[Key Vault] TypeSpec for Security Domain library #31060
Conversation
Next Steps to MergeNext steps that must be taken to merge this PR:
|
Generated ApiView
|
AzureRestAPISpecReview
added
data-plane
VersioningReviewRequired
There was a problem hiding this comment.
Apart from a few non-blocking thoughts, as long as the emitted swagger matches their service definition this looks good to me. Best to have Key Vault check over the swagger, though, or did you already generate a Python SDK from it to test against their service (probably best anyway)?
| emitter-output-dir: "{project-root}/.." | ||
| output-file: "{azure-resource-provider-folder}/{service-name}/{version-status}/{version}/securitydomain-sdk.json" | ||
| # Uncomment this line and add "@azure-tools/typespec-python" to your package.json to generate Python code | ||
| "@azure-tools/typespec-python": |
There was a problem hiding this comment.
Doesn't this need to be up in the emit array as well, or is that only for the python SDK repo?
There was a problem hiding this comment.
Why are these files ending in "-sdk"? They are for the service which we don't consider an "SDK" typically. Can't it just be "securitydomain.json"? This also matches what service swaggers are now for Key Vault, and what all the other TSPs should be doing.
There was a problem hiding this comment.
I added -sdk for this and the other conversions' swaggers because it's not totally aligned with the original swaggers. In this case, the Security Domain spec is constructed from common.json and securitydomain.json, so the swagger generated from it is the combination of those two
There was a problem hiding this comment.
I think that's fine. common.json was also an implementation detail anyway and was just for humans to avoid duplication. Given we're emitting these swaggers, I don't see a need to differentiate. I worry that "sdk" will make orgs that want to generate their own clients (from swagger) think these aren't the service specs.
| statusDetails?: string; | ||
| } | ||
|
|
||
| /** |
There was a problem hiding this comment.
These appear to be normal Azure Core errors. Can't we use those instead of redefining?
There was a problem hiding this comment.
The Key Vault error is a little different in its definition, but I do think it's functionally equivalent to the Azure Core error. If I'm not mistaken, KV's custom error has an additional innerError property.
| /** | ||
| * A JSON Web Key (JWK) for use in a security domain operation. | ||
| */ | ||
| model SecurityDomainJsonWebKey { |
There was a problem hiding this comment.
Nit: seems we should be defining common types like JWKs in a common tsp further up. I won't block on this, but we should consider it. We don't want JWKs - an industry standard - diverging accidentally or incidentally.
| * X509 certificate SHA1 thumbprint. This is optional. | ||
| */ | ||
| @encodedName("application/json", "x5t") | ||
| x5T?: string; |
There was a problem hiding this comment.
Seems this should be x5t just as it is below (x5tS256). That's the industry standard anyway, and won't impact casing rules in client emitters anyway...or shouldn't, anyway.
| @@ -26,6 +26,7 @@ interface HsmSecurityDomain { | |||
| */ | |||
| #suppress "@azure-tools/typespec-azure-core/use-standard-operations" "Foundations.Operation necessary for Key Vault" | |||
| @pollingOperation(HsmSecurityDomain.downloadPending) | |||
| @finalOperation(HsmSecurityDomain.downloadPending) | |||
There was a problem hiding this comment.
Seems the operation ID should be case-sensitive, so we should either call the interface HSMSecurityDomain or use a decorator to do so, if possible.
openapi-pipeline-app
bot
added
PipelineBotTrigger
and removed
PipelineBotTrigger
labels
Data Plane API Specification Update Pull Request
Tip
Overwhelmed by all this guidance? See the
Getting helpsection at the bottom of this PR description.This converts the existing Security Domain specification from Swagger to TypeSpec. The goal is to generate a Python library from this specification,
azure-keyvault-securitydomain, for CLI consumption and external customer use. There are currently no plans for shipping this library in other languages.Initial preview timeline: Python public preview release by October 22nd, 2024.
Python library implementation: Azure/azure-sdk-for-python#37929
PR review workflow diagram
Please understand this diagram before proceeding. It explains how to get your PR approved & merged.
API Info: The Basics
Most of the information about your service should be captured in the issue that serves as your API Spec engagement record.
Is this review for (select one):
Change Scope
This section will help us focus on the specific parts of your API that are new or have been modified.
Please share a link to the design document for the new APIs, a link to the previous API Spec document (if applicable), and the root paths that have been updated.
Viewing API changes
For convenient view of the API changes made by this PR, refer to the URLs provided in the table
in the
Generated ApiViewcomment added to this PR. You can use ApiView to show API versions diff.Suppressing failures
If one or multiple validation error/warning suppression(s) is detected in your PR, please follow the
Swagger-Suppression-Process
to get approval.
❔Got questions? Need additional info?? We are here to help!
Contact us!
The Azure API Review Board is dedicated to helping you create amazing APIs. You can read about our mission and learn more about our process on our wiki.
Click here for links to tools, specs, guidelines & other good stuff
Tooling
Guidelines & Specifications
Helpful Links
Getting help
write accessper aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositoriesNext Steps to Mergecomment. It will appear within few minutes of submitting this PR and will continue to be up-to-date with current PR state.and https://aka.ms/ci-fix.
queuedstate, please add a comment with contents/azp run.This should result in a new comment denoting a
PR validation pipelinehas started and the checks should be updated after few minutes.