[Key Vault] TypeSpec for Security Domain library

specification/keyvault/data-plane/Security.KeyVault.SecurityDomain/client.tsp

@@ -0,0 +1,38 @@
+import "@azure-tools/typespec-client-generator-core";
+import "@typespec/rest";
+import "@typespec/http";
+import "@typespec/versioning";
+import "./main.tsp";
+
+using Azure.ClientGenerator.Core;
+using KeyVault;
+
+@TypeSpec.Versioning.useDependency(Azure.Core.Versions.v1_0_Preview_2)
+@TypeSpec.Versioning.useDependency(KeyVault.Versions.`v7.5`)
+namespace ClientCustomizations;
+
+@@access(CertificateInfoObject, Access.public);
+@@access(SecurityDomainObject, Access.public);
+
+@client({
+  name: "KeyVaultClient",
+  service: KeyVault,
+})
+interface KeyVaultClient {
+  #suppress "@azure-tools/typespec-azure-core/use-standard-operations" "Foundations.Operation necessary for Key Vault"
+  getDownloadStatus is HsmSecurityDomain.downloadPending;
+
+  #suppress "@azure-tools/typespec-azure-core/use-standard-operations" "Foundations.Operation necessary for Key Vault"
+  @access(Access.internal)
+  download is HsmSecurityDomain.download;
+
+  #suppress "@azure-tools/typespec-azure-core/use-standard-operations" "Foundations.Operation necessary for Key Vault"
+  getUploadStatus is HsmSecurityDomain.uploadPending;
+
+  #suppress "@azure-tools/typespec-azure-core/use-standard-operations" "Foundations.Operation necessary for Key Vault"
+  @access(Access.internal)
+  upload is HsmSecurityDomain.upload;
+
+  #suppress "@azure-tools/typespec-azure-core/use-standard-operations" "Foundations.Operation necessary for Key Vault"
+  getTransferKey is HsmSecurityDomain.transferKey;
+}

specification/keyvault/data-plane/Security.KeyVault.SecurityDomain/examples/securitydomainoperationstatus-example.json

@@ -0,0 +1,14 @@
+{
+  "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net/",
+    "api-version": "7.5"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "status": "InProgress",
+        "status_details": ""
+      }
+    }
+  }
+}

specification/keyvault/data-plane/Security.KeyVault.SecurityDomain/examples/securitydomaintransferkey-example.json

@@ -0,0 +1,28 @@
+{
+  "parameters": {
+    "vaultBaseUrl": "https://myvault.vault.azure.net/",
+    "api-version": "7.5"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "key_format": "jwk",
+        "transfer_key": {
+          "kid": "https://myvault.vault.azure.net/transfer_key",
+          "kty": "RSA",
+          "key_ops": [
+            "encrypt"
+          ],
+          "n": "2HJAE5fU3Cw2Rt9hEuq-F6XjINKGa-zskfISVqopqUy60GOs2eyhxbWbJBeUXNor_gf-tXtNeuqeBgitLeVa640UDvnEjYTKWjCniTxZRaU7ewY8BfTSk-7KxoDdLsPSpX_MX4rwlAx-_1UGk5t4sQgTbm9T6Fm2oqFd37dsz5-Gj27UP2GTAShfJPFD7MqU_zIgOI0pfqsbNL5xTQVM29K6rX4jSPtylZV3uWJtkoQIQnrIHhk1d0SC0KwlBV3V7R_LVYjiXLyIXsFzSNYgQ68ZjAwt8iL7I8Osa-ehQLM13DVvLASaf7Jnu3sC3CWl3Gyirgded6cfMmswJzY87w",
+          "e": "AQAB",
+          "alg": "RSA-OAEP-256",
+          "x5c": [
+            "MIIEnTCCBAgIBATANBgkAoWgAwIqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVjZXJ0QTAeFw0yMDA0MjYwM/mivTQ26aDwb1Pd8h+SGcgJNy1VOnmI5+uvgfh9Qj6glJZHEyvh6dat6f4DDTwRVf6Vvc5noB/yiilaMj1GPW0Bwg5u5atZcjzTb6wOFYOGd2Y1WFBwQqqxriWo62Fp/TO5+kQigYkgVZXcPjbm2c0hdkisPt+APqEdMotmYTANxtC6McP+9KOO8+12K2fj2a9NEhRJOboGQeZ0M7DJoQDl4wg8f2nswxH/36Vfc5ad+nxRYwYObRYfgOh8vpYaw3cpj5+UHBaPQ8ZiQNDoWHJWvX5z1nTmCc2NmLHdi3ijkoc7AKHIv/ZX7qbNhv11a76gJRi/IoHkcf1UTpxCoD+eTbo8Isxt4c9fBTk1vS4wSGsJCewxcyMlTB9FHufPM8k5Uz/ZCOrc+RoaznKPGamgMJOOwbPE1WcBnxuG4rQcskdCa59NiZXyZsx5vsCAwEAAaMCMAAwDQYJKoZIhvcNAQELBQADggIBAAjHy9GCPejDYIVb/iv8Wo40n317LQN7H6ay+YB5L2byEQATvC1ixde6VqwU6k9VdoQOTfP3xJhfstKrO+n5mFJBL4KG8BZBbd6XQu/ggPLKEIVZFbeQkX6o03K54gY8GxYjHr6gF12I6heLWVKA/Qi480GqSlp2Nz+LE1jgPp9u52xpUPjsvRHXtxYZ7Q3O2jhPToNr3D/TZSu3tmQOeqj9M/igLDe9TxqN9C9jraUGR7Lr4zN1srtvIKhxGMS3Q9kC4Mq+ZNNIwC9+jzzd8fB2pGJP/iTFDzB0pDh9Jz0/CR4O4aGoYqkQEx629aZH2TzhOh2yf04TaniwkHXnUEsPTxrpY8ty/OUG3HzBMHCDhS08ZSimrrxhiWyH6g0OEglXVGrI2nH6nnQIn1MTNILcjUTMRt/WSOz6G07oZciAouKD2YS/W1qPap600kGhTya81BuYThGmFoXVMs7Mk3XBzZ81b6hJ6ncwCLb3g4YzqeQ8bOf42jYJctq4tPNaXTfoC7N0FX7lPVJpRdh6BFcHYcg0NPWJsdk6LtSJB6bp2qptRAgJ5S94s843FRd8PRFE10TKDfj3YFRBNkx7qDjwUhtN8/JC9+RHHw0Ngd0x2/BLqeCEMAQaJoC53h0aMLW6PSyovnsLvdJbN/rYc15qUXSz8TtjaHFpjsy/Fo5H"
+          ],
+          "x5t": "dJKBile6IJDrRGqa3k5d8_IKFdI",
+          "x5t#S256": "gIBQCTDDN"
+        }
+      }
+    }
+  }
+}

specification/keyvault/data-plane/Security.KeyVault.SecurityDomain/main.tsp

@@ -0,0 +1,50 @@
+/**
+ * PLEASE DO NOT REMOVE - USED FOR CONVERTER METRICS
+ * Generated by package: @autorest/openapi-to-typespec
+ * Version: 0.10.0
+ * Date: 2024-10-02T23:18:13.583Z
+ */
+import "@typespec/rest";
+import "@typespec/http";
+import "./routes.tsp";
+
+using TypeSpec.Rest;
+using TypeSpec.Http;
+using TypeSpec.Versioning;
+
+/**
+ * The key vault client performs cryptographic key operations and vault operations
+ * against the Key Vault service.
+ */
+@useAuth(
+  OAuth2Auth<[
+    {
+      type: OAuth2FlowType.implicit,
+      authorizationUrl: "https://login.microsoftonline.com/common/oauth2/authorize",
+      scopes: ["https://vault.azure.net/.default"],
+    }
+  ]>
+)
+@service({
+  title: "Key Vault",
+})
+@versioned(Versions)
+@server(
+  "{vaultBaseUrl}",
+  "The key vault client performs cryptographic key operations and vault operations against the Key Vault service.",
+  {
+    vaultBaseUrl: url,
+  }
+)
+namespace KeyVault;
+
+/**
+ * The available API versions.
+ */
+enum Versions {
+  /**
+   * The 7.5 API version.
+   */
+  @useDependency(Azure.Core.Versions.v1_0_Preview_2)
+  `v7.5`: "7.5",
+}

specification/keyvault/data-plane/Security.KeyVault.SecurityDomain/models.tsp

@@ -0,0 +1,190 @@
+import "@azure-tools/typespec-azure-core";
+import "@typespec/rest";
+import "@typespec/http";
+
+using Azure.Core;
+using TypeSpec.Rest;
+using TypeSpec.Http;
+
+namespace KeyVault;
+
+/**
+ * Operation status.
+ */
+@lroStatus
+union OperationStatus {
+  string,
+
+  /** The operation succeeded. */
+  @lroSucceeded
+  Success: "Success", // The correct response should be "Succeeded", but this has already shipped.
+
+  /** The operation is in progress. */
+  InProgress: "InProgress",
+
+  /** The operation failed. */
+  @lroFailed
+  Failed: "Failed",
+}
+
+/**
+ * The Security Domain operation status.
+ */
+model SecurityDomainOperationStatus {
+  /**
+   * Operation status.
+   */
+  status?: OperationStatus;
+
+  /**
+   * Details of the operation status.
+   */
+  @encodedName("application/json", "status_details")
+  statusDetails?: string;
+}
+
+/**
+ * The Security Domain download operation requires customer to provide N certificates (minimum 3 and maximum 10)
+ * containing a public key in JWK format.
+ */
+model CertificateInfoObject {
+  /**
+   * Certificates needed from customer.
+   */
+  @maxItems(10)
+  @minItems(3)
+  certificates: SecurityDomainJsonWebKey[]; // TODO: These need to be unique items
+
+  /**
+   * Customer to specify the number of certificates (minimum 2 and maximum 10) to restore Security Domain.
+   */
+  @maxValue(10)
+  @minValue(2)
+  required?: int32 = 2;
+}
+
+/**
+ * A JSON Web Key (JWK) for use in a security domain operation.
+ */
+model SecurityDomainJsonWebKey {
+  /**
+   * Key identifier.
+   */
+  kid: string;
+
+  /**
+   * JsonWebKey Key Type (kty), as defined in
+   * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40. For
+   * Security Domain this value must be RSA.
+   */
+  kty: string;
+
+  /**
+   * Supported key operations.
+   */
+  @encodedName("application/json", "key_ops")
+  keyOps: string[];
+
+  /**
+   * RSA modulus.
+   */
+  n: string;
+
+  /**
+   * RSA public exponent.
+   */
+  e: string;
+
+  /**
+   * X509 certificate chain parameter.
+   */
+  @encodedName("application/json", "x5c")
+  x5C: string[];
+
+  /**
+   * Public Key Use Parameter. This is optional and if present must be enc.
+   */
+  use?: string;
+
+  /**
+   * X509 certificate SHA1 thumbprint. This is optional.
+   */
+  @encodedName("application/json", "x5t")
+  x5T?: string;
+
+  /**
+   * X509 certificate SHA256 thumbprint.
+   */
+  @encodedName("application/json", "x5t#S256")
+  x5tS256: string;
+
+  /**
+   * Algorithm intended for use with the key.
+   */
+  alg: string;
+}
+
+/**
+ * The Security Domain.
+ */
+model SecurityDomainObject {
+  /**
+   * The Security Domain.
+   */
+  value: string;
+}
+
+/**
+ * Security Domain transfer key.
+ */
+model TransferKey {
+  /**
+   * Specifies the format of the transfer key.
+   */
+  @encodedName("application/json", "key_format")
+  keyFormat?: string = "jwk";
+
+  /**
+   * Specifies the transfer key in JWK format.
+   */
+  @encodedName("application/json", "transfer_key")
+  transferKeyJwk: SecurityDomainJsonWebKey;
+}
+
+/**
+ * The object attributes managed by the KeyVault service.
+ */
+model Attributes {
+  /**
+   * Determines whether the object is enabled.
+   */
+  enabled?: boolean;
+
+  /**
+   * Not before date in UTC.
+   */
+  @encodedName("application/json", "nbf")
+  @encode("unixTimestamp", int32)
+  notBefore?: utcDateTime;
+
+  /**
+   * Expiry date in UTC.
+   */
+  @encodedName("application/json", "exp")
+  @encode("unixTimestamp", int32)
+  expires?: utcDateTime;
+
+  /**
+   * Creation time in UTC.
+   */
+  @visibility("read")
+  @encode("unixTimestamp", int32)
+  created?: utcDateTime;
+
+  /**
+   * Last updated time in UTC.
+   */
+  @visibility("read")
+  @encode("unixTimestamp", int32)
+  updated?: utcDateTime;
+}