Skip to content

{Keyvault} Migrate azure-mgmt-keyvault to typespec generated SDK #32419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: dev
Choose a base branch
from
+49 −23
Draft

{Keyvault} Migrate azure-mgmt-keyvault to typespec generated SDK #32419

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions src/azure-cli/azure/cli/command_modules/keyvault/_transformers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -484,3 +484,29 @@ def transform_certificate_issuer_admin_list(result, **command_args):
} for contact in admin_contacts]
return ret
return result


def transform_vault_output(result, **command_args): # pylint: disable=unused-argument
from azure.mgmt.keyvault.models import Vault
if not result or not isinstance(result, Vault):
return result

from azure.cli.core.util import todict
output = todict(result)
if output.get('properties', None) and output['properties'].get('accessPolicies', None):
for policy in output['properties']['accessPolicies']:
if policy.get('permissions') and 'keysProperty' in policy['permissions']:
keys = policy['permissions']['keysProperty']
policy['permissions']['keys'] = keys
del policy['permissions']['keysProperty']
return output


def transform_vault_list(result, **command_args): # pylint: disable=unused-argument
if not result:
return result
output = []
for item in result:
new_item = transform_vault_output(item)
output.append(new_item)
return output
14 changes: 7 additions & 7 deletions src/azure-cli/azure/cli/command_modules/keyvault/commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
get_client, get_client_factory, Clients)

from azure.cli.command_modules.keyvault._transformers import (
filter_out_managed_resources,
filter_out_managed_resources, transform_vault_output, transform_vault_list,
multi_transformers, transform_key_decryption_output, keep_max_results, transform_key_list_output,
transform_key_output, transform_key_encryption_output, transform_key_random_output,
transform_secret_list, transform_deleted_secret_list, transform_secret_set,
Expand Down Expand Up @@ -70,14 +70,14 @@ def load_command_table(self, _):
# Management Plane Commands
with self.command_group('keyvault', mgmt_vaults_entity.command_type,
client_factory=mgmt_vaults_entity.client_factory) as g:
g.custom_command('create', 'create_vault_or_hsm', supports_no_wait=True)
g.custom_command('recover', 'recover_vault_or_hsm', supports_no_wait=True)
g.custom_command('list', 'list_vault_or_hsm')
g.custom_show_command('show', 'get_vault_or_hsm')
g.custom_command('create', 'create_vault_or_hsm', supports_no_wait=True, transform=transform_vault_output)
g.custom_command('recover', 'recover_vault_or_hsm', supports_no_wait=True, transform=transform_vault_output)
g.custom_command('list', 'list_vault_or_hsm', transform=transform_vault_list)
g.custom_show_command('show', 'get_vault_or_hsm', transform=transform_vault_output)
g.custom_command('delete', 'delete_vault_or_hsm', supports_no_wait=True)
g.custom_command('purge', 'purge_vault_or_hsm', supports_no_wait=True)
g.custom_command('set-policy', 'set_policy', supports_no_wait=True)
g.custom_command('delete-policy', 'delete_policy', supports_no_wait=True)
g.custom_command('set-policy', 'set_policy', supports_no_wait=True, transform=transform_vault_output)
g.custom_command('delete-policy', 'delete_policy', supports_no_wait=True, transform=transform_vault_output)
g.custom_command('list-deleted', 'list_deleted_vault_or_hsm')
g.custom_command('show-deleted', 'get_deleted_vault_or_hsm')
g.generic_update_command(
Expand Down
24 changes: 12 additions & 12 deletions src/azure-cli/azure/cli/command_modules/keyvault/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@

def _default_certificate_profile(cmd):
def get_model(x):
return cmd.loader.get_sdk(x, resource_type=ResourceType.DATA_KEYVAULT_CERTIFICATES, mod='_generated_models')
return cmd.loader.get_models(x, resource_type=ResourceType.DATA_KEYVAULT_CERTIFICATES, mod='_generated_models')

Action = get_model('Action')
ActionType = get_model('ActionType')
Expand Down Expand Up @@ -354,7 +354,7 @@ def recover_vault(cmd, client, vault_name, resource_group_name, location, no_wai
return sdk_no_wait(no_wait, client.begin_create_or_update,
resource_group_name=resource_group_name,
vault_name=vault_name,
parameters=params)
parameters=params).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Suggested change
parameters=params).result()
parameters=params)

Copilot uses AI. Check for mistakes.


def _parse_network_acls(cmd, resource_group_name, network_acls_json, network_acls_ips, network_acls_vnets,
Expand Down Expand Up @@ -623,7 +623,7 @@ def create_vault(cmd, client, # pylint: disable=too-many-locals, too-many-state
if no_self_perms or enable_rbac_authorization:
access_policies = []
else:
permissions = Permissions(keys=[KeyPermissions.all],
permissions = Permissions(keys_property=[KeyPermissions.all],
secrets=[SecretPermissions.all],
certificates=[CertificatePermissions.all],
storage=[StoragePermissions.all])
Expand Down Expand Up @@ -661,7 +661,7 @@ def create_vault(cmd, client, # pylint: disable=too-many-locals, too-many-state
return sdk_no_wait(no_wait, client.begin_create_or_update,
resource_group_name=resource_group_name,
vault_name=vault_name,
parameters=parameters)
parameters=parameters).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Copilot uses AI. Check for mistakes.


def update_vault_setter(cmd, client, parameters, resource_group_name, vault_name, no_wait=False):
Expand All @@ -673,7 +673,7 @@ def update_vault_setter(cmd, client, parameters, resource_group_name, vault_name
parameters=VaultCreateOrUpdateParameters(
location=parameters.location,
tags=parameters.tags,
properties=parameters.properties))
properties=parameters.properties)).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Suggested change
properties=parameters.properties)).result()
properties=parameters.properties)
)

Copilot uses AI. Check for mistakes.


def update_hsm_setter(cmd, client, parameters, resource_group_name, name, no_wait=False):
Expand Down Expand Up @@ -820,27 +820,27 @@ def set_policy(cmd, client, resource_group_name, vault_name,
tenant_id=vault.properties.tenant_id,
object_id=object_id,
application_id=application_id,
permissions=Permissions(keys=key_permissions,
permissions=Permissions(keys_property=key_permissions,
secrets=secret_permissions,
certificates=certificate_permissions,
storage=storage_permissions)))
else:
# Modify existing policy.
# If key_permissions is not set, use prev. value (similarly with secret_permissions).
keys = policy.permissions.keys if key_permissions is None else key_permissions
keys = policy.permissions.keys_property if key_permissions is None else key_permissions
secrets = policy.permissions.secrets if secret_permissions is None else secret_permissions
certs = policy.permissions.certificates \
if certificate_permissions is None else certificate_permissions
storage = policy.permissions.storage if storage_permissions is None else storage_permissions
policy.permissions = Permissions(keys=keys, secrets=secrets, certificates=certs, storage=storage)
policy.permissions = Permissions(keys_property=keys, secrets=secrets, certificates=certs, storage=storage)

return sdk_no_wait(no_wait, client.begin_create_or_update,
resource_group_name=resource_group_name,
vault_name=vault_name,
parameters=VaultCreateOrUpdateParameters(
location=vault.location,
tags=vault.tags,
properties=vault.properties))
properties=vault.properties)).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Suggested change
properties=vault.properties)).result()
properties=vault.properties))

Copilot uses AI. Check for mistakes.


def add_network_rule_for_vault_or_hsm(cmd, client, resource_group_name, vault_name=None, hsm_name=None,
Expand Down Expand Up @@ -909,7 +909,7 @@ def add_vault_network_rule(cmd, client, resource_group_name, vault_name, ip_addr
parameters=VaultCreateOrUpdateParameters(
location=vault.location,
tags=vault.tags,
properties=vault.properties))
properties=vault.properties)).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Suggested change
properties=vault.properties)).result()
properties=vault.properties))

Copilot uses AI. Check for mistakes.


def add_hsm_network_rule(cmd, client, resource_group_name, hsm_name,
Expand Down Expand Up @@ -1001,7 +1001,7 @@ def remove_vault_network_rule(cmd, client, resource_group_name, vault_name, ip_a
parameters=VaultCreateOrUpdateParameters(
location=vault.location,
tags=vault.tags,
properties=vault.properties))
properties=vault.properties)).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Suggested change
properties=vault.properties)).result()
properties=vault.properties))

Copilot uses AI. Check for mistakes.


def remove_hsm_network_rule(client, resource_group_name, hsm_name,
Expand Down Expand Up @@ -1079,7 +1079,7 @@ def delete_policy(cmd, client, resource_group_name, vault_name,
parameters=VaultCreateOrUpdateParameters(
location=vault.location,
tags=vault.tags,
properties=vault.properties))
properties=vault.properties)).result()
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .result() after sdk_no_wait() breaks the no-wait functionality. When no_wait=True, sdk_no_wait returns a poller without waiting, but immediately calling .result() forces the operation to wait anyway, defeating the purpose of the no_wait parameter.

The .result() call should be removed here. The sdk_no_wait function already handles the no_wait parameter correctly by returning either the result (when no_wait=False) or the poller (when no_wait=True).

Suggested change
properties=vault.properties)).result()
properties=vault.properties))

Copilot uses AI. Check for mistakes.
# endregion


Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/requirements.py3.Darwin.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ azure-mgmt-imagebuilder==1.3.0
azure-mgmt-iotcentral==10.0.0b1
azure-mgmt-iothub==5.0.0b1
azure-mgmt-iothubprovisioningservices==1.1.0
azure-mgmt-keyvault==12.1.0
azure-mgmt-keyvault==13.0.0
azure-mgmt-loganalytics==13.0.0b4
azure-mgmt-managementgroups==1.0.0
azure-mgmt-maps==2.0.0
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/requirements.py3.Linux.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ azure-mgmt-imagebuilder==1.3.0
azure-mgmt-iotcentral==10.0.0b1
azure-mgmt-iothub==5.0.0b1
azure-mgmt-iothubprovisioningservices==1.1.0
azure-mgmt-keyvault==12.1.0
azure-mgmt-keyvault==13.0.0
azure-mgmt-loganalytics==13.0.0b4
azure-mgmt-managementgroups==1.0.0
azure-mgmt-maps==2.0.0
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/requirements.py3.windows.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ azure-mgmt-imagebuilder==1.3.0
azure-mgmt-iotcentral==10.0.0b1
azure-mgmt-iothub==5.0.0b1
azure-mgmt-iothubprovisioningservices==1.1.0
azure-mgmt-keyvault==12.1.0
azure-mgmt-keyvault==13.0.0
azure-mgmt-loganalytics==13.0.0b4
azure-mgmt-managementgroups==1.0.0
azure-mgmt-maps==2.0.0
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@
'azure-mgmt-iotcentral~=10.0.0b1',
'azure-mgmt-iothub==5.0.0b1',
'azure-mgmt-iothubprovisioningservices==1.1.0',
'azure-mgmt-keyvault==12.1.0',
'azure-mgmt-keyvault==13.0.0',
'azure-mgmt-loganalytics==13.0.0b4',
'azure-mgmt-managementgroups~=1.0.0',
'azure-mgmt-maps~=2.0.0',
Expand Down
Loading