipher_only = "encipherOnly" + decipher_only = "decipherOnly" + + +class ActionType(str, Enum): + + email_contacts = "EmailContacts" + auto_renew = "AutoRenew" + + +class JsonWebKeyOperation(str, Enum): + + encrypt = "encrypt" + decrypt = "decrypt" + sign = "sign" + verify = "verify" + wrap_key = "wrapKey" + unwrap_key = "unwrapKey" + import_enum = "import" + + +class JsonWebKeyEncryptionAlgorithm(str, Enum): + + rsa_oaep = "RSA-OAEP" + rsa_oaep_256 = "RSA-OAEP-256" + rsa1_5 = "RSA1_5" + + +class JsonWebKeySignatureAlgorithm(str, Enum): + + ps256 = "PS256" #: RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 + ps384 = "PS384" #: RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 + ps512 = "PS512" #: RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 + rs256 = "RS256" #: RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 + rs384 = "RS384" #: RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 + rs512 = "RS512" #: RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 + rsnull = "RSNULL" #: Reserved + es256 = "ES256" #: ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. + es384 = "ES384" #: ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 + es512 = "ES512" #: ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 + es256_k = "ES256K" #: ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 + + +class SasTokenType(str, Enum): + + account = "account" + service = "service" diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models.py new file mode 100644 index 000000000000..ea5379c44cc0 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models.py @@ -0,0 +1,3244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from azure.core.exceptions import HttpResponseError + + +class Action(Model): + """The action that will be executed. + + :param action_type: The type of the action. Possible values include: + 'EmailContacts', 'AutoRenew' + :type action_type: str or ~azure.keyvault.v7_1.models.ActionType + """ + + _attribute_map = { + 'action_type': {'key': 'action_type', 'type': 'ActionType'}, + } + + def __init__(self, **kwargs): + super(Action, self).__init__(**kwargs) + self.action_type = kwargs.get('action_type', None) + + +class AdministratorDetails(Model): + """Details of the organization administrator of the certificate issuer. + + :param first_name: First name. + :type first_name: str + :param last_name: Last name. + :type last_name: str + :param email_address: Email address. + :type email_address: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'first_name': {'key': 'first_name', 'type': 'str'}, + 'last_name': {'key': 'last_name', 'type': 'str'}, + 'email_address': {'key': 'email', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AdministratorDetails, self).__init__(**kwargs) + self.first_name = kwargs.get('first_name', None) + self.last_name = kwargs.get('last_name', None) + self.email_address = kwargs.get('email_address', None) + self.phone = kwargs.get('phone', None) + + +class Attributes(Model): + """The object attributes managed by the KeyVault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(Attributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.not_before = kwargs.get('not_before', None) + self.expires = kwargs.get('expires', None) + self.created = None + self.updated = None + + +class BackupCertificateResult(Model): + """The backup certificate result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up certificate. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupCertificateResult, self).__init__(**kwargs) + self.value = None + + +class BackupKeyResult(Model): + """The backup key result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up key. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupKeyResult, self).__init__(**kwargs) + self.value = None + + +class BackupSecretResult(Model): + """The backup secret result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up secret. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupSecretResult, self).__init__(**kwargs) + self.value = None + + +class BackupStorageResult(Model): + """The backup storage result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up storage account. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(BackupStorageResult, self).__init__(**kwargs) + self.value = None + + +class CertificateAttributes(Attributes): + """The certificate management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for certificates in the current vault. If it contains 'Purgeable', + the certificate can be permanently deleted by a privileged user; + otherwise, only the system can purge the certificate, at the end of the + retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class CertificateBundle(Model): + """A certificate bundle consists of a certificate (X509) plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateBundle, self).__init__(**kwargs) + self.id = None + self.kid = None + self.sid = None + self.x509_thumbprint = None + self.policy = None + self.cer = kwargs.get('cer', None) + self.content_type = kwargs.get('content_type', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateCreateParameters(Model): + """The certificate create parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateCreateParameters, self).__init__(**kwargs) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateImportParameters(Model): + """The certificate import parameters. + + All required parameters must be populated in order to send to Azure. + + :param base64_encoded_certificate: Required. Base64 encoded representation + of the certificate object to import. This certificate needs to contain the + private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'base64_encoded_certificate': {'required': True}, + } + + _attribute_map = { + 'base64_encoded_certificate': {'key': 'value', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateImportParameters, self).__init__(**kwargs) + self.base64_encoded_certificate = kwargs.get('base64_encoded_certificate', None) + self.password = kwargs.get('password', None) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateIssuerItem(Model): + """The certificate issuer item containing certificate issuer metadata. + + :param id: Certificate Identifier. + :type id: str + :param provider: The issuer provider. + :type provider: str + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.provider = kwargs.get('provider', None) + + +class CertificateIssuerListResult(Model): + """The certificate issuer list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificate issuers + in the key vault along with a link to the next page of certificate + issuers. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :ivar next_link: The URL to get the next set of certificate issuers. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateIssuerItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateIssuerSetParameters(Model): + """The certificate issuer set parameters. + + All required parameters must be populated in order to send to Azure. + + :param provider: Required. The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'provider': {'required': True}, + } + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerSetParameters, self).__init__(**kwargs) + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateIssuerUpdateParameters(Model): + """The certificate issuer update parameters. + + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificateIssuerUpdateParameters, self).__init__(**kwargs) + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateItem(Model): + """The certificate item containing certificate metadata. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(CertificateItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.x509_thumbprint = kwargs.get('x509_thumbprint', None) + + +class CertificateListResult(Model): + """The certificate list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificates in the + key vault along with a link to the next page of certificates. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateItem] + :ivar next_link: The URL to get the next set of certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateMergeParameters(Model): + """The certificate merge parameters. + + All required parameters must be populated in order to send to Azure. + + :param x509_certificates: Required. The certificate or the certificate + chain to merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'x509_certificates': {'required': True}, + } + + _attribute_map = { + 'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateMergeParameters, self).__init__(**kwargs) + self.x509_certificates = kwargs.get('x509_certificates', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class CertificateOperation(Model): + """A certificate operation is returned in case of asynchronous requests. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param csr: The certificate signing request (CSR) that is being used in + the certificate operation. + :type csr: bytearray + :param cancellation_requested: Indicates if cancellation was requested on + the certificate operation. + :type cancellation_requested: bool + :param status: Status of the certificate operation. + :type status: str + :param status_details: The status details of the certificate operation. + :type status_details: str + :param error: Error encountered, if any, during the certificate operation. + :type error: ~azure.keyvault.v7_1.models.Error + :param target: Location which contains the result of the certificate + operation. + :type target: str + :param request_id: Identifier for the certificate operation. + :type request_id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'csr': {'key': 'csr', 'type': 'bytearray'}, + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + 'status': {'key': 'status', 'type': 'str'}, + 'status_details': {'key': 'status_details', 'type': 'str'}, + 'error': {'key': 'error', 'type': 'Error'}, + 'target': {'key': 'target', 'type': 'str'}, + 'request_id': {'key': 'request_id', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CertificateOperation, self).__init__(**kwargs) + self.id = None + self.issuer_parameters = kwargs.get('issuer_parameters', None) + self.csr = kwargs.get('csr', None) + self.cancellation_requested = kwargs.get('cancellation_requested', None) + self.status = kwargs.get('status', None) + self.status_details = kwargs.get('status_details', None) + self.error = kwargs.get('error', None) + self.target = kwargs.get('target', None) + self.request_id = kwargs.get('request_id', None) + + +class CertificateOperationUpdateParameter(Model): + """The certificate operation update parameters. + + All required parameters must be populated in order to send to Azure. + + :param cancellation_requested: Required. Indicates if cancellation was + requested on the certificate operation. + :type cancellation_requested: bool + """ + + _validation = { + 'cancellation_requested': {'required': True}, + } + + _attribute_map = { + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(CertificateOperationUpdateParameter, self).__init__(**kwargs) + self.cancellation_requested = kwargs.get('cancellation_requested', None) + + +class CertificatePolicy(Model): + """Management policy for a certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param key_properties: Properties of the key backing a certificate. + :type key_properties: ~azure.keyvault.v7_1.models.KeyProperties + :param secret_properties: Properties of the secret backing a certificate. + :type secret_properties: ~azure.keyvault.v7_1.models.SecretProperties + :param x509_certificate_properties: Properties of the X509 component of a + certificate. + :type x509_certificate_properties: + ~azure.keyvault.v7_1.models.X509CertificateProperties + :param lifetime_actions: Actions that will be performed by Key Vault over + the lifetime of a certificate. + :type lifetime_actions: list[~azure.keyvault.v7_1.models.LifetimeAction] + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'key_properties': {'key': 'key_props', 'type': 'KeyProperties'}, + 'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'}, + 'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'}, + 'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + } + + def __init__(self, **kwargs): + super(CertificatePolicy, self).__init__(**kwargs) + self.id = None + self.key_properties = kwargs.get('key_properties', None) + self.secret_properties = kwargs.get('secret_properties', None) + self.x509_certificate_properties = kwargs.get('x509_certificate_properties', None) + self.lifetime_actions = kwargs.get('lifetime_actions', None) + self.issuer_parameters = kwargs.get('issuer_parameters', None) + self.attributes = kwargs.get('attributes', None) + + +class CertificateRestoreParameters(Model): + """The certificate restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param certificate_bundle_backup: Required. The backup blob associated + with a certificate bundle. + :type certificate_bundle_backup: bytes + """ + + _validation = { + 'certificate_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'certificate_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(CertificateRestoreParameters, self).__init__(**kwargs) + self.certificate_bundle_backup = kwargs.get('certificate_bundle_backup', None) + + +class CertificateUpdateParameters(Model): + """The certificate update parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(CertificateUpdateParameters, self).__init__(**kwargs) + self.certificate_policy = kwargs.get('certificate_policy', None) + self.certificate_attributes = kwargs.get('certificate_attributes', None) + self.tags = kwargs.get('tags', None) + + +class Contact(Model): + """The contact information for the vault certificates. + + :param email_address: Email address. + :type email_address: str + :param name: Name. + :type name: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'email_address': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Contact, self).__init__(**kwargs) + self.email_address = kwargs.get('email_address', None) + self.name = kwargs.get('name', None) + self.phone = kwargs.get('phone', None) + + +class Contacts(Model): + """The contacts for the vault certificates. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the contacts collection. + :vartype id: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'contact_list': {'key': 'contacts', 'type': '[Contact]'}, + } + + def __init__(self, **kwargs): + super(Contacts, self).__init__(**kwargs) + self.id = None + self.contact_list = kwargs.get('contact_list', None) + + +class DeletedCertificateBundle(CertificateBundle): + """A Deleted Certificate consisting of its previous id, attributes and its + tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateItem(CertificateItem): + """The deleted certificate item containing metadata about the deleted + certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateListResult(Model): + """A list of certificates that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted certificates + in the vault along with a link to the next page of deleted certificates + :vartype value: list[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :ivar next_link: The URL to get the next set of deleted certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedCertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedCertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyBundle(Model): + """A KeyBundle consisting of a WebKey plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyBundle, self).__init__(**kwargs) + self.key = kwargs.get('key', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.managed = None + + +class DeletedKeyBundle(KeyBundle): + """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion + info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class KeyItem(Model): + """The key item containing key metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyItem, self).__init__(**kwargs) + self.kid = kwargs.get('kid', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.managed = None + + +class DeletedKeyItem(KeyItem): + """The deleted key item containing the deleted key metadata and information + about deletion. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedKeyListResult(Model): + """A list of keys that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted keys in the + vault along with a link to the next page of deleted keys + :vartype value: list[~azure.keyvault.v7_1.models.DeletedKeyItem] + :ivar next_link: The URL to get the next set of deleted keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedKeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedKeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionBundle(Model): + """A SAS definition bundle consists of key vault SAS definition details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionBundle, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.template_uri = None + self.sas_type = None + self.validity_period = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionBundle(SasDefinitionBundle): + """A deleted SAS definition bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class SasDefinitionItem(Model): + """The SAS definition item containing storage SAS definition metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionItem, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionItem(SasDefinitionItem): + """The deleted SAS definition item containing metadata about the deleted SAS + definition. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSasDefinitionListResult(Model): + """The deleted SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted SAS + definitions in the vault along with a link to the next page of deleted sas + definitions + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :ivar next_link: The URL to get the next set of deleted SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedSasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretBundle(Model): + """A secret consisting of a value, id and its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(SecretBundle, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.id = kwargs.get('id', None) + self.content_type = kwargs.get('content_type', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.kid = None + self.managed = None + + +class DeletedSecretBundle(SecretBundle): + """A Deleted Secret consisting of its previous id, attributes and its tags, as + well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class SecretItem(Model): + """The secret item containing secret metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(SecretItem, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.attributes = kwargs.get('attributes', None) + self.tags = kwargs.get('tags', None) + self.content_type = kwargs.get('content_type', None) + self.managed = None + + +class DeletedSecretItem(SecretItem): + """The deleted secret item containing metadata about the deleted secret. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSecretListResult(Model): + """The deleted secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted secrets + in the vault along with a link to the next page of deleted secrets + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSecretItem] + :ivar next_link: The URL to get the next set of deleted secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedSecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageAccountItem(Model): + """The storage account item containing storage account metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountItem, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.attributes = None + self.tags = None + + +class DeletedStorageAccountItem(StorageAccountItem): + """The deleted storage account item containing metadata about the deleted + storage account. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageAccountItem, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class StorageBundle(Model): + """A Storage account bundle consists of key vault storage account details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageBundle, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.active_key_name = None + self.auto_regenerate_key = None + self.regeneration_period = None + self.attributes = None + self.tags = None + + +class DeletedStorageBundle(StorageBundle): + """A deleted storage account bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageBundle, self).__init__(**kwargs) + self.recovery_id = kwargs.get('recovery_id', None) + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedStorageListResult(Model): + """The deleted storage account list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted storage + accounts in the vault along with a link to the next page of deleted + storage accounts + :vartype value: + list[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :ivar next_link: The URL to get the next set of deleted storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedStorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DeletedStorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class Error(Model): + """The key vault server error. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar inner_error: + :vartype inner_error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'inner_error': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'inner_error': {'key': 'innererror', 'type': 'Error'}, + } + + def __init__(self, **kwargs): + super(Error, self).__init__(**kwargs) + self.code = None + self.message = None + self.inner_error = None + + +class IssuerAttributes(Model): + """The attributes of an issuer managed by the Key Vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the issuer is enabled. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, **kwargs): + super(IssuerAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + + +class IssuerBundle(Model): + """The issuer for Key Vault certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the issuer object. + :vartype id: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, **kwargs): + super(IssuerBundle, self).__init__(**kwargs) + self.id = None + self.provider = kwargs.get('provider', None) + self.credentials = kwargs.get('credentials', None) + self.organization_details = kwargs.get('organization_details', None) + self.attributes = kwargs.get('attributes', None) + + +class IssuerCredentials(Model): + """The credentials to be used for the certificate issuer. + + :param account_id: The user name/account name/account id. + :type account_id: str + :param password: The password/secret/account key. + :type password: str + """ + + _attribute_map = { + 'account_id': {'key': 'account_id', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IssuerCredentials, self).__init__(**kwargs) + self.account_id = kwargs.get('account_id', None) + self.password = kwargs.get('password', None) + + +class IssuerParameters(Model): + """Parameters for the issuer of the X509 component of a certificate. + + :param name: Name of the referenced issuer object or reserved names; for + example, 'Self' or 'Unknown'. + :type name: str + :param certificate_type: Certificate type as supported by the provider + (optional); for example 'OV-SSL', 'EV-SSL' + :type certificate_type: str + :param certificate_transparency: Indicates if the certificates generated + under this policy should be published to certificate transparency logs. + :type certificate_transparency: bool + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'certificate_type': {'key': 'cty', 'type': 'str'}, + 'certificate_transparency': {'key': 'cert_transparency', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(IssuerParameters, self).__init__(**kwargs) + self.name = kwargs.get('name', None) + self.certificate_type = kwargs.get('certificate_type', None) + self.certificate_transparency = kwargs.get('certificate_transparency', None) + + +class JsonWebKey(Model): + """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. + + :param kid: Key identifier. + :type kid: str + :param kty: JsonWebKey Key Type (kty), as defined in + https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_ops: + :type key_ops: list[str] + :param n: RSA modulus. + :type n: bytes + :param e: RSA public exponent. + :type e: bytes + :param d: RSA private exponent, or the D component of an EC private key. + :type d: bytes + :param dp: RSA private key parameter. + :type dp: bytes + :param dq: RSA private key parameter. + :type dq: bytes + :param qi: RSA private key parameter. + :type qi: bytes + :param p: RSA secret prime. + :type p: bytes + :param q: RSA secret prime, with p < q. + :type q: bytes + :param k: Symmetric key. + :type k: bytes + :param t: HSM Token, used with 'Bring Your Own Key'. + :type t: bytes + :param crv: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type crv: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param x: X component of an EC public key. + :type x: bytes + :param y: Y component of an EC public key. + :type y: bytes + """ + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'n': {'key': 'n', 'type': 'base64'}, + 'e': {'key': 'e', 'type': 'base64'}, + 'd': {'key': 'd', 'type': 'base64'}, + 'dp': {'key': 'dp', 'type': 'base64'}, + 'dq': {'key': 'dq', 'type': 'base64'}, + 'qi': {'key': 'qi', 'type': 'base64'}, + 'p': {'key': 'p', 'type': 'base64'}, + 'q': {'key': 'q', 'type': 'base64'}, + 'k': {'key': 'k', 'type': 'base64'}, + 't': {'key': 'key_hsm', 'type': 'base64'}, + 'crv': {'key': 'crv', 'type': 'str'}, + 'x': {'key': 'x', 'type': 'base64'}, + 'y': {'key': 'y', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(JsonWebKey, self).__init__(**kwargs) + self.kid = kwargs.get('kid', None) + self.kty = kwargs.get('kty', None) + self.key_ops = kwargs.get('key_ops', None) + self.n = kwargs.get('n', None) + self.e = kwargs.get('e', None) + self.d = kwargs.get('d', None) + self.dp = kwargs.get('dp', None) + self.dq = kwargs.get('dq', None) + self.qi = kwargs.get('qi', None) + self.p = kwargs.get('p', None) + self.q = kwargs.get('q', None) + self.k = kwargs.get('k', None) + self.t = kwargs.get('t', None) + self.crv = kwargs.get('crv', None) + self.x = kwargs.get('x', None) + self.y = kwargs.get('y', None) + + +class KeyAttributes(Attributes): + """The attributes of a key managed by the key vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for keys in the current vault. If it contains 'Purgeable' the key + can be permanently deleted by a privileged user; otherwise, only the + system can purge the key, at the end of the retention interval. Possible + values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class KeyCreateParameters(Model): + """The key create parameters. + + All required parameters must be populated in order to send to Azure. + + :param kty: Required. The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', + 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _validation = { + 'kty': {'required': True, 'min_length': 1}, + } + + _attribute_map = { + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyCreateParameters, self).__init__(**kwargs) + self.kty = kwargs.get('kty', None) + self.key_size = kwargs.get('key_size', None) + self.key_ops = kwargs.get('key_ops', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + self.curve = kwargs.get('curve', None) + + +class KeyImportParameters(Model): + """The key import parameters. + + All required parameters must be populated in order to send to Azure. + + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key: Required. The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'key': {'required': True}, + } + + _attribute_map = { + 'hsm': {'key': 'Hsm', 'type': 'bool'}, + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(KeyImportParameters, self).__init__(**kwargs) + self.hsm = kwargs.get('hsm', None) + self.key = kwargs.get('key', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + + +class KeyListResult(Model): + """The key list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of keys in the key vault + along with a link to the next page of keys. + :vartype value: list[~azure.keyvault.v7_1.models.KeyItem] + :ivar next_link: The URL to get the next set of keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[KeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyOperationResult(Model): + """The key operation result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar kid: Key identifier + :vartype kid: str + :ivar result: + :vartype result: bytes + """ + + _validation = { + 'kid': {'readonly': True}, + 'result': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'result': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyOperationResult, self).__init__(**kwargs) + self.kid = None + self.result = None + + +class KeyOperationsParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyOperationsParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.value = kwargs.get('value', None) + + +class KeyProperties(Model): + """Properties of the key pair backing a certificate. + + :param exportable: Indicates if the private key can be exported. + :type exportable: bool + :param key_type: The type of key pair to be used for the certificate. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type key_type: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param reuse_key: Indicates if the same key pair will be used on + certificate renewal. + :type reuse_key: bool + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _attribute_map = { + 'exportable': {'key': 'exportable', 'type': 'bool'}, + 'key_type': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'reuse_key': {'key': 'reuse_key', 'type': 'bool'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(KeyProperties, self).__init__(**kwargs) + self.exportable = kwargs.get('exportable', None) + self.key_type = kwargs.get('key_type', None) + self.key_size = kwargs.get('key_size', None) + self.reuse_key = kwargs.get('reuse_key', None) + self.curve = kwargs.get('curve', None) + + +class KeyRestoreParameters(Model): + """The key restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_bundle_backup: Required. The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + """ + + _validation = { + 'key_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'key_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyRestoreParameters, self).__init__(**kwargs) + self.key_bundle_backup = kwargs.get('key_bundle_backup', None) + + +class KeySignParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm identifier. + For more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', + 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', + 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeySignParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.value = kwargs.get('value', None) + + +class KeyUpdateParameters(Model): + """The key update parameters. + + :param key_ops: Json web key operations. For more information on possible + key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(KeyUpdateParameters, self).__init__(**kwargs) + self.key_ops = kwargs.get('key_ops', None) + self.key_attributes = kwargs.get('key_attributes', None) + self.tags = kwargs.get('tags', None) + + +class KeyVaultError(Model): + """The key vault error exception. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar error: + :vartype error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'error': {'readonly': True}, + } + + _attribute_map = { + 'error': {'key': 'error', 'type': 'Error'}, + } + + def __init__(self, **kwargs): + super(KeyVaultError, self).__init__(**kwargs) + self.error = None + + +class KeyVaultErrorException(HttpResponseError): + """Server responsed with exception of type: 'KeyVaultError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, response, deserialize, *args): + + model_name = 'KeyVaultError' + self.error = deserialize(model_name, response) + if self.error is None: + self.error = deserialize.dependencies[model_name]() + super(KeyVaultErrorException, self).__init__(response=response) + + +class KeyVerifyParameters(Model): + """The key verify parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm. For more + information on possible algorithm types, see JsonWebKeySignatureAlgorithm. + Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', + 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: Required. The digest used for signing. + :type digest: bytes + :param signature: Required. The signature to be verified. + :type signature: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'digest': {'required': True}, + 'signature': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'digest': {'key': 'digest', 'type': 'base64'}, + 'signature': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(KeyVerifyParameters, self).__init__(**kwargs) + self.algorithm = kwargs.get('algorithm', None) + self.digest = kwargs.get('digest', None) + self.signature = kwargs.get('signature', None) + + +class KeyVerifyResult(Model): + """The key verify result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: True if the signature is verified, otherwise false. + :vartype value: bool + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(KeyVerifyResult, self).__init__(**kwargs) + self.value = None + + +class LifetimeAction(Model): + """Action and its trigger that will be performed by Key Vault over the + lifetime of a certificate. + + :param trigger: The condition that will execute the action. + :type trigger: ~azure.keyvault.v7_1.models.Trigger + :param action: The action that will be executed. + :type action: ~azure.keyvault.v7_1.models.Action + """ + + _attribute_map = { + 'trigger': {'key': 'trigger', 'type': 'Trigger'}, + 'action': {'key': 'action', 'type': 'Action'}, + } + + def __init__(self, **kwargs): + super(LifetimeAction, self).__init__(**kwargs) + self.trigger = kwargs.get('trigger', None) + self.action = kwargs.get('action', None) + + +class OrganizationDetails(Model): + """Details of the organization of the certificate issuer. + + :param id: Id of the organization. + :type id: str + :param admin_details: Details of the organization administrator. + :type admin_details: + list[~azure.keyvault.v7_1.models.AdministratorDetails] + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'}, + } + + def __init__(self, **kwargs): + super(OrganizationDetails, self).__init__(**kwargs) + self.id = kwargs.get('id', None) + self.admin_details = kwargs.get('admin_details', None) + + +class PendingCertificateSigningRequestResult(Model): + """The pending certificate signing request result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The pending certificate signing request as Base64 encoded + string. + :vartype value: str + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(PendingCertificateSigningRequestResult, self).__init__(**kwargs) + self.value = None + + +class SasDefinitionAttributes(Model): + """The SAS definition management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for SAS definitions in the current vault. If it contains + 'Purgeable' the SAS definition can be permanently deleted by a privileged + user; otherwise, only the system can purge the SAS definition, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class SasDefinitionCreateParameters(Model): + """The SAS definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param template_uri: Required. The SAS definition token template signed + with an arbitrary key. Tokens created according to the SAS definition + will have the same properties as the template. + :type template_uri: str + :param sas_type: Required. The type of SAS token the SAS definition will + create. Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: Required. The validity period of SAS tokens + created according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'template_uri': {'required': True}, + 'sas_type': {'required': True}, + 'validity_period': {'required': True}, + } + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionCreateParameters, self).__init__(**kwargs) + self.template_uri = kwargs.get('template_uri', None) + self.sas_type = kwargs.get('sas_type', None) + self.validity_period = kwargs.get('validity_period', None) + self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None) + self.tags = kwargs.get('tags', None) + + +class SasDefinitionListResult(Model): + """The storage account SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of SAS definitions along + with a link to the next page of SAS definitions. + :vartype value: list[~azure.keyvault.v7_1.models.SasDefinitionItem] + :ivar next_link: The URL to get the next set of SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionUpdateParameters(Model): + """The SAS definition update parameters. + + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SasDefinitionUpdateParameters, self).__init__(**kwargs) + self.template_uri = kwargs.get('template_uri', None) + self.sas_type = kwargs.get('sas_type', None) + self.validity_period = kwargs.get('validity_period', None) + self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None) + self.tags = kwargs.get('tags', None) + + +class SecretAttributes(Attributes): + """The secret management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for secrets in the current vault. If it contains 'Purgeable', the + secret can be permanently deleted by a privileged user; otherwise, only + the system can purge the secret, at the end of the retention interval. + Possible values include: 'Purgeable', 'Recoverable+Purgeable', + 'Recoverable', 'Recoverable+ProtectedSubscription', + 'CustomizedRecoverable+Purgeable', 'CustomizedRecoverable', + 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretAttributes, self).__init__(**kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class SecretListResult(Model): + """The secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of secrets in the key + vault along with a link to the next page of secrets. + :vartype value: list[~azure.keyvault.v7_1.models.SecretItem] + :ivar next_link: The URL to get the next set of secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretProperties(Model): + """Properties of the key backing a certificate. + + :param content_type: The media type (MIME type). + :type content_type: str + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecretProperties, self).__init__(**kwargs) + self.content_type = kwargs.get('content_type', None) + + +class SecretRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param secret_bundle_backup: Required. The backup blob associated with a + secret bundle. + :type secret_bundle_backup: bytes + """ + + _validation = { + 'secret_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'secret_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(SecretRestoreParameters, self).__init__(**kwargs) + self.secret_bundle_backup = kwargs.get('secret_bundle_backup', None) + + +class SecretSetParameters(Model): + """The secret set parameters. + + All required parameters must be populated in order to send to Azure. + + :param value: Required. The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + } + + def __init__(self, **kwargs): + super(SecretSetParameters, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.tags = kwargs.get('tags', None) + self.content_type = kwargs.get('content_type', None) + self.secret_attributes = kwargs.get('secret_attributes', None) + + +class SecretUpdateParameters(Model): + """The secret update parameters. + + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(SecretUpdateParameters, self).__init__(**kwargs) + self.content_type = kwargs.get('content_type', None) + self.secret_attributes = kwargs.get('secret_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageAccountAttributes(Model): + """The storage account management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for storage accounts in the current vault. If it contains + 'Purgeable' the storage account can be permanently deleted by a privileged + user; otherwise, only the system can purge the storage account, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageAccountAttributes, self).__init__(**kwargs) + self.enabled = kwargs.get('enabled', None) + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class StorageAccountCreateParameters(Model): + """The storage account create parameters. + + All required parameters must be populated in order to send to Azure. + + :param resource_id: Required. Storage account resource id. + :type resource_id: str + :param active_key_name: Required. Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: Required. whether keyvault should manage the + storage account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'resource_id': {'required': True}, + 'active_key_name': {'required': True}, + 'auto_regenerate_key': {'required': True}, + } + + _attribute_map = { + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountCreateParameters, self).__init__(**kwargs) + self.resource_id = kwargs.get('resource_id', None) + self.active_key_name = kwargs.get('active_key_name', None) + self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None) + self.regeneration_period = kwargs.get('regeneration_period', None) + self.storage_account_attributes = kwargs.get('storage_account_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageAccountRegenerteKeyParameters(Model): + """The storage account key regenerate parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_name: Required. The storage account key name. + :type key_name: str + """ + + _validation = { + 'key_name': {'required': True}, + } + + _attribute_map = { + 'key_name': {'key': 'keyName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs) + self.key_name = kwargs.get('key_name', None) + + +class StorageAccountUpdateParameters(Model): + """The storage account update parameters. + + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(StorageAccountUpdateParameters, self).__init__(**kwargs) + self.active_key_name = kwargs.get('active_key_name', None) + self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None) + self.regeneration_period = kwargs.get('regeneration_period', None) + self.storage_account_attributes = kwargs.get('storage_account_attributes', None) + self.tags = kwargs.get('tags', None) + + +class StorageListResult(Model): + """The storage accounts list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of storage accounts in + the key vault along with a link to the next page of storage accounts. + :vartype value: list[~azure.keyvault.v7_1.models.StorageAccountItem] + :ivar next_link: The URL to get the next set of storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[StorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(StorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param storage_bundle_backup: Required. The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + """ + + _validation = { + 'storage_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'storage_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs): + super(StorageRestoreParameters, self).__init__(**kwargs) + self.storage_bundle_backup = kwargs.get('storage_bundle_backup', None) + + +class SubjectAlternativeNames(Model): + """The subject alternate names of a X509 object. + + :param emails: Email addresses. + :type emails: list[str] + :param dns_names: Domain names. + :type dns_names: list[str] + :param upns: User principal names. + :type upns: list[str] + """ + + _attribute_map = { + 'emails': {'key': 'emails', 'type': '[str]'}, + 'dns_names': {'key': 'dns_names', 'type': '[str]'}, + 'upns': {'key': 'upns', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(SubjectAlternativeNames, self).__init__(**kwargs) + self.emails = kwargs.get('emails', None) + self.dns_names = kwargs.get('dns_names', None) + self.upns = kwargs.get('upns', None) + + +class Trigger(Model): + """A condition to be satisfied for an action to be executed. + + :param lifetime_percentage: Percentage of lifetime at which to trigger. + Value should be between 1 and 99. + :type lifetime_percentage: int + :param days_before_expiry: Days before expiry to attempt renewal. Value + should be between 1 and validity_in_months multiplied by 27. If + validity_in_months is 36, then value should be between 1 and 972 (36 * + 27). + :type days_before_expiry: int + """ + + _validation = { + 'lifetime_percentage': {'maximum': 99, 'minimum': 1}, + } + + _attribute_map = { + 'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'}, + 'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(Trigger, self).__init__(**kwargs) + self.lifetime_percentage = kwargs.get('lifetime_percentage', None) + self.days_before_expiry = kwargs.get('days_before_expiry', None) + + +class X509CertificateProperties(Model): + """Properties of the X509 component of a certificate. + + :param subject: The subject name. Should be a valid X509 distinguished + Name. + :type subject: str + :param ekus: The enhanced key usage. + :type ekus: list[str] + :param subject_alternative_names: The subject alternative names. + :type subject_alternative_names: + ~azure.keyvault.v7_1.models.SubjectAlternativeNames + :param key_usage: List of key usages. + :type key_usage: list[str or ~azure.keyvault.v7_1.models.KeyUsageType] + :param validity_in_months: The duration that the certificate is valid in + months. + :type validity_in_months: int + """ + + _validation = { + 'validity_in_months': {'minimum': 0}, + } + + _attribute_map = { + 'subject': {'key': 'subject', 'type': 'str'}, + 'ekus': {'key': 'ekus', 'type': '[str]'}, + 'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'}, + 'key_usage': {'key': 'key_usage', 'type': '[str]'}, + 'validity_in_months': {'key': 'validity_months', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(X509CertificateProperties, self).__init__(**kwargs) + self.subject = kwargs.get('subject', None) + self.ekus = kwargs.get('ekus', None) + self.subject_alternative_names = kwargs.get('subject_alternative_names', None) + self.key_usage = kwargs.get('key_usage', None) + self.validity_in_months = kwargs.get('validity_in_months', None) diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models_py3.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models_py3.py new file mode 100644 index 000000000000..b57835037d85 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/models/_models_py3.py @@ -0,0 +1,3244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from azure.core.exceptions import HttpResponseError + + +class Action(Model): + """The action that will be executed. + + :param action_type: The type of the action. Possible values include: + 'EmailContacts', 'AutoRenew' + :type action_type: str or ~azure.keyvault.v7_1.models.ActionType + """ + + _attribute_map = { + 'action_type': {'key': 'action_type', 'type': 'ActionType'}, + } + + def __init__(self, *, action_type=None, **kwargs) -> None: + super(Action, self).__init__(**kwargs) + self.action_type = action_type + + +class AdministratorDetails(Model): + """Details of the organization administrator of the certificate issuer. + + :param first_name: First name. + :type first_name: str + :param last_name: Last name. + :type last_name: str + :param email_address: Email address. + :type email_address: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'first_name': {'key': 'first_name', 'type': 'str'}, + 'last_name': {'key': 'last_name', 'type': 'str'}, + 'email_address': {'key': 'email', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, *, first_name: str=None, last_name: str=None, email_address: str=None, phone: str=None, **kwargs) -> None: + super(AdministratorDetails, self).__init__(**kwargs) + self.first_name = first_name + self.last_name = last_name + self.email_address = email_address + self.phone = phone + + +class Attributes(Model): + """The object attributes managed by the KeyVault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(Attributes, self).__init__(**kwargs) + self.enabled = enabled + self.not_before = not_before + self.expires = expires + self.created = None + self.updated = None + + +class BackupCertificateResult(Model): + """The backup certificate result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up certificate. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupCertificateResult, self).__init__(**kwargs) + self.value = None + + +class BackupKeyResult(Model): + """The backup key result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up key. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupKeyResult, self).__init__(**kwargs) + self.value = None + + +class BackupSecretResult(Model): + """The backup secret result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up secret. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupSecretResult, self).__init__(**kwargs) + self.value = None + + +class BackupStorageResult(Model): + """The backup storage result, containing the backup blob. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The backup blob containing the backed up storage account. + :vartype value: bytes + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(BackupStorageResult, self).__init__(**kwargs) + self.value = None + + +class CertificateAttributes(Attributes): + """The certificate management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for certificates in the current vault. If it contains 'Purgeable', + the certificate can be permanently deleted by a privileged user; + otherwise, only the system can purge the certificate, at the end of the + retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(CertificateAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class CertificateBundle(Model): + """A certificate bundle consists of a certificate (X509) plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None: + super(CertificateBundle, self).__init__(**kwargs) + self.id = None + self.kid = None + self.sid = None + self.x509_thumbprint = None + self.policy = None + self.cer = cer + self.content_type = content_type + self.attributes = attributes + self.tags = tags + + +class CertificateCreateParameters(Model): + """The certificate create parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateCreateParameters, self).__init__(**kwargs) + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateImportParameters(Model): + """The certificate import parameters. + + All required parameters must be populated in order to send to Azure. + + :param base64_encoded_certificate: Required. Base64 encoded representation + of the certificate object to import. This certificate needs to contain the + private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'base64_encoded_certificate': {'required': True}, + } + + _attribute_map = { + 'base64_encoded_certificate': {'key': 'value', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, base64_encoded_certificate: str, password: str=None, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateImportParameters, self).__init__(**kwargs) + self.base64_encoded_certificate = base64_encoded_certificate + self.password = password + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateIssuerItem(Model): + """The certificate issuer item containing certificate issuer metadata. + + :param id: Certificate Identifier. + :type id: str + :param provider: The issuer provider. + :type provider: str + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + } + + def __init__(self, *, id: str=None, provider: str=None, **kwargs) -> None: + super(CertificateIssuerItem, self).__init__(**kwargs) + self.id = id + self.provider = provider + + +class CertificateIssuerListResult(Model): + """The certificate issuer list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificate issuers + in the key vault along with a link to the next page of certificate + issuers. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :ivar next_link: The URL to get the next set of certificate issuers. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateIssuerItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CertificateIssuerListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateIssuerSetParameters(Model): + """The certificate issuer set parameters. + + All required parameters must be populated in order to send to Azure. + + :param provider: Required. The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'provider': {'required': True}, + } + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(CertificateIssuerSetParameters, self).__init__(**kwargs) + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class CertificateIssuerUpdateParameters(Model): + """The certificate issuer update parameters. + + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _attribute_map = { + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(CertificateIssuerUpdateParameters, self).__init__(**kwargs) + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class CertificateItem(Model): + """The certificate item containing certificate metadata. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, **kwargs) -> None: + super(CertificateItem, self).__init__(**kwargs) + self.id = id + self.attributes = attributes + self.tags = tags + self.x509_thumbprint = x509_thumbprint + + +class CertificateListResult(Model): + """The certificate list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of certificates in the + key vault along with a link to the next page of certificates. + :vartype value: list[~azure.keyvault.v7_1.models.CertificateItem] + :ivar next_link: The URL to get the next set of certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[CertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class CertificateMergeParameters(Model): + """The certificate merge parameters. + + All required parameters must be populated in order to send to Azure. + + :param x509_certificates: Required. The certificate or the certificate + chain to merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'x509_certificates': {'required': True}, + } + + _attribute_map = { + 'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, x509_certificates, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateMergeParameters, self).__init__(**kwargs) + self.x509_certificates = x509_certificates + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class CertificateOperation(Model): + """A certificate operation is returned in case of asynchronous requests. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param csr: The certificate signing request (CSR) that is being used in + the certificate operation. + :type csr: bytearray + :param cancellation_requested: Indicates if cancellation was requested on + the certificate operation. + :type cancellation_requested: bool + :param status: Status of the certificate operation. + :type status: str + :param status_details: The status details of the certificate operation. + :type status_details: str + :param error: Error encountered, if any, during the certificate operation. + :type error: ~azure.keyvault.v7_1.models.Error + :param target: Location which contains the result of the certificate + operation. + :type target: str + :param request_id: Identifier for the certificate operation. + :type request_id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'csr': {'key': 'csr', 'type': 'bytearray'}, + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + 'status': {'key': 'status', 'type': 'str'}, + 'status_details': {'key': 'status_details', 'type': 'str'}, + 'error': {'key': 'error', 'type': 'Error'}, + 'target': {'key': 'target', 'type': 'str'}, + 'request_id': {'key': 'request_id', 'type': 'str'}, + } + + def __init__(self, *, issuer_parameters=None, csr: bytearray=None, cancellation_requested: bool=None, status: str=None, status_details: str=None, error=None, target: str=None, request_id: str=None, **kwargs) -> None: + super(CertificateOperation, self).__init__(**kwargs) + self.id = None + self.issuer_parameters = issuer_parameters + self.csr = csr + self.cancellation_requested = cancellation_requested + self.status = status + self.status_details = status_details + self.error = error + self.target = target + self.request_id = request_id + + +class CertificateOperationUpdateParameter(Model): + """The certificate operation update parameters. + + All required parameters must be populated in order to send to Azure. + + :param cancellation_requested: Required. Indicates if cancellation was + requested on the certificate operation. + :type cancellation_requested: bool + """ + + _validation = { + 'cancellation_requested': {'required': True}, + } + + _attribute_map = { + 'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'}, + } + + def __init__(self, *, cancellation_requested: bool, **kwargs) -> None: + super(CertificateOperationUpdateParameter, self).__init__(**kwargs) + self.cancellation_requested = cancellation_requested + + +class CertificatePolicy(Model): + """Management policy for a certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :param key_properties: Properties of the key backing a certificate. + :type key_properties: ~azure.keyvault.v7_1.models.KeyProperties + :param secret_properties: Properties of the secret backing a certificate. + :type secret_properties: ~azure.keyvault.v7_1.models.SecretProperties + :param x509_certificate_properties: Properties of the X509 component of a + certificate. + :type x509_certificate_properties: + ~azure.keyvault.v7_1.models.X509CertificateProperties + :param lifetime_actions: Actions that will be performed by Key Vault over + the lifetime of a certificate. + :type lifetime_actions: list[~azure.keyvault.v7_1.models.LifetimeAction] + :param issuer_parameters: Parameters for the issuer of the X509 component + of a certificate. + :type issuer_parameters: ~azure.keyvault.v7_1.models.IssuerParameters + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'key_properties': {'key': 'key_props', 'type': 'KeyProperties'}, + 'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'}, + 'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'}, + 'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'}, + 'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + } + + def __init__(self, *, key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None, **kwargs) -> None: + super(CertificatePolicy, self).__init__(**kwargs) + self.id = None + self.key_properties = key_properties + self.secret_properties = secret_properties + self.x509_certificate_properties = x509_certificate_properties + self.lifetime_actions = lifetime_actions + self.issuer_parameters = issuer_parameters + self.attributes = attributes + + +class CertificateRestoreParameters(Model): + """The certificate restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param certificate_bundle_backup: Required. The backup blob associated + with a certificate bundle. + :type certificate_bundle_backup: bytes + """ + + _validation = { + 'certificate_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'certificate_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, certificate_bundle_backup: bytes, **kwargs) -> None: + super(CertificateRestoreParameters, self).__init__(**kwargs) + self.certificate_bundle_backup = certificate_bundle_backup + + +class CertificateUpdateParameters(Model): + """The certificate update parameters. + + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None: + super(CertificateUpdateParameters, self).__init__(**kwargs) + self.certificate_policy = certificate_policy + self.certificate_attributes = certificate_attributes + self.tags = tags + + +class Contact(Model): + """The contact information for the vault certificates. + + :param email_address: Email address. + :type email_address: str + :param name: Name. + :type name: str + :param phone: Phone number. + :type phone: str + """ + + _attribute_map = { + 'email_address': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'phone': {'key': 'phone', 'type': 'str'}, + } + + def __init__(self, *, email_address: str=None, name: str=None, phone: str=None, **kwargs) -> None: + super(Contact, self).__init__(**kwargs) + self.email_address = email_address + self.name = name + self.phone = phone + + +class Contacts(Model): + """The contacts for the vault certificates. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the contacts collection. + :vartype id: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'contact_list': {'key': 'contacts', 'type': '[Contact]'}, + } + + def __init__(self, *, contact_list=None, **kwargs) -> None: + super(Contacts, self).__init__(**kwargs) + self.id = None + self.contact_list = contact_list + + +class DeletedCertificateBundle(CertificateBundle): + """A Deleted Certificate consisting of its previous id, attributes and its + tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The certificate id. + :vartype id: str + :ivar kid: The key id. + :vartype kid: str + :ivar sid: The secret id. + :vartype sid: str + :ivar x509_thumbprint: Thumbprint of the certificate. + :vartype x509_thumbprint: bytes + :ivar policy: The management policy. + :vartype policy: ~azure.keyvault.v7_1.models.CertificatePolicy + :param cer: CER contents of x509 certificate. + :type cer: bytearray + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The certificate attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs + :type tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'kid': {'readonly': True}, + 'sid': {'readonly': True}, + 'x509_thumbprint': {'readonly': True}, + 'policy': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'sid': {'key': 'sid', 'type': 'str'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'policy': {'key': 'policy', 'type': 'CertificatePolicy'}, + 'cer': {'key': 'cer', 'type': 'bytearray'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedCertificateBundle, self).__init__(cer=cer, content_type=content_type, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateItem(CertificateItem): + """The deleted certificate item containing metadata about the deleted + certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Certificate identifier. + :type id: str + :param attributes: The certificate management attributes. + :type attributes: ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param x509_thumbprint: Thumbprint of the certificate. + :type x509_thumbprint: bytes + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted certificate. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the certificate is scheduled to + be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the certificate was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'x509_thumbprint': {'key': 'x5t', 'type': 'base64'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedCertificateItem, self).__init__(id=id, attributes=attributes, tags=tags, x509_thumbprint=x509_thumbprint, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedCertificateListResult(Model): + """A list of certificates that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted certificates + in the vault along with a link to the next page of deleted certificates + :vartype value: list[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :ivar next_link: The URL to get the next set of deleted certificates. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedCertificateItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedCertificateListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyBundle(Model): + """A KeyBundle consisting of a WebKey plus its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, key=None, attributes=None, tags=None, **kwargs) -> None: + super(KeyBundle, self).__init__(**kwargs) + self.key = key + self.attributes = attributes + self.tags = tags + self.managed = None + + +class DeletedKeyBundle(KeyBundle): + """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion + info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param key: The Json web key. + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, key=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedKeyBundle, self).__init__(key=key, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class KeyItem(Model): + """The key item containing key metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, kid: str=None, attributes=None, tags=None, **kwargs) -> None: + super(KeyItem, self).__init__(**kwargs) + self.kid = kid + self.attributes = attributes + self.tags = tags + self.managed = None + + +class DeletedKeyItem(KeyItem): + """The deleted key item containing the deleted key metadata and information + about deletion. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param kid: Key identifier. + :type kid: str + :param attributes: The key management attributes. + :type attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar managed: True if the key's lifetime is managed by key vault. If this + is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted key. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the key is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the key was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, kid: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedKeyItem, self).__init__(kid=kid, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedKeyListResult(Model): + """A list of keys that have been deleted in this vault. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of deleted keys in the + vault along with a link to the next page of deleted keys + :vartype value: list[~azure.keyvault.v7_1.models.DeletedKeyItem] + :ivar next_link: The URL to get the next set of deleted keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedKeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedKeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionBundle(Model): + """A SAS definition bundle consists of key vault SAS definition details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionBundle, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.template_uri = None + self.sas_type = None + self.validity_period = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionBundle(SasDefinitionBundle): + """A deleted SAS definition bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The SAS definition id. + :vartype id: str + :ivar secret_id: Storage account SAS definition secret id. + :vartype secret_id: str + :ivar template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :vartype template_uri: str + :ivar sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :vartype sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :ivar validity_period: The validity period of SAS tokens created according + to the SAS definition. + :vartype validity_period: str + :ivar attributes: The SAS definition attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'template_uri': {'readonly': True}, + 'sas_type': {'readonly': True}, + 'validity_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedSasDefinitionBundle, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class SasDefinitionItem(Model): + """The SAS definition item containing storage SAS definition metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionItem, self).__init__(**kwargs) + self.id = None + self.secret_id = None + self.attributes = None + self.tags = None + + +class DeletedSasDefinitionItem(SasDefinitionItem): + """The deleted SAS definition item containing metadata about the deleted SAS + definition. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage SAS identifier. + :vartype id: str + :ivar secret_id: The storage account SAS definition secret id. + :vartype secret_id: str + :ivar attributes: The SAS definition management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted SAS definition. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the SAS definition is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the SAS definition was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'secret_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'secret_id': {'key': 'sid', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedSasDefinitionItem, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSasDefinitionListResult(Model): + """The deleted SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted SAS + definitions in the vault along with a link to the next page of deleted sas + definitions + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :ivar next_link: The URL to get the next set of deleted SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedSasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretBundle(Model): + """A secret consisting of a value, id and its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None: + super(SecretBundle, self).__init__(**kwargs) + self.value = value + self.id = id + self.content_type = content_type + self.attributes = attributes + self.tags = tags + self.kid = None + self.managed = None + + +class DeletedSecretBundle(SecretBundle): + """A Deleted Secret consisting of its previous id, attributes and its tags, as + well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param value: The secret value. + :type value: str + :param id: The secret id. + :type id: str + :param content_type: The content type of the secret. + :type content_type: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :ivar kid: If this is a secret backing a KV certificate, then this field + specifies the corresponding key backing the KV certificate. + :vartype kid: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a secret backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'kid': {'readonly': True}, + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'kid': {'key': 'kid', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedSecretBundle, self).__init__(value=value, id=id, content_type=content_type, attributes=attributes, tags=tags, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class SecretItem(Model): + """The secret item containing secret metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + """ + + _validation = { + 'managed': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, **kwargs) -> None: + super(SecretItem, self).__init__(**kwargs) + self.id = id + self.attributes = attributes + self.tags = tags + self.content_type = content_type + self.managed = None + + +class DeletedSecretItem(SecretItem): + """The deleted secret item containing metadata about the deleted secret. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param id: Secret identifier. + :type id: str + :param attributes: The secret management attributes. + :type attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :ivar managed: True if the secret's lifetime is managed by key vault. If + this is a key backing a certificate, then managed will be true. + :vartype managed: bool + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted secret. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the secret is scheduled to be + purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the secret was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'managed': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'managed': {'key': 'managed', 'type': 'bool'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, recovery_id: str=None, **kwargs) -> None: + super(DeletedSecretItem, self).__init__(id=id, attributes=attributes, tags=tags, content_type=content_type, **kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedSecretListResult(Model): + """The deleted secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted secrets + in the vault along with a link to the next page of deleted secrets + :vartype value: list[~azure.keyvault.v7_1.models.DeletedSecretItem] + :ivar next_link: The URL to get the next set of deleted secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedSecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedSecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageAccountItem(Model): + """The storage account item containing storage account metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageAccountItem, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.attributes = None + self.tags = None + + +class DeletedStorageAccountItem(StorageAccountItem): + """The deleted storage account item containing metadata about the deleted + storage account. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Storage identifier. + :vartype id: str + :ivar resource_id: Storage account resource Id. + :vartype resource_id: str + :ivar attributes: The storage account management attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs. + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedStorageAccountItem, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class StorageBundle(Model): + """A Storage account bundle consists of key vault storage account details plus + its attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageBundle, self).__init__(**kwargs) + self.id = None + self.resource_id = None + self.active_key_name = None + self.auto_regenerate_key = None + self.regeneration_period = None + self.attributes = None + self.tags = None + + +class DeletedStorageBundle(StorageBundle): + """A deleted storage account bundle consisting of its previous id, attributes + and its tags, as well as information on when it will be purged. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: The storage account id. + :vartype id: str + :ivar resource_id: The storage account resource id. + :vartype resource_id: str + :ivar active_key_name: The current active storage account key name. + :vartype active_key_name: str + :ivar auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :vartype auto_regenerate_key: bool + :ivar regeneration_period: The key regeneration time duration specified in + ISO-8601 format. + :vartype regeneration_period: str + :ivar attributes: The storage account attributes. + :vartype attributes: ~azure.keyvault.v7_1.models.StorageAccountAttributes + :ivar tags: Application specific metadata in the form of key-value pairs + :vartype tags: dict[str, str] + :param recovery_id: The url of the recovery object, used to identify and + recover the deleted storage account. + :type recovery_id: str + :ivar scheduled_purge_date: The time when the storage account is scheduled + to be purged, in UTC + :vartype scheduled_purge_date: datetime + :ivar deleted_date: The time when the storage account was deleted, in UTC + :vartype deleted_date: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'resource_id': {'readonly': True}, + 'active_key_name': {'readonly': True}, + 'auto_regenerate_key': {'readonly': True}, + 'regeneration_period': {'readonly': True}, + 'attributes': {'readonly': True}, + 'tags': {'readonly': True}, + 'scheduled_purge_date': {'readonly': True}, + 'deleted_date': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'recovery_id': {'key': 'recoveryId', 'type': 'str'}, + 'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'}, + 'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'}, + } + + def __init__(self, *, recovery_id: str=None, **kwargs) -> None: + super(DeletedStorageBundle, self).__init__(**kwargs) + self.recovery_id = recovery_id + self.scheduled_purge_date = None + self.deleted_date = None + + +class DeletedStorageListResult(Model): + """The deleted storage account list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of the deleted storage + accounts in the vault along with a link to the next page of deleted + storage accounts + :vartype value: + list[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :ivar next_link: The URL to get the next set of deleted storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[DeletedStorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DeletedStorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class Error(Model): + """The key vault server error. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar inner_error: + :vartype inner_error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'inner_error': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'inner_error': {'key': 'innererror', 'type': 'Error'}, + } + + def __init__(self, **kwargs) -> None: + super(Error, self).__init__(**kwargs) + self.code = None + self.message = None + self.inner_error = None + + +class IssuerAttributes(Model): + """The attributes of an issuer managed by the Key Vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the issuer is enabled. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(IssuerAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + + +class IssuerBundle(Model): + """The issuer for Key Vault certificate. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Identifier for the issuer object. + :vartype id: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided to + the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'}, + 'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'}, + 'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'}, + } + + def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None: + super(IssuerBundle, self).__init__(**kwargs) + self.id = None + self.provider = provider + self.credentials = credentials + self.organization_details = organization_details + self.attributes = attributes + + +class IssuerCredentials(Model): + """The credentials to be used for the certificate issuer. + + :param account_id: The user name/account name/account id. + :type account_id: str + :param password: The password/secret/account key. + :type password: str + """ + + _attribute_map = { + 'account_id': {'key': 'account_id', 'type': 'str'}, + 'password': {'key': 'pwd', 'type': 'str'}, + } + + def __init__(self, *, account_id: str=None, password: str=None, **kwargs) -> None: + super(IssuerCredentials, self).__init__(**kwargs) + self.account_id = account_id + self.password = password + + +class IssuerParameters(Model): + """Parameters for the issuer of the X509 component of a certificate. + + :param name: Name of the referenced issuer object or reserved names; for + example, 'Self' or 'Unknown'. + :type name: str + :param certificate_type: Certificate type as supported by the provider + (optional); for example 'OV-SSL', 'EV-SSL' + :type certificate_type: str + :param certificate_transparency: Indicates if the certificates generated + under this policy should be published to certificate transparency logs. + :type certificate_transparency: bool + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'certificate_type': {'key': 'cty', 'type': 'str'}, + 'certificate_transparency': {'key': 'cert_transparency', 'type': 'bool'}, + } + + def __init__(self, *, name: str=None, certificate_type: str=None, certificate_transparency: bool=None, **kwargs) -> None: + super(IssuerParameters, self).__init__(**kwargs) + self.name = name + self.certificate_type = certificate_type + self.certificate_transparency = certificate_transparency + + +class JsonWebKey(Model): + """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. + + :param kid: Key identifier. + :type kid: str + :param kty: JsonWebKey Key Type (kty), as defined in + https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_ops: + :type key_ops: list[str] + :param n: RSA modulus. + :type n: bytes + :param e: RSA public exponent. + :type e: bytes + :param d: RSA private exponent, or the D component of an EC private key. + :type d: bytes + :param dp: RSA private key parameter. + :type dp: bytes + :param dq: RSA private key parameter. + :type dq: bytes + :param qi: RSA private key parameter. + :type qi: bytes + :param p: RSA secret prime. + :type p: bytes + :param q: RSA secret prime, with p < q. + :type q: bytes + :param k: Symmetric key. + :type k: bytes + :param t: HSM Token, used with 'Bring Your Own Key'. + :type t: bytes + :param crv: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type crv: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param x: X component of an EC public key. + :type x: bytes + :param y: Y component of an EC public key. + :type y: bytes + """ + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'n': {'key': 'n', 'type': 'base64'}, + 'e': {'key': 'e', 'type': 'base64'}, + 'd': {'key': 'd', 'type': 'base64'}, + 'dp': {'key': 'dp', 'type': 'base64'}, + 'dq': {'key': 'dq', 'type': 'base64'}, + 'qi': {'key': 'qi', 'type': 'base64'}, + 'p': {'key': 'p', 'type': 'base64'}, + 'q': {'key': 'q', 'type': 'base64'}, + 'k': {'key': 'k', 'type': 'base64'}, + 't': {'key': 'key_hsm', 'type': 'base64'}, + 'crv': {'key': 'crv', 'type': 'str'}, + 'x': {'key': 'x', 'type': 'base64'}, + 'y': {'key': 'y', 'type': 'base64'}, + } + + def __init__(self, *, kid: str=None, kty=None, key_ops=None, n: bytes=None, e: bytes=None, d: bytes=None, dp: bytes=None, dq: bytes=None, qi: bytes=None, p: bytes=None, q: bytes=None, k: bytes=None, t: bytes=None, crv=None, x: bytes=None, y: bytes=None, **kwargs) -> None: + super(JsonWebKey, self).__init__(**kwargs) + self.kid = kid + self.kty = kty + self.key_ops = key_ops + self.n = n + self.e = e + self.d = d + self.dp = dp + self.dq = dq + self.qi = qi + self.p = p + self.q = q + self.k = k + self.t = t + self.crv = crv + self.x = x + self.y = y + + +class KeyAttributes(Attributes): + """The attributes of a key managed by the key vault service. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for keys in the current vault. If it contains 'Purgeable' the key + can be permanently deleted by a privileged user; otherwise, only the + system can purge the key, at the end of the retention interval. Possible + values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(KeyAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class KeyCreateParameters(Model): + """The key create parameters. + + All required parameters must be populated in order to send to Azure. + + :param kty: Required. The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', + 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _validation = { + 'kty': {'required': True, 'min_length': 1}, + } + + _attribute_map = { + 'kty': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, *, kty, key_size: int=None, key_ops=None, key_attributes=None, tags=None, curve=None, **kwargs) -> None: + super(KeyCreateParameters, self).__init__(**kwargs) + self.kty = kty + self.key_size = key_size + self.key_ops = key_ops + self.key_attributes = key_attributes + self.tags = tags + self.curve = curve + + +class KeyImportParameters(Model): + """The key import parameters. + + All required parameters must be populated in order to send to Azure. + + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key: Required. The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'key': {'required': True}, + } + + _attribute_map = { + 'hsm': {'key': 'Hsm', 'type': 'bool'}, + 'key': {'key': 'key', 'type': 'JsonWebKey'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, key, hsm: bool=None, key_attributes=None, tags=None, **kwargs) -> None: + super(KeyImportParameters, self).__init__(**kwargs) + self.hsm = hsm + self.key = key + self.key_attributes = key_attributes + self.tags = tags + + +class KeyListResult(Model): + """The key list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of keys in the key vault + along with a link to the next page of keys. + :vartype value: list[~azure.keyvault.v7_1.models.KeyItem] + :ivar next_link: The URL to get the next set of keys. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[KeyItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class KeyOperationResult(Model): + """The key operation result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar kid: Key identifier + :vartype kid: str + :ivar result: + :vartype result: bytes + """ + + _validation = { + 'kid': {'readonly': True}, + 'result': {'readonly': True}, + } + + _attribute_map = { + 'kid': {'key': 'kid', 'type': 'str'}, + 'result': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyOperationResult, self).__init__(**kwargs) + self.kid = None + self.result = None + + +class KeyOperationsParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, value: bytes, **kwargs) -> None: + super(KeyOperationsParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.value = value + + +class KeyProperties(Model): + """Properties of the key pair backing a certificate. + + :param exportable: Indicates if the private key can be exported. + :type exportable: bool + :param key_type: The type of key pair to be used for the certificate. + Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM', 'oct' + :type key_type: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or 4096 + for RSA. + :type key_size: int + :param reuse_key: Indicates if the same key pair will be used on + certificate renewal. + :type reuse_key: bool + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521', + 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + """ + + _attribute_map = { + 'exportable': {'key': 'exportable', 'type': 'bool'}, + 'key_type': {'key': 'kty', 'type': 'str'}, + 'key_size': {'key': 'key_size', 'type': 'int'}, + 'reuse_key': {'key': 'reuse_key', 'type': 'bool'}, + 'curve': {'key': 'crv', 'type': 'str'}, + } + + def __init__(self, *, exportable: bool=None, key_type=None, key_size: int=None, reuse_key: bool=None, curve=None, **kwargs) -> None: + super(KeyProperties, self).__init__(**kwargs) + self.exportable = exportable + self.key_type = key_type + self.key_size = key_size + self.reuse_key = reuse_key + self.curve = curve + + +class KeyRestoreParameters(Model): + """The key restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_bundle_backup: Required. The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + """ + + _validation = { + 'key_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'key_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, key_bundle_backup: bytes, **kwargs) -> None: + super(KeyRestoreParameters, self).__init__(**kwargs) + self.key_bundle_backup = key_bundle_backup + + +class KeySignParameters(Model): + """The key operations parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm identifier. + For more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384', + 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', + 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: Required. + :type value: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'value': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'value': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, value: bytes, **kwargs) -> None: + super(KeySignParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.value = value + + +class KeyUpdateParameters(Model): + """The key update parameters. + + :param key_ops: Json web key operations. For more information on possible + key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'key_ops': {'key': 'key_ops', 'type': '[str]'}, + 'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, key_ops=None, key_attributes=None, tags=None, **kwargs) -> None: + super(KeyUpdateParameters, self).__init__(**kwargs) + self.key_ops = key_ops + self.key_attributes = key_attributes + self.tags = tags + + +class KeyVaultError(Model): + """The key vault error exception. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar error: + :vartype error: ~azure.keyvault.v7_1.models.Error + """ + + _validation = { + 'error': {'readonly': True}, + } + + _attribute_map = { + 'error': {'key': 'error', 'type': 'Error'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyVaultError, self).__init__(**kwargs) + self.error = None + + +class KeyVaultErrorException(HttpResponseError): + """Server responsed with exception of type: 'KeyVaultError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, response, deserialize, *args): + + model_name = 'KeyVaultError' + self.error = deserialize(model_name, response) + if self.error is None: + self.error = deserialize.dependencies[model_name]() + super(KeyVaultErrorException, self).__init__(response=response) + + +class KeyVerifyParameters(Model): + """The key verify parameters. + + All required parameters must be populated in order to send to Azure. + + :param algorithm: Required. The signing/verification algorithm. For more + information on possible algorithm types, see JsonWebKeySignatureAlgorithm. + Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', + 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: Required. The digest used for signing. + :type digest: bytes + :param signature: Required. The signature to be verified. + :type signature: bytes + """ + + _validation = { + 'algorithm': {'required': True, 'min_length': 1}, + 'digest': {'required': True}, + 'signature': {'required': True}, + } + + _attribute_map = { + 'algorithm': {'key': 'alg', 'type': 'str'}, + 'digest': {'key': 'digest', 'type': 'base64'}, + 'signature': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, algorithm, digest: bytes, signature: bytes, **kwargs) -> None: + super(KeyVerifyParameters, self).__init__(**kwargs) + self.algorithm = algorithm + self.digest = digest + self.signature = signature + + +class KeyVerifyResult(Model): + """The key verify result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: True if the signature is verified, otherwise false. + :vartype value: bool + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'bool'}, + } + + def __init__(self, **kwargs) -> None: + super(KeyVerifyResult, self).__init__(**kwargs) + self.value = None + + +class LifetimeAction(Model): + """Action and its trigger that will be performed by Key Vault over the + lifetime of a certificate. + + :param trigger: The condition that will execute the action. + :type trigger: ~azure.keyvault.v7_1.models.Trigger + :param action: The action that will be executed. + :type action: ~azure.keyvault.v7_1.models.Action + """ + + _attribute_map = { + 'trigger': {'key': 'trigger', 'type': 'Trigger'}, + 'action': {'key': 'action', 'type': 'Action'}, + } + + def __init__(self, *, trigger=None, action=None, **kwargs) -> None: + super(LifetimeAction, self).__init__(**kwargs) + self.trigger = trigger + self.action = action + + +class OrganizationDetails(Model): + """Details of the organization of the certificate issuer. + + :param id: Id of the organization. + :type id: str + :param admin_details: Details of the organization administrator. + :type admin_details: + list[~azure.keyvault.v7_1.models.AdministratorDetails] + """ + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'}, + } + + def __init__(self, *, id: str=None, admin_details=None, **kwargs) -> None: + super(OrganizationDetails, self).__init__(**kwargs) + self.id = id + self.admin_details = admin_details + + +class PendingCertificateSigningRequestResult(Model): + """The pending certificate signing request result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: The pending certificate signing request as Base64 encoded + string. + :vartype value: str + """ + + _validation = { + 'value': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(PendingCertificateSigningRequestResult, self).__init__(**kwargs) + self.value = None + + +class SasDefinitionAttributes(Model): + """The SAS definition management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for SAS definitions in the current vault. If it contains + 'Purgeable' the SAS definition can be permanently deleted by a privileged + user; otherwise, only the system can purge the SAS definition, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(SasDefinitionAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class SasDefinitionCreateParameters(Model): + """The SAS definition create parameters. + + All required parameters must be populated in order to send to Azure. + + :param template_uri: Required. The SAS definition token template signed + with an arbitrary key. Tokens created according to the SAS definition + will have the same properties as the template. + :type template_uri: str + :param sas_type: Required. The type of SAS token the SAS definition will + create. Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: Required. The validity period of SAS tokens + created according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'template_uri': {'required': True}, + 'sas_type': {'required': True}, + 'validity_period': {'required': True}, + } + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, template_uri: str, sas_type, validity_period: str, sas_definition_attributes=None, tags=None, **kwargs) -> None: + super(SasDefinitionCreateParameters, self).__init__(**kwargs) + self.template_uri = template_uri + self.sas_type = sas_type + self.validity_period = validity_period + self.sas_definition_attributes = sas_definition_attributes + self.tags = tags + + +class SasDefinitionListResult(Model): + """The storage account SAS definition list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of SAS definitions along + with a link to the next page of SAS definitions. + :vartype value: list[~azure.keyvault.v7_1.models.SasDefinitionItem] + :ivar next_link: The URL to get the next set of SAS definitions. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SasDefinitionItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SasDefinitionListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SasDefinitionUpdateParameters(Model): + """The SAS definition update parameters. + + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will have + the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'template_uri': {'key': 'templateUri', 'type': 'str'}, + 'sas_type': {'key': 'sasType', 'type': 'str'}, + 'validity_period': {'key': 'validityPeriod', 'type': 'str'}, + 'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, template_uri: str=None, sas_type=None, validity_period: str=None, sas_definition_attributes=None, tags=None, **kwargs) -> None: + super(SasDefinitionUpdateParameters, self).__init__(**kwargs) + self.template_uri = template_uri + self.sas_type = sas_type + self.validity_period = validity_period + self.sas_definition_attributes = sas_definition_attributes + self.tags = tags + + +class SecretAttributes(Attributes): + """The secret management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: Determines whether the object is enabled. + :type enabled: bool + :param not_before: Not before date in UTC. + :type not_before: datetime + :param expires: Expiry date in UTC. + :type expires: datetime + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for secrets in the current vault. If it contains 'Purgeable', the + secret can be permanently deleted by a privileged user; otherwise, only + the system can purge the secret, at the end of the retention interval. + Possible values include: 'Purgeable', 'Recoverable+Purgeable', + 'Recoverable', 'Recoverable+ProtectedSubscription', + 'CustomizedRecoverable+Purgeable', 'CustomizedRecoverable', + 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'not_before': {'key': 'nbf', 'type': 'unix-time'}, + 'expires': {'key': 'exp', 'type': 'unix-time'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None: + super(SecretAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs) + self.recoverable_days = None + self.recovery_level = None + + +class SecretListResult(Model): + """The secret list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of secrets in the key + vault along with a link to the next page of secrets. + :vartype value: list[~azure.keyvault.v7_1.models.SecretItem] + :ivar next_link: The URL to get the next set of secrets. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[SecretItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SecretListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class SecretProperties(Model): + """Properties of the key backing a certificate. + + :param content_type: The media type (MIME type). + :type content_type: str + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + } + + def __init__(self, *, content_type: str=None, **kwargs) -> None: + super(SecretProperties, self).__init__(**kwargs) + self.content_type = content_type + + +class SecretRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param secret_bundle_backup: Required. The backup blob associated with a + secret bundle. + :type secret_bundle_backup: bytes + """ + + _validation = { + 'secret_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'secret_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, secret_bundle_backup: bytes, **kwargs) -> None: + super(SecretRestoreParameters, self).__init__(**kwargs) + self.secret_bundle_backup = secret_bundle_backup + + +class SecretSetParameters(Model): + """The secret set parameters. + + All required parameters must be populated in order to send to Azure. + + :param value: Required. The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + } + + def __init__(self, *, value: str, tags=None, content_type: str=None, secret_attributes=None, **kwargs) -> None: + super(SecretSetParameters, self).__init__(**kwargs) + self.value = value + self.tags = tags + self.content_type = content_type + self.secret_attributes = secret_attributes + + +class SecretUpdateParameters(Model): + """The secret update parameters. + + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'content_type': {'key': 'contentType', 'type': 'str'}, + 'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, content_type: str=None, secret_attributes=None, tags=None, **kwargs) -> None: + super(SecretUpdateParameters, self).__init__(**kwargs) + self.content_type = content_type + self.secret_attributes = secret_attributes + self.tags = tags + + +class StorageAccountAttributes(Model): + """The storage account management attributes. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param enabled: the enabled state of the object. + :type enabled: bool + :ivar created: Creation time in UTC. + :vartype created: datetime + :ivar updated: Last updated time in UTC. + :vartype updated: datetime + :ivar recoverable_days: softDelete data retention days. Value should be + >=7 and <=90 when softDelete enabled, otherwise 0. + :vartype recoverable_days: int + :ivar recovery_level: Reflects the deletion recovery level currently in + effect for storage accounts in the current vault. If it contains + 'Purgeable' the storage account can be permanently deleted by a privileged + user; otherwise, only the system can purge the storage account, at the end + of the retention interval. Possible values include: 'Purgeable', + 'Recoverable+Purgeable', 'Recoverable', + 'Recoverable+ProtectedSubscription', 'CustomizedRecoverable+Purgeable', + 'CustomizedRecoverable', 'CustomizedRecoverable+ProtectedSubscription' + :vartype recovery_level: str or + ~azure.keyvault.v7_1.models.DeletionRecoveryLevel + """ + + _validation = { + 'created': {'readonly': True}, + 'updated': {'readonly': True}, + 'recoverable_days': {'readonly': True}, + 'recovery_level': {'readonly': True}, + } + + _attribute_map = { + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'created': {'key': 'created', 'type': 'unix-time'}, + 'updated': {'key': 'updated', 'type': 'unix-time'}, + 'recoverable_days': {'key': 'recoverableDays', 'type': 'int'}, + 'recovery_level': {'key': 'recoveryLevel', 'type': 'str'}, + } + + def __init__(self, *, enabled: bool=None, **kwargs) -> None: + super(StorageAccountAttributes, self).__init__(**kwargs) + self.enabled = enabled + self.created = None + self.updated = None + self.recoverable_days = None + self.recovery_level = None + + +class StorageAccountCreateParameters(Model): + """The storage account create parameters. + + All required parameters must be populated in order to send to Azure. + + :param resource_id: Required. Storage account resource id. + :type resource_id: str + :param active_key_name: Required. Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: Required. whether keyvault should manage the + storage account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _validation = { + 'resource_id': {'required': True}, + 'active_key_name': {'required': True}, + 'auto_regenerate_key': {'required': True}, + } + + _attribute_map = { + 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, resource_id: str, active_key_name: str, auto_regenerate_key: bool, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None: + super(StorageAccountCreateParameters, self).__init__(**kwargs) + self.resource_id = resource_id + self.active_key_name = active_key_name + self.auto_regenerate_key = auto_regenerate_key + self.regeneration_period = regeneration_period + self.storage_account_attributes = storage_account_attributes + self.tags = tags + + +class StorageAccountRegenerteKeyParameters(Model): + """The storage account key regenerate parameters. + + All required parameters must be populated in order to send to Azure. + + :param key_name: Required. The storage account key name. + :type key_name: str + """ + + _validation = { + 'key_name': {'required': True}, + } + + _attribute_map = { + 'key_name': {'key': 'keyName', 'type': 'str'}, + } + + def __init__(self, *, key_name: str, **kwargs) -> None: + super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs) + self.key_name = key_name + + +class StorageAccountUpdateParameters(Model): + """The storage account update parameters. + + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration specified + in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value pairs. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'active_key_name': {'key': 'activeKeyName', 'type': 'str'}, + 'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'}, + 'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'}, + 'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, active_key_name: str=None, auto_regenerate_key: bool=None, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None: + super(StorageAccountUpdateParameters, self).__init__(**kwargs) + self.active_key_name = active_key_name + self.auto_regenerate_key = auto_regenerate_key + self.regeneration_period = regeneration_period + self.storage_account_attributes = storage_account_attributes + self.tags = tags + + +class StorageListResult(Model): + """The storage accounts list result. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar value: A response message containing a list of storage accounts in + the key vault along with a link to the next page of storage accounts. + :vartype value: list[~azure.keyvault.v7_1.models.StorageAccountItem] + :ivar next_link: The URL to get the next set of storage accounts. + :vartype next_link: str + """ + + _validation = { + 'value': {'readonly': True}, + 'next_link': {'readonly': True}, + } + + _attribute_map = { + 'value': {'key': 'value', 'type': '[StorageAccountItem]'}, + 'next_link': {'key': 'nextLink', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(StorageListResult, self).__init__(**kwargs) + self.value = None + self.next_link = None + + +class StorageRestoreParameters(Model): + """The secret restore parameters. + + All required parameters must be populated in order to send to Azure. + + :param storage_bundle_backup: Required. The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + """ + + _validation = { + 'storage_bundle_backup': {'required': True}, + } + + _attribute_map = { + 'storage_bundle_backup': {'key': 'value', 'type': 'base64'}, + } + + def __init__(self, *, storage_bundle_backup: bytes, **kwargs) -> None: + super(StorageRestoreParameters, self).__init__(**kwargs) + self.storage_bundle_backup = storage_bundle_backup + + +class SubjectAlternativeNames(Model): + """The subject alternate names of a X509 object. + + :param emails: Email addresses. + :type emails: list[str] + :param dns_names: Domain names. + :type dns_names: list[str] + :param upns: User principal names. + :type upns: list[str] + """ + + _attribute_map = { + 'emails': {'key': 'emails', 'type': '[str]'}, + 'dns_names': {'key': 'dns_names', 'type': '[str]'}, + 'upns': {'key': 'upns', 'type': '[str]'}, + } + + def __init__(self, *, emails=None, dns_names=None, upns=None, **kwargs) -> None: + super(SubjectAlternativeNames, self).__init__(**kwargs) + self.emails = emails + self.dns_names = dns_names + self.upns = upns + + +class Trigger(Model): + """A condition to be satisfied for an action to be executed. + + :param lifetime_percentage: Percentage of lifetime at which to trigger. + Value should be between 1 and 99. + :type lifetime_percentage: int + :param days_before_expiry: Days before expiry to attempt renewal. Value + should be between 1 and validity_in_months multiplied by 27. If + validity_in_months is 36, then value should be between 1 and 972 (36 * + 27). + :type days_before_expiry: int + """ + + _validation = { + 'lifetime_percentage': {'maximum': 99, 'minimum': 1}, + } + + _attribute_map = { + 'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'}, + 'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'}, + } + + def __init__(self, *, lifetime_percentage: int=None, days_before_expiry: int=None, **kwargs) -> None: + super(Trigger, self).__init__(**kwargs) + self.lifetime_percentage = lifetime_percentage + self.days_before_expiry = days_before_expiry + + +class X509CertificateProperties(Model): + """Properties of the X509 component of a certificate. + + :param subject: The subject name. Should be a valid X509 distinguished + Name. + :type subject: str + :param ekus: The enhanced key usage. + :type ekus: list[str] + :param subject_alternative_names: The subject alternative names. + :type subject_alternative_names: + ~azure.keyvault.v7_1.models.SubjectAlternativeNames + :param key_usage: List of key usages. + :type key_usage: list[str or ~azure.keyvault.v7_1.models.KeyUsageType] + :param validity_in_months: The duration that the certificate is valid in + months. + :type validity_in_months: int + """ + + _validation = { + 'validity_in_months': {'minimum': 0}, + } + + _attribute_map = { + 'subject': {'key': 'subject', 'type': 'str'}, + 'ekus': {'key': 'ekus', 'type': '[str]'}, + 'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'}, + 'key_usage': {'key': 'key_usage', 'type': '[str]'}, + 'validity_in_months': {'key': 'validity_months', 'type': 'int'}, + } + + def __init__(self, *, subject: str=None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months: int=None, **kwargs) -> None: + super(X509CertificateProperties, self).__init__(**kwargs) + self.subject = subject + self.ekus = ekus + self.subject_alternative_names = subject_alternative_names + self.key_usage = key_usage + self.validity_in_months = validity_in_months diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/__init__.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/__init__.py new file mode 100644 index 000000000000..603e37d3ee07 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._key_vault_client_operations import KeyVaultClientOperationsMixin + +__all__ = [ + 'KeyVaultClientOperationsMixin', +] diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py new file mode 100644 index 000000000000..449c73af3bb1 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/operations/_key_vault_client_operations.py @@ -0,0 +1,5224 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.core.exceptions import map_error +from azure.core.paging import ItemPaged +from .. import models +import uuid + + +class KeyVaultClientOperationsMixin(object): + + def get_certificates( + self, vault_base_url, maxresults=None, include_pending=None, cls=None, **kwargs): + """List certificates in a specified key vault. + + The GetCertificates operation returns the set of certificates resources + in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificates.metadata = {'url': '/certificates'} + + def delete_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Deletes a certificate from a specified key vault. + + Deletes all versions of a certificate object along with its associated + policy. Delete certificate cannot be used to remove individual versions + of a certificate object. This operation requires the + certificates/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate.metadata = {'url': '/certificates/{certificate-name}'} + + def set_certificate_contacts(self, vault_base_url, contact_list=None, cls=None, **kwargs): + """Sets the certificate contacts for the specified key vault. + + Sets the certificate contacts for the specified key vault. This + operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param contact_list: The contact list for the vault certificates. + :type contact_list: list[~azure.keyvault.v7_1.models.Contact] + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + contacts = models.Contacts(contact_list=contact_list) + + # Construct URL + url = self.set_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(contacts, 'Contacts') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_contacts(self, vault_base_url, cls=None, **kwargs): + """Lists the certificate contacts for a specified key vault. + + The GetCertificateContacts operation returns the set of certificate + contact resources in the specified key vault. This operation requires + the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def delete_certificate_contacts(self, vault_base_url, cls=None, **kwargs): + """Deletes the certificate contacts for a specified key vault. + + Deletes the certificate contacts for a specified key vault certificate. + This operation requires the certificates/managecontacts permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: Contacts or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.Contacts + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_contacts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Contacts', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_contacts.metadata = {'url': '/certificates/contacts'} + + def get_certificate_issuers( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List certificate issuers for a specified key vault. + + The GetCertificateIssuers operation returns the set of certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateIssuerItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateIssuerItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_issuers.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateIssuerListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificate_issuers.metadata = {'url': '/certificates/issuers'} + + def set_certificate_issuer(self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, cls=None, **kwargs): + """Sets the specified certificate issuer. + + The SetCertificateIssuer operation adds or updates the specified + certificate issuer. This operation requires the certificates/setissuers + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.set_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def update_certificate_issuer(self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, cls=None, **kwargs): + """Updates the specified certificate issuer. + + The UpdateCertificateIssuer operation performs an update on the + specified certificate issuer entity. This operation requires the + certificates/setissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param provider: The issuer provider. + :type provider: str + :param credentials: The credentials to be used for the issuer. + :type credentials: ~azure.keyvault.v7_1.models.IssuerCredentials + :param organization_details: Details of the organization as provided + to the issuer. + :type organization_details: + ~azure.keyvault.v7_1.models.OrganizationDetails + :param attributes: Attributes of the issuer object. + :type attributes: ~azure.keyvault.v7_1.models.IssuerAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes) + + # Construct URL + url = self.update_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameter, 'CertificateIssuerUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def get_certificate_issuer(self, vault_base_url, issuer_name, cls=None, **kwargs): + """Lists the specified certificate issuer. + + The GetCertificateIssuer operation returns the specified certificate + issuer resources in the specified key vault. This operation requires + the certificates/manageissuers/getissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def delete_certificate_issuer(self, vault_base_url, issuer_name, cls=None, **kwargs): + """Deletes the specified certificate issuer. + + The DeleteCertificateIssuer operation permanently removes the specified + certificate issuer from the vault. This operation requires the + certificates/manageissuers/deleteissuers permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param issuer_name: The name of the issuer. + :type issuer_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: IssuerBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.IssuerBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_issuer.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IssuerBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'} + + def create_certificate(self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Creates a new certificate. + + If this is the first version, the certificate resource is created. This + operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.create_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'} + + def import_certificate(self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Imports a certificate into a specified key vault. + + Imports an existing valid certificate, containing a private key, into + Azure Key Vault. The certificate to be imported can be in either PFX or + PEM format. If the certificate is in PEM format the PEM file must + contain the key as well as x509 certificates. This operation requires + the certificates/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param base64_encoded_certificate: Base64 encoded representation of + the certificate object to import. This certificate needs to contain + the private key. + :type base64_encoded_certificate: str + :param password: If the private key in base64EncodedCertificate is + encrypted, the password used for encryption. + :type password: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.import_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateImportParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'} + + def get_certificate_versions( + self, vault_base_url, certificate_name, maxresults=None, cls=None, **kwargs): + """List the versions of a certificate. + + The GetCertificateVersions operation returns the versions of a + certificate in the specified key vault. This operation requires the + certificates/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of CertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.CertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_certificate_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('CertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'} + + def get_certificate_policy(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Lists the policy for a certificate. + + The GetCertificatePolicy operation returns the specified certificate + policy resources in the specified key vault. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in a given key + vault. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + def update_certificate_policy(self, vault_base_url, certificate_name, certificate_policy, cls=None, **kwargs): + """Updates the policy for a certificate. + + Set specified members in the certificate policy. Leave others as null. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_policy: The policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificatePolicy or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificatePolicy + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.update_certificate_policy.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_policy, 'CertificatePolicy') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificatePolicy', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'} + + def update_certificate(self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given certificate. + + The UpdateCertificate operation applies the specified update on the + given certificate; the only elements updated are the certificate's + attributes. This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given key + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param certificate_policy: The management policy for the certificate. + :type certificate_policy: + ~azure.keyvault.v7_1.models.CertificatePolicy + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.update_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + def get_certificate(self, vault_base_url, certificate_name, certificate_version, cls=None, **kwargs): + """Gets information about a certificate. + + Gets information about a specific certificate. This operation requires + the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate in the given + vault. + :type certificate_name: str + :param certificate_version: The version of the certificate. + :type certificate_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'), + 'certificate-version': self._serialize.url("certificate_version", certificate_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'} + + def update_certificate_operation(self, vault_base_url, certificate_name, cancellation_requested, cls=None, **kwargs): + """Updates a certificate operation. + + Updates a certificate creation operation that is already in progress. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param cancellation_requested: Indicates if cancellation was requested + on the certificate operation. + :type cancellation_requested: bool + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested) + + # Construct URL + url = self.update_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(certificate_operation, 'CertificateOperationUpdateParameter') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def get_certificate_operation(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Gets the creation operation of a certificate. + + Gets the creation operation associated with a specified certificate. + This operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def delete_certificate_operation(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Deletes the creation operation for a specific certificate. + + Deletes the creation operation for a specified certificate that is in + the process of being created. The certificate is no longer created. + This operation requires the certificates/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateOperation or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateOperation + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_certificate_operation.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateOperation', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'} + + def merge_certificate(self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, cls=None, **kwargs): + """Merges a certificate or a certificate chain with a key pair existing on + the server. + + The MergeCertificate operation performs the merging of a certificate or + certificate chain with a key pair currently available in the service. + This operation requires the certificates/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param x509_certificates: The certificate or the certificate chain to + merge. + :type x509_certificates: list[bytearray] + :param certificate_attributes: The attributes of the certificate + (optional). + :type certificate_attributes: + ~azure.keyvault.v7_1.models.CertificateAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags) + + # Construct URL + url = self.merge_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateMergeParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'} + + def backup_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Backs up the specified certificate. + + Requests that a backup of the specified certificate be downloaded to + the client. All versions of the certificate will be downloaded. This + operation requires the certificates/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate. + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupCertificateResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupCertificateResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupCertificateResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_certificate.metadata = {'url': '/certificates/{certificate-name}/backup'} + + def restore_certificate(self, vault_base_url, certificate_bundle_backup, cls=None, **kwargs): + """Restores a backed up certificate to a vault. + + Restores a backed up certificate, and all its versions, to a vault. + This operation requires the certificates/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_bundle_backup: The backup blob associated with a + certificate bundle. + :type certificate_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.CertificateRestoreParameters(certificate_bundle_backup=certificate_bundle_backup) + + # Construct URL + url = self.restore_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'CertificateRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_certificate.metadata = {'url': '/certificates/restore'} + + def get_deleted_certificates( + self, vault_base_url, maxresults=None, include_pending=None, cls=None, **kwargs): + """Lists the deleted certificates in the specified vault currently + available for recovery. + + The GetDeletedCertificates operation retrieves the certificates in the + current vault which are in a deleted state and ready for recovery or + purging. This operation includes deletion-specific information. This + operation requires the certificates/get/list permission. This operation + can only be enabled on soft-delete enabled vaults. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :param include_pending: Specifies whether to include certificates + which are not completely provisioned. + :type include_pending: bool + :return: An iterator like instance of DeletedCertificateItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedCertificateItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_certificates.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + if include_pending is not None: + query_parameters['includePending'] = self._serialize.query("include_pending", include_pending, 'bool') + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedCertificateListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_certificates.metadata = {'url': '/deletedcertificates'} + + def get_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Retrieves information about the specified deleted certificate. + + The GetDeletedCertificate operation retrieves the deleted certificate + information plus its attributes, such as retention interval, scheduled + permanent deletion and the current deletion recovery level. This + operation requires the certificates/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedCertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedCertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedCertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + def purge_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Permanently deletes the specified deleted certificate. + + The PurgeDeletedCertificate operation performs an irreversible deletion + of the specified certificate, without possibility for recovery. The + operation is not available if the recovery level does not specify + 'Purgeable'. This operation requires the certificate/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'} + + def recover_deleted_certificate(self, vault_base_url, certificate_name, cls=None, **kwargs): + """Recovers the deleted certificate back to its current version under + /certificates. + + The RecoverDeletedCertificate operation performs the reversal of the + Delete operation. The operation is applicable in vaults enabled for + soft-delete, and must be issued during the retention interval + (available in the deleted certificate's attributes). This operation + requires the certificates/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param certificate_name: The name of the deleted certificate + :type certificate_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: CertificateBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.CertificateBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_certificate.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('CertificateBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'} + + def create_key(self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, cls=None, **kwargs): + """Creates a new key, stores it, then returns key parameters and + attributes to the client. + + The create key operation can be used to create any key type in Azure + Key Vault. If the named key already exists, Azure Key Vault creates a + new version of the key. It requires the keys/create permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name for the new key. The system will generate + the version name for the new key. + :type key_name: str + :param kty: The type of key to create. For valid values, see + JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', + 'RSA-HSM', 'oct' + :type kty: str or ~azure.keyvault.v7_1.models.JsonWebKeyType + :param key_size: The key size in bits. For example: 2048, 3072, or + 4096 for RSA. + :type key_size: int + :param key_ops: + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param curve: Elliptic curve name. For valid values, see + JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', + 'P-521', 'P-256K' + :type curve: str or ~azure.keyvault.v7_1.models.JsonWebKeyCurveName + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve) + + # Construct URL + url = self.create_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyCreateParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + create_key.metadata = {'url': '/keys/{key-name}/create'} + + def import_key(self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, cls=None, **kwargs): + """Imports an externally created key, stores it, and returns key + parameters and attributes to the client. + + The import key operation may be used to import any key type into an + Azure Key Vault. If the named key already exists, Azure Key Vault + creates a new version of the key. This operation requires the + keys/import permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: Name for the imported key. + :type key_name: str + :param key: The Json web key + :type key: ~azure.keyvault.v7_1.models.JsonWebKey + :param hsm: Whether to import as a hardware key (HSM) or software key. + :type hsm: bool + :param key_attributes: The key management attributes. + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.import_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyImportParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + import_key.metadata = {'url': '/keys/{key-name}'} + + def delete_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Deletes a key of any type from storage in Azure Key Vault. + + The delete key operation cannot be used to remove individual versions + of a key. This operation removes the cryptographic material associated + with the key, which means the key is not usable for Sign/Verify, + Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the + keys/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to delete. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_key.metadata = {'url': '/keys/{key-name}'} + + def update_key(self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, cls=None, **kwargs): + """The update key operation changes specified attributes of a stored key + and can be applied to any key type and key version stored in Azure Key + Vault. + + In order to perform this operation, the key must already exist in the + Key Vault. Note: The cryptographic material of a key itself cannot be + changed. This operation requires the keys/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of key to update. + :type key_name: str + :param key_version: The version of the key to update. + :type key_version: str + :param key_ops: Json web key operations. For more information on + possible key operations, see JsonWebKeyOperation. + :type key_ops: list[str or + ~azure.keyvault.v7_1.models.JsonWebKeyOperation] + :param key_attributes: + :type key_attributes: ~azure.keyvault.v7_1.models.KeyAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags) + + # Construct URL + url = self.update_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key(self, vault_base_url, key_name, key_version, cls=None, **kwargs): + """Gets the public part of a stored key. + + The get key operation is applicable to all key types. If the requested + key is symmetric, then no key material is released in the response. + This operation requires the keys/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key to get. + :type key_name: str + :param key_version: Adding the version parameter retrieves a specific + version of a key. + :type key_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_key.metadata = {'url': '/keys/{key-name}/{key-version}'} + + def get_key_versions( + self, vault_base_url, key_name, maxresults=None, cls=None, **kwargs): + """Retrieves a list of individual key versions with the same key name. + + The full key identifier, attributes, and tags are provided in the + response. This operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_key_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_key_versions.metadata = {'url': '/keys/{key-name}/versions'} + + def get_keys( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a stored key. The LIST + operation is applicable to all key types, however only the base key + identifier, attributes, and tags are provided in the response. + Individual versions of a key are not listed in the response. This + operation requires the keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of KeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.KeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('KeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_keys.metadata = {'url': '/keys'} + + def backup_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Requests that a backup of the specified key be downloaded to the + client. + + The Key Backup operation exports a key from Azure Key Vault in a + protected form. Note that this operation does NOT return key material + in a form that can be used outside the Azure Key Vault system, the + returned key material is either protected to a Azure Key Vault HSM or + to Azure Key Vault itself. The intent of this operation is to allow a + client to GENERATE a key in one Azure Key Vault instance, BACKUP the + key, and then RESTORE it into another Azure Key Vault instance. The + BACKUP operation may be used to export, in protected form, any key type + from Azure Key Vault. Individual versions of a key cannot be backed up. + BACKUP / RESTORE can be performed within geographical boundaries only; + meaning that a BACKUP from one geographical area cannot be restored to + another geographical area. For example, a backup from the US + geographical area cannot be restored in an EU geographical area. This + operation requires the key/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupKeyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupKeyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupKeyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_key.metadata = {'url': '/keys/{key-name}/backup'} + + def restore_key(self, vault_base_url, key_bundle_backup, cls=None, **kwargs): + """Restores a backed up key to a vault. + + Imports a previously backed up key into Azure Key Vault, restoring the + key, its key identifier, attributes and access control policies. The + RESTORE operation may be used to import a previously backed up key. + Individual versions of a key cannot be restored. The key is restored in + its entirety with the same key name as it had when it was backed up. If + the key name is not available in the target Key Vault, the RESTORE + operation will be rejected. While the key name is retained during + restore, the final key identifier will change if the key is restored to + a different vault. Restore will restore all versions and preserve + version identifiers. The RESTORE operation is subject to security + constraints: The target Key Vault must be owned by the same Microsoft + Azure Subscription as the source Key Vault The user must have RESTORE + permission in the target Key Vault. This operation requires the + keys/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_bundle_backup: The backup blob associated with a key + bundle. + :type key_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup) + + # Construct URL + url = self.restore_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_key.metadata = {'url': '/keys/restore'} + + def encrypt(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Encrypts an arbitrary sequence of bytes using an encryption key that is + stored in a key vault. + + The ENCRYPT operation encrypts an arbitrary sequence of bytes using an + encryption key that is stored in Azure Key Vault. Note that the ENCRYPT + operation only supports a single block of data, the size of which is + dependent on the target key and the encryption algorithm to be used. + The ENCRYPT operation is only strictly necessary for symmetric keys + stored in Azure Key Vault since protection with an asymmetric key can + be performed using public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/encrypt permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.encrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'} + + def decrypt(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Decrypts a single block of encrypted data. + + The DECRYPT operation decrypts a well-formed block of ciphertext using + the target encryption key and specified algorithm. This operation is + the reverse of the ENCRYPT operation; only a single block of data may + be decrypted, the size of this block is dependent on the target key and + the algorithm to be used. The DECRYPT operation applies to asymmetric + and symmetric keys stored in Azure Key Vault since it uses the private + portion of the key. This operation requires the keys/decrypt + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.decrypt.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'} + + def sign(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Creates a signature from a digest using the specified key. + + The SIGN operation is applicable to asymmetric and symmetric keys + stored in Azure Key Vault since this operation uses the private portion + of the key. This operation requires the keys/sign permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm identifier. For + more information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeySignParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.sign.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeySignParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'} + + def verify(self, vault_base_url, key_name, key_version, algorithm, digest, signature, cls=None, **kwargs): + """Verifies a signature using a specified key. + + The VERIFY operation is applicable to symmetric keys stored in Azure + Key Vault. VERIFY is not strictly necessary for asymmetric keys stored + in Azure Key Vault since signature verification can be performed using + the public portion of the key but this operation is supported as a + convenience for callers that only have a key-reference and not the + public portion of the key. This operation requires the keys/verify + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: The signing/verification algorithm. For more + information on possible algorithm types, see + JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', + 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', + 'ES384', 'ES512', 'ES256K' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeySignatureAlgorithm + :param digest: The digest used for signing. + :type digest: bytes + :param signature: The signature to be verified. + :type signature: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyVerifyResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyVerifyResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature) + + # Construct URL + url = self.verify.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyVerifyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyVerifyResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'} + + def wrap_key(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Wraps a symmetric key using a specified key. + + The WRAP operation supports encryption of a symmetric key using a key + encryption key that has previously been stored in an Azure Key Vault. + The WRAP operation is only strictly necessary for symmetric keys stored + in Azure Key Vault since protection with an asymmetric key can be + performed using the public portion of the key. This operation is + supported for asymmetric keys as a convenience for callers that have a + key-reference but do not have access to the public key material. This + operation requires the keys/wrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.wrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'} + + def unwrap_key(self, vault_base_url, key_name, key_version, algorithm, value, cls=None, **kwargs): + """Unwraps a symmetric key using the specified key that was initially used + for wrapping that key. + + The UNWRAP operation supports decryption of a symmetric key using the + target key encryption key. This operation is the reverse of the WRAP + operation. The UNWRAP operation applies to asymmetric and symmetric + keys stored in Azure Key Vault since it uses the private portion of the + key. This operation requires the keys/unwrapKey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param key_version: The version of the key. + :type key_version: str + :param algorithm: algorithm identifier. Possible values include: + 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + :type algorithm: str or + ~azure.keyvault.v7_1.models.JsonWebKeyEncryptionAlgorithm + :param value: + :type value: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyOperationResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyOperationResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value) + + # Construct URL + url = self.unwrap_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str'), + 'key-version': self._serialize.url("key_version", key_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'KeyOperationsParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyOperationResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'} + + def get_deleted_keys( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists the deleted keys in the specified vault. + + Retrieves a list of the keys in the Key Vault as JSON Web Key + structures that contain the public part of a deleted key. This + operation includes deletion-specific information. The Get Deleted Keys + operation is applicable for vaults enabled for soft-delete. While the + operation can be invoked on any vault, it will return an error if + invoked on a non soft-delete enabled vault. This operation requires the + keys/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedKeyItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedKeyItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_keys.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedKeyListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_keys.metadata = {'url': '/deletedkeys'} + + def get_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Gets the public part of a deleted key. + + The Get Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/get permission. . + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedKeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedKeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedKeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + def purge_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Permanently deletes the specified key. + + The Purge Deleted Key operation is applicable for soft-delete enabled + vaults. While the operation can be invoked on any vault, it will return + an error if invoked on a non soft-delete enabled vault. This operation + requires the keys/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the key + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'} + + def recover_deleted_key(self, vault_base_url, key_name, cls=None, **kwargs): + """Recovers the deleted key to its latest version. + + The Recover Deleted Key operation is applicable for deleted keys in + soft-delete enabled vaults. It recovers the deleted key back to its + latest version under /keys. An attempt to recover an non-deleted key + will return an error. Consider this the inverse of the delete operation + on soft-delete enabled vaults. This operation requires the keys/recover + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param key_name: The name of the deleted key. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: KeyBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.KeyBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'key-name': self._serialize.url("key_name", key_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('KeyBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'} + + def set_secret(self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, cls=None, **kwargs): + """Sets a secret in a specified key vault. + + The SET operation adds a secret to the Azure Key Vault. If the named + secret already exists, Azure Key Vault creates a new version of that + secret. This operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param value: The value of the secret. + :type value: str + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes) + + # Construct URL + url = self.set_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretSetParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_secret.metadata = {'url': '/secrets/{secret-name}'} + + def delete_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Deletes a secret from a specified key vault. + + The DELETE operation applies to any secret stored in Azure Key Vault. + DELETE cannot be applied to an individual version of a secret. This + operation requires the secrets/delete permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_secret.metadata = {'url': '/secrets/{secret-name}'} + + def update_secret(self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, cls=None, **kwargs): + """Updates the attributes associated with a specified secret in a given + key vault. + + The UPDATE operation changes specified attributes of an existing stored + secret. Attributes that are not specified in the request are left + unchanged. The value of a secret itself cannot be changed. This + operation requires the secrets/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param content_type: Type of the secret value such as a password. + :type content_type: str + :param secret_attributes: The secret management attributes. + :type secret_attributes: ~azure.keyvault.v7_1.models.SecretAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags) + + # Construct URL + url = self.update_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secret(self, vault_base_url, secret_name, secret_version, cls=None, **kwargs): + """Get a specified secret from a given key vault. + + The GET operation is applicable to any secret stored in Azure Key + Vault. This operation requires the secrets/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param secret_version: The version of the secret. + :type secret_version: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str'), + 'secret-version': self._serialize.url("secret_version", secret_version, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'} + + def get_secrets( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List secrets in a specified key vault. + + The Get Secrets operation is applicable to the entire vault. However, + only the base secret identifier and its attributes are provided in the + response. Individual secret versions are not listed in the response. + This operation requires the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_secrets.metadata = {'url': '/secrets'} + + def get_secret_versions( + self, vault_base_url, secret_name, maxresults=None, cls=None, **kwargs): + """List all versions of the specified secret. + + The full secret identifier and attributes are provided in the response. + No values are returned for the secrets. This operations requires the + secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified, the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_secret_versions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'} + + def get_deleted_secrets( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists deleted secrets for the specified vault. + + The Get Deleted Secrets operation returns the secrets that have been + deleted for a vault enabled for soft-delete. This operation requires + the secrets/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSecretItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedSecretItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_secrets.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedSecretListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_secrets.metadata = {'url': '/deletedsecrets'} + + def get_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Gets the specified deleted secret. + + The Get Deleted Secret operation returns the specified deleted secret + along with its attributes. This operation requires the secrets/get + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + def purge_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Permanently deletes the specified secret. + + The purge deleted secret operation removes the secret permanently, + without the possibility of recovery. This operation can only be enabled + on a soft-delete enabled vault. This operation requires the + secrets/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'} + + def recover_deleted_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Recovers the deleted secret to the latest version. + + Recovers the deleted secret in the specified vault. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the secrets/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the deleted secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'} + + def backup_secret(self, vault_base_url, secret_name, cls=None, **kwargs): + """Backs up the specified secret. + + Requests that a backup of the specified secret be downloaded to the + client. All versions of the secret will be downloaded. This operation + requires the secrets/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_name: The name of the secret. + :type secret_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupSecretResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupSecretResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'secret-name': self._serialize.url("secret_name", secret_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupSecretResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'} + + def restore_secret(self, vault_base_url, secret_bundle_backup, cls=None, **kwargs): + """Restores a backed up secret to a vault. + + Restores a backed up secret, and all its versions, to a vault. This + operation requires the secrets/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param secret_bundle_backup: The backup blob associated with a secret + bundle. + :type secret_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: SecretBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SecretBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup) + + # Construct URL + url = self.restore_secret.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SecretRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecretBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_secret.metadata = {'url': '/secrets/restore'} + + def get_storage_accounts( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """List storage accounts managed by the specified key vault. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of StorageAccountItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.StorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('StorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_storage_accounts.metadata = {'url': '/storage'} + + def get_deleted_storage_accounts( + self, vault_base_url, maxresults=None, cls=None, **kwargs): + """Lists deleted storage accounts for the specified vault. + + The Get Deleted Storage Accounts operation returns the storage accounts + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/list permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedStorageAccountItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedStorageAccountItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_storage_accounts.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedStorageListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_storage_accounts.metadata = {'url': '/deletedstorage'} + + def get_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Gets the specified deleted storage account. + + The Get Deleted Storage Account operation returns the specified deleted + storage account along with its attributes. This operation requires the + storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + def purge_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Permanently deletes the specified storage account. + + The purge deleted storage account operation removes the secret + permanently, without the possibility of recovery. This operation can + only be performed on a soft-delete enabled vault. This operation + requires the storage/purge permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: None or the result of cls(response) + :rtype: None + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.purge_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + if cls: + response_headers = {} + return cls(response, None, response_headers) + purge_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}'} + + def recover_deleted_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Recovers the deleted storage account. + + Recovers the deleted storage account in the specified vault. This + operation can only be performed on a soft-delete enabled vault. This + operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_storage_account.metadata = {'url': '/deletedstorage/{storage-account-name}/recover'} + + def backup_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Backs up the specified storage account. + + Requests that a backup of the specified storage account be downloaded + to the client. This operation requires the storage/backup permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: BackupStorageResult or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.BackupStorageResult + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.backup_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('BackupStorageResult', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + backup_storage_account.metadata = {'url': '/storage/{storage-account-name}/backup'} + + def restore_storage_account(self, vault_base_url, storage_bundle_backup, cls=None, **kwargs): + """Restores a backed up storage account to a vault. + + Restores a backed up storage account to a vault. This operation + requires the storage/restore permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_bundle_backup: The backup blob associated with a + storage account. + :type storage_bundle_backup: bytes + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageRestoreParameters(storage_bundle_backup=storage_bundle_backup) + + # Construct URL + url = self.restore_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageRestoreParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + restore_storage_account.metadata = {'url': '/storage/restore'} + + def delete_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Deletes a storage account. This operation requires the storage/delete + permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedStorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedStorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedStorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def get_storage_account(self, vault_base_url, storage_account_name, cls=None, **kwargs): + """Gets information about a specified storage account. This operation + requires the storage/get permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def set_storage_account(self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, cls=None, **kwargs): + """Creates or updates a new storage account. This operation requires the + storage/set permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param resource_id: Storage account resource id. + :type resource_id: str + :param active_key_name: Current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.set_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def update_storage_account(self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given storage + account. This operation requires the storage/set/update permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param active_key_name: The current active storage account key name. + :type active_key_name: str + :param auto_regenerate_key: whether keyvault should manage the storage + account for the user. + :type auto_regenerate_key: bool + :param regeneration_period: The key regeneration time duration + specified in ISO-8601 format. + :type regeneration_period: str + :param storage_account_attributes: The attributes of the storage + account. + :type storage_account_attributes: + ~azure.keyvault.v7_1.models.StorageAccountAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags) + + # Construct URL + url = self.update_storage_account.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_storage_account.metadata = {'url': '/storage/{storage-account-name}'} + + def regenerate_storage_account_key(self, vault_base_url, storage_account_name, key_name, cls=None, **kwargs): + """Regenerates the specified key value for the given storage account. This + operation requires the storage/regeneratekey permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param key_name: The storage account key name. + :type key_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: StorageBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.StorageBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name) + + # Construct URL + url = self.regenerate_storage_account_key.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'StorageAccountRegenerteKeyParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('StorageBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'} + + def get_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, cls=None, **kwargs): + """List storage SAS definitions for the given storage account. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of SasDefinitionItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.SasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('SasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'} + + def get_deleted_sas_definitions( + self, vault_base_url, storage_account_name, maxresults=None, cls=None, **kwargs): + """Lists deleted SAS definitions for the specified vault and storage + account. + + The Get Deleted Sas Definitions operation returns the SAS definitions + that have been deleted for a vault enabled for soft-delete. This + operation requires the storage/listsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param maxresults: Maximum number of results to return in a page. If + not specified the service will return up to 25 results. + :type maxresults: int + :return: An iterator like instance of DeletedSasDefinitionItem + :rtype: + ~azure.core.paging.ItemPaged[~azure.keyvault.v7_1.models.DeletedSasDefinitionItem] + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + def prepare_request(next_link=None): + query_parameters = {} + if not next_link: + # Construct URL + url = self.get_deleted_sas_definitions.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + if maxresults is not None: + query_parameters['maxresults'] = self._serialize.query("maxresults", maxresults, 'int', maximum=25, minimum=1) + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(response): + deserialized = self._deserialize('DeletedSasDefinitionListResult', response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + return response + + # Deserialize response + return ItemPaged( + get_next, extract_data + ) + get_deleted_sas_definitions.metadata = {'url': '/deletedstorage/{storage-account-name}/sas'} + + def get_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Gets the specified deleted sas definition. + + The Get Deleted SAS Definition operation returns the specified deleted + SAS definition along with its attributes. This operation requires the + storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}'} + + def recover_deleted_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Recovers the deleted SAS definition. + + Recovers the deleted SAS definition for the specified storage account. + This operation can only be performed on a soft-delete enabled vault. + This operation requires the storage/recover permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.recover_deleted_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + recover_deleted_sas_definition.metadata = {'url': '/deletedstorage/{storage-account-name}/sas/{sas-definition-name}/recover'} + + def delete_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Deletes a SAS definition from a specified storage account. This + operation requires the storage/deletesas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: DeletedSasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.DeletedSasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.delete_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeletedSasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def get_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, cls=None, **kwargs): + """Gets information about a SAS definition for the specified storage + account. This operation requires the storage/getsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + # Construct URL + url = self.get_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def set_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri, sas_type, validity_period, sas_definition_attributes=None, tags=None, cls=None, **kwargs): + """Creates or updates a new SAS definition for the specified storage + account. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionCreateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.set_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionCreateParameters') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} + + def update_sas_definition(self, vault_base_url, storage_account_name, sas_definition_name, template_uri=None, sas_type=None, validity_period=None, sas_definition_attributes=None, tags=None, cls=None, **kwargs): + """Updates the specified attributes associated with the given SAS + definition. This operation requires the storage/setsas permission. + + :param vault_base_url: The vault name, for example + https://myvault.vault.azure.net. + :type vault_base_url: str + :param storage_account_name: The name of the storage account. + :type storage_account_name: str + :param sas_definition_name: The name of the SAS definition. + :type sas_definition_name: str + :param template_uri: The SAS definition token template signed with an + arbitrary key. Tokens created according to the SAS definition will + have the same properties as the template. + :type template_uri: str + :param sas_type: The type of SAS token the SAS definition will create. + Possible values include: 'account', 'service' + :type sas_type: str or ~azure.keyvault.v7_1.models.SasTokenType + :param validity_period: The validity period of SAS tokens created + according to the SAS definition. + :type validity_period: str + :param sas_definition_attributes: The attributes of the SAS + definition. + :type sas_definition_attributes: + ~azure.keyvault.v7_1.models.SasDefinitionAttributes + :param tags: Application specific metadata in the form of key-value + pairs. + :type tags: dict[str, str] + :param callable cls: A custom type or function that will be passed the + direct response + :return: SasDefinitionBundle or the result of cls(response) + :rtype: ~azure.keyvault.v7_1.models.SasDefinitionBundle + :raises: + :class:`KeyVaultErrorException` + """ + error_map = kwargs.pop('error_map', None) + parameters = models.SasDefinitionUpdateParameters(template_uri=template_uri, sas_type=sas_type, validity_period=validity_period, sas_definition_attributes=sas_definition_attributes, tags=tags) + + # Construct URL + url = self.update_sas_definition.metadata['url'] + path_format_arguments = { + 'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True), + 'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'), + 'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self._config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + + # Construct body + body_content = self._serialize.body(parameters, 'SasDefinitionUpdateParameters') + + # Construct and send request + request = self._client.patch(url, query_parameters, header_parameters, body_content) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise models.KeyVaultErrorException(response, self._deserialize) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SasDefinitionBundle', response) + + if cls: + return cls(response, deserialized, None) + + return deserialized + update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'} diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/version.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/version.py new file mode 100644 index 000000000000..d92d63667368 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_generated/v7_1_preview/version.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +VERSION = "7.1-preview" +