Azure · christothes · Jul 8, 2020 · Jul 6, 2020 · Jul 7, 2020 · Jul 7, 2020
diff --git a/...rity.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs b/...rity.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs
@@ -49,8 +49,10 @@ public KeyVaultBackupClient(System.Uri vaultUri, Azure.Core.TokenCredential cred
         public virtual System.Uri VaultUri { get { throw null; } }
         public virtual Azure.Security.KeyVault.Administration.BackupOperation StartBackup(System.Uri blobStorageUri, string sasToken, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual System.Threading.Tasks.Task<Azure.Security.KeyVault.Administration.BackupOperation> StartBackupAsync(System.Uri blobStorageUri, string sasToken, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
-        public virtual Azure.Security.KeyVault.Administration.RestoreOperation StartRestore(System.Uri blobStorageUri, string sasToken, string folderName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
-        public virtual System.Threading.Tasks.Task<Azure.Security.KeyVault.Administration.RestoreOperation> StartRestoreAsync(System.Uri blobStorageUri, string sasToken, string folderName, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual Azure.Security.KeyVault.Administration.RestoreOperation StartRestore(System.Uri blobStorageUri, string sasToken, string folderName = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual System.Threading.Tasks.Task<Azure.Security.KeyVault.Administration.RestoreOperation> StartRestoreAsync(System.Uri blobStorageUri, string sasToken, string folderName = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual Azure.Security.KeyVault.Administration.RestoreOperation StartSelectiveRestore(string keyName, System.Uri blobStorageUri, string sasToken, string folderName = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual System.Threading.Tasks.Task<Azure.Security.KeyVault.Administration.RestoreOperation> StartSelectiveRestoreAsync(string keyName, System.Uri blobStorageUri, string sasToken, string folderName = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
     }
     public partial class KeyVaultBackupClientOptions : Azure.Core.ClientOptions
     {

diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/KeyVaultBackupClient.cs
@@ -67,7 +67,7 @@ public KeyVaultBackupClient(Uri vaultUri, TokenCredential credential, KeyVaultBa
         /// <summary>
         /// Initiates a full backup of the Key Vault.
         /// </summary>
-        /// <param name="blobStorageUri">The Uri for the blob storage resource.</param>
+        /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
         /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
@@ -97,7 +97,7 @@ public virtual async Task<BackupOperation> StartBackupAsync(Uri blobStorageUri,
         /// <summary>
         /// Initiates a full backup of the Key Vault.
         /// </summary>
-        /// <param name="blobStorageUri">The Uri for the blob storage resource.</param>
+        /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
         /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
@@ -126,14 +126,14 @@ public virtual BackupOperation StartBackup(Uri blobStorageUri, string sasToken,
         /// <summary>
         /// Initiates a full restore of the Key Vault.
         /// </summary>
-        /// <param name="blobStorageUri">The Uri for the blob storage resource.</param>
+        /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
         /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
-        /// <param name="folderName">The nameof the container containing the backup data to restore</param>
+        /// <param name="folderName">The name of the container containing the backup data to restore.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="RestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual async Task<RestoreOperation> StartRestoreAsync(Uri blobStorageUri, string sasToken, string folderName, CancellationToken cancellationToken = default)
+        public virtual async Task<RestoreOperation> StartRestoreAsync(Uri blobStorageUri, string sasToken, string folderName = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartRestore)}");
             scope.Start();
@@ -158,14 +158,14 @@ public virtual async Task<RestoreOperation> StartRestoreAsync(Uri blobStorageUri
         /// <summary>
         /// Initiates a full Restore of the Key Vault.
         /// </summary>
-        /// <param name="blobStorageUri">The Uri for the blob storage resource.</param>
+        /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
         /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
-        /// <param name="folderName">The nameof the container containing the backup data to restore</param>
+        /// <param name="folderName">The name of the container containing the backup data to restore.</param>
         /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
         /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
         /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
         /// <returns>A <see cref="RestoreOperation"/> to wait on this long-running operation.</returns>
-        public virtual RestoreOperation StartRestore(Uri blobStorageUri, string sasToken, string folderName, CancellationToken cancellationToken = default)
+        public virtual RestoreOperation StartRestore(Uri blobStorageUri, string sasToken, string folderName = default, CancellationToken cancellationToken = default)
         {
             using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartRestore)}");
             scope.Start();
@@ -185,6 +185,70 @@ public virtual RestoreOperation StartRestore(Uri blobStorageUri, string sasToken
             }
         }
 
+        /// <summary>
+        /// Initiates a selective restore of the Key Vault.
+        /// </summary>
+        /// <param name="keyName">The name of the key to be restored from the supplied backup.</param>
+        /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
+        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="folderName">The name of the container containing the backup data to restore.</param>
+        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
+        /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
+        /// <returns>A <see cref="RestoreOperation"/> to wait on this long-running operation.</returns>
+        public virtual async Task<RestoreOperation> StartSelectiveRestoreAsync(string keyName, Uri blobStorageUri, string sasToken, string folderName = default, CancellationToken cancellationToken = default)
+        {
+            using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartSelectiveRestore)}");
+            scope.Start();
+            try
+            {
+                var response = await _restClient.SelectiveKeyRestoreOperationAsync(
+                    VaultUri.AbsoluteUri,
+                    keyName,
+                    new SelectiveKeyRestoreOperationParameters(new SASTokenParameter(blobStorageUri.AbsoluteUri, sasToken), folderName),
+                    cancellationToken).ConfigureAwait(false);
+
+                return new RestoreOperation(this, response);
+            }
+            catch (Exception ex)
+            {
+                scope.Failed(ex);
+                throw;
+            }
+        }
+
+        /// <summary>
+        /// Initiates a selective Restore of the Key Vault.
+        /// </summary>
+        /// <param name="keyName">The name of the key to be restored from the supplied backup.</param>
+        /// <param name="blobStorageUri">The <see cref="Uri"/> for the blob storage resource.</param>
+        /// <param name="sasToken">A Shared Access Signature (SAS) token to authorize access to the blob.</param>
+        /// <param name="folderName">The name of the container containing the backup data to restore.</param>
+        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="blobStorageUri"/> or <paramref name="sasToken"/> is null.</exception>
+        /// <exception cref="RequestFailedException">The server returned an error. See <see cref="Exception.Message"/> for details returned from the server.</exception>
+        /// <returns>A <see cref="RestoreOperation"/> to wait on this long-running operation.</returns>
+        public virtual RestoreOperation StartSelectiveRestore(string keyName, Uri blobStorageUri, string sasToken, string folderName = default, CancellationToken cancellationToken = default)
+        {
+            using DiagnosticScope scope = _diagnostics.CreateScope($"{nameof(KeyVaultBackupClient)}.{nameof(StartSelectiveRestore)}");
+            scope.Start();
+            try
+            {
+                var response = _restClient.SelectiveKeyRestoreOperation(
+                    VaultUri.AbsoluteUri,
+                    keyName,
+                    new SelectiveKeyRestoreOperationParameters(new SASTokenParameter(blobStorageUri.AbsoluteUri, sasToken), folderName),
+                    cancellationToken);
+
+                return new RestoreOperation(this, response);
+            }
+            catch (Exception ex)
+            {
+                scope.Failed(ex);
+                throw;
+            }
+        }
+
         /// <summary>
         /// Returns the details of full restore operation.
         /// </summary>

diff --git a/sdk/keyvault/Azure.Security.KeyVault.Administration/src/RestoreOperation.cs b/sdk/keyvault/Azure.Security.KeyVault.Administration/src/RestoreOperation.cs
@@ -45,6 +45,7 @@ public RestoreOperation(string id, KeyVaultBackupClient client)
         /// </summary>
         /// <param name="client">An instance of <see cref="KeyVaultBackupClient" />.</param>
         /// <param name="response">The <see cref="ResponseWithHeaders{T, THeaders}" /> returned from <see cref="KeyVaultBackupClient.StartRestore(Uri, string, string, CancellationToken)"/> or <see cref="KeyVaultBackupClient.StartRestoreAsync(Uri, string, string, CancellationToken)"/>.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="client"/> or <paramref name="response"/> is null.</exception>
         internal RestoreOperation(KeyVaultBackupClient client, ResponseWithHeaders<ServiceFullRestoreOperationHeaders> response)
         {
             Argument.AssertNotNull(client, nameof(client));
@@ -56,12 +57,30 @@ internal RestoreOperation(KeyVaultBackupClient client, ResponseWithHeaders<Servi
             _retryAfterSeconds = response.Headers.RetryAfter;
         }
 
+        /// <summary>
+        /// Initializes a new instance of a RestoreOperation.
+        /// </summary>
+        /// <param name="client">An instance of <see cref="KeyVaultBackupClient" />.</param>
+        /// <param name="response">The <see cref="ResponseWithHeaders{T, THeaders}" /> returned from <see cref="KeyVaultBackupClient.StartSelectiveRestore(string, Uri, string, string, CancellationToken)"/> or <see cref="KeyVaultBackupClient.StartSelectiveRestoreAsync(string, Uri, string, string, CancellationToken)"/>.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="client"/> or <paramref name="response"/> is null.</exception>
+        internal RestoreOperation(KeyVaultBackupClient client, ResponseWithHeaders<ServiceSelectiveKeyRestoreOperationHeaders> response)
+        {
+            Argument.AssertNotNull(client, nameof(client));
+            Argument.AssertNotNull(response, nameof(response));
+
+            _id = response.Headers.JobId() ?? throw new InvalidOperationException("The response does not contain an Id");
+            _client = client;
+            _response = response.GetRawResponse();
+            _retryAfterSeconds = response.Headers.RetryAfter;
+        }
+
         /// <summary>
         /// Initializes a new instance of a RestoreOperation for mocking purposes.
         /// </summary>
         /// <param name="value">The <see cref="RestoreDetailsInternal" /> that will be used to populate various properties.</param>
         /// <param name="response">The <see cref="Response" /> that will be returned from <see cref="GetRawResponse" />.</param>
         /// <param name="client">An instance of <see cref="KeyVaultBackupClient" />.</param>
+        /// <exception cref="ArgumentNullException"><paramref name="value"/> or <paramref name="response"/> or <paramref name="client"/> is null.</exception>
         internal RestoreOperation(RestoreDetailsInternal value, Response response, KeyVaultBackupClient client)
         {
             Argument.AssertNotNull(value, nameof(value));