Remove secure key release implementation

sdk/keyvault/Azure.Security.KeyVault.Keys/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## 4.2.0-beta.4 (Unreleased)
 
+### Removed
+
+- Removed `Export` and `ExportAsync` methods from `KeyClient`.
+- Removed `Exportable` property from `KeyProperties`'.
+- Removed `KeyReleasePolicy` class and associated properties.
 
 ## 4.2.0-beta.3 (2020-11-12)
 

sdk/keyvault/Azure.Security.KeyVault.Keys/api/Azure.Security.KeyVault.Keys.netstandard2.0.cs

@@ -13,10 +13,8 @@ public partial class CreateKeyOptions
         public CreateKeyOptions() { }
         public bool? Enabled { get { throw null; } set { } }
         public System.DateTimeOffset? ExpiresOn { get { throw null; } set { } }
-        public bool? Exportable { get { throw null; } set { } }
         public System.Collections.Generic.IList<Azure.Security.KeyVault.Keys.KeyOperation> KeyOperations { get { throw null; } }
         public System.DateTimeOffset? NotBefore { get { throw null; } set { } }
-        public Azure.Security.KeyVault.Keys.KeyReleasePolicy ReleasePolicy { get { throw null; } set { } }
         public System.Collections.Generic.IDictionary<string, string> Tags { get { throw null; } }
     }
     public partial class CreateRsaKeyOptions : Azure.Security.KeyVault.Keys.CreateKeyOptions
@@ -68,7 +66,6 @@ public ImportKeyOptions(string name, Azure.Security.KeyVault.Keys.JsonWebKey key
         public Azure.Security.KeyVault.Keys.JsonWebKey Key { get { throw null; } }
         public string Name { get { throw null; } }
         public Azure.Security.KeyVault.Keys.KeyProperties Properties { get { throw null; } }
-        public Azure.Security.KeyVault.Keys.KeyReleasePolicy ReleasePolicy { get { throw null; } set { } }
     }
     public partial class JsonWebKey
     {
@@ -110,10 +107,6 @@ public KeyClient(System.Uri vaultUri, Azure.Core.TokenCredential credential, Azu
         public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey>> CreateKeyAsync(string name, Azure.Security.KeyVault.Keys.KeyType keyType, Azure.Security.KeyVault.Keys.CreateKeyOptions keyOptions = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey> CreateRsaKey(Azure.Security.KeyVault.Keys.CreateRsaKeyOptions rsaKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey>> CreateRsaKeyAsync(Azure.Security.KeyVault.Keys.CreateRsaKeyOptions rsaKeyOptions, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
-        public virtual Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey> ExportKey(string name, string version, string environment, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
-        public virtual Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey> ExportKey(string name, string environment, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
-        public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey>> ExportKeyAsync(string name, string version, string environment, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
-        public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Keys.KeyVaultKey>> ExportKeyAsync(string name, string environment, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual Azure.Response<Azure.Security.KeyVault.Keys.DeletedKey> GetDeletedKey(string name, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Keys.DeletedKey>> GetDeletedKeyAsync(string name, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual Azure.Pageable<Azure.Security.KeyVault.Keys.DeletedKey> GetDeletedKeys(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
@@ -186,7 +179,6 @@ public static partial class KeyModelFactory
         public KeyOperation(string value) { throw null; }
         public static Azure.Security.KeyVault.Keys.KeyOperation Decrypt { get { throw null; } }
         public static Azure.Security.KeyVault.Keys.KeyOperation Encrypt { get { throw null; } }
-        public static Azure.Security.KeyVault.Keys.KeyOperation Export { get { throw null; } }
         public static Azure.Security.KeyVault.Keys.KeyOperation Import { get { throw null; } }
         public static Azure.Security.KeyVault.Keys.KeyOperation Sign { get { throw null; } }
         public static Azure.Security.KeyVault.Keys.KeyOperation UnwrapKey { get { throw null; } }
@@ -209,25 +201,17 @@ public KeyProperties(System.Uri id) { }
         public System.DateTimeOffset? CreatedOn { get { throw null; } }
         public bool? Enabled { get { throw null; } set { } }
         public System.DateTimeOffset? ExpiresOn { get { throw null; } set { } }
-        public bool? Exportable { get { throw null; } set { } }
         public System.Uri Id { get { throw null; } }
         public bool Managed { get { throw null; } }
         public string Name { get { throw null; } }
         public System.DateTimeOffset? NotBefore { get { throw null; } set { } }
         public int? RecoverableDays { get { throw null; } }
         public string RecoveryLevel { get { throw null; } }
-        public Azure.Security.KeyVault.Keys.KeyReleasePolicy ReleasePolicy { get { throw null; } set { } }
         public System.Collections.Generic.IDictionary<string, string> Tags { get { throw null; } }
         public System.DateTimeOffset? UpdatedOn { get { throw null; } }
         public System.Uri VaultUri { get { throw null; } }
         public string Version { get { throw null; } }
     }
-    public partial class KeyReleasePolicy
-    {
-        public KeyReleasePolicy(byte[] data) { }
-        public string ContentType { get { throw null; } set { } }
-        public byte[] Data { get { throw null; } }
-    }
     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
     public readonly partial struct KeyType : System.IEquatable<Azure.Security.KeyVault.Keys.KeyType>
     {

sdk/keyvault/Azure.Security.KeyVault.Keys/src/CreateKeyOptions.cs

@@ -38,16 +38,6 @@ public CreateKeyOptions()
         /// </summary>
         public bool? Enabled { get; set; }
 
-        /// <summary>
-        /// Gets or sets a value indicating whether the private key can be exported.
-        /// </summary>
-        public bool? Exportable { get; set; }
-
-        /// <summary>
-        /// Gets or sets the policy rules under which the key can be exported.
-        /// </summary>
-        public KeyReleasePolicy ReleasePolicy { get; set; }
-
         /// <summary>
         /// Gets a dictionary of tags with specific metadata about the key. Although this collection cannot be set, it can be modified
         ///  or initialized with a <see href="https://docs.microsoft.com/dotnet/csharp/programming-guide/classes-and-structs/how-to-initialize-a-dictionary-with-a-collection-initializer">collection initializer</see>.

sdk/keyvault/Azure.Security.KeyVault.Keys/src/ImportKeyOptions.cs

@@ -16,12 +16,10 @@ public class ImportKeyOptions : IJsonSerializable
         private const string KeyPropertyName = "key";
         private const string TagsPropertyName = "tags";
         private const string HsmPropertyName = "hsm";
-        private const string ReleasePolicyPropertyName = "release_policy";
 
         private static readonly JsonEncodedText s_keyPropertyNameBytes = JsonEncodedText.Encode(KeyPropertyName);
         private static readonly JsonEncodedText s_tagsPropertyNameBytes = JsonEncodedText.Encode(TagsPropertyName);
         private static readonly JsonEncodedText s_hsmPropertyNameBytes = JsonEncodedText.Encode(HsmPropertyName);
-        private static readonly JsonEncodedText s_releasePolicyPropertyNameBytes = JsonEncodedText.Encode(ReleasePolicyPropertyName);
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ImportKeyOptions"/> class.
@@ -56,11 +54,6 @@ public ImportKeyOptions(string name, JsonWebKey keyMaterial)
         /// </summary>
         public bool? HardwareProtected { get; set; }
 
-        /// <summary>
-        /// Gets or sets the policy rules under which the key can be exported.
-        /// </summary>
-        public KeyReleasePolicy ReleasePolicy { get; set; }
-
         /// <summary>
         /// Gets additional properties of the <see cref="KeyVaultKey"/>.
         /// </summary>
@@ -95,15 +88,6 @@ void IJsonSerializable.WriteProperties(Utf8JsonWriter json)
             {
                 json.WriteBoolean(s_hsmPropertyNameBytes, HardwareProtected.Value);
             }
-
-            if (ReleasePolicy != null)
-            {
-                json.WriteStartObject(s_releasePolicyPropertyNameBytes);
-
-                ReleasePolicy.WriteProperties(json);
-
-                json.WriteEndObject();
-            }
         }
     }
 }

sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyAttributes.cs

@@ -15,12 +15,10 @@ internal struct KeyAttributes
         private const string UpdatedPropertyName = "updated";
         private const string RecoverableDaysPropertyName = "recoverableDays";
         private const string RecoveryLevelPropertyName = "recoveryLevel";
-        private const string ExportablePropertyName = "exportable";
 
         private static readonly JsonEncodedText s_enabledPropertyNameBytes = JsonEncodedText.Encode(EnabledPropertyName);
         private static readonly JsonEncodedText s_notBeforePropertyNameBytes = JsonEncodedText.Encode(NotBeforePropertyName);
         private static readonly JsonEncodedText s_expiresPropertyNameBytes = JsonEncodedText.Encode(ExpiresPropertyName);
-        private static readonly JsonEncodedText s_exportablePropertyNameBytes = JsonEncodedText.Encode(ExportablePropertyName);
 
         public bool? Enabled { get; set; }
 
@@ -36,13 +34,10 @@ internal struct KeyAttributes
 
         public string RecoveryLevel { get; internal set; }
 
-        public bool? Exportable { get; internal set; }
-
         internal bool ShouldSerialize =>
             Enabled.HasValue &&
             NotBefore.HasValue &&
-            ExpiresOn.HasValue &&
-            Exportable.HasValue;
+            ExpiresOn.HasValue;
 
         internal void ReadProperties(JsonElement json)
         {
@@ -71,9 +66,6 @@ internal void ReadProperties(JsonElement json)
                     case RecoveryLevelPropertyName:
                         RecoveryLevel = prop.Value.GetString();
                         break;
-                    case ExportablePropertyName:
-                        Exportable = prop.Value.GetBoolean();
-                        break;
                 }
             }
         }
@@ -95,11 +87,6 @@ internal void WriteProperties(Utf8JsonWriter json)
                 json.WriteNumber(s_expiresPropertyNameBytes, ExpiresOn.Value.ToUnixTimeSeconds());
             }
 
-            if (Exportable.HasValue)
-            {
-                json.WriteBoolean(s_exportablePropertyNameBytes, Exportable.Value);
-            }
-
             // Created is read-only don't serialize
             // Updated is read-only don't serialize
             // RecoverableDays is read-only don't serialize

sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyClient.cs

@@ -1110,109 +1110,5 @@ public virtual async Task<Response<KeyVaultKey>> ImportKeyAsync(ImportKeyOptions
                 throw;
             }
         }
-
-        /// <summary>
-        /// Exports the latest version of a <see cref="KeyVaultKey"/> including the private key if originally created with <see cref="CreateKeyOptions.Exportable"/> set to true,
-        /// or imported with <see cref="KeyProperties.Exportable"/> in <see cref="ImportKeyOptions"/> set to true.
-        /// </summary>
-        /// <remarks>
-        /// Requires the <see cref="KeyOperation.Export"/> permission.
-        /// </remarks>
-        /// <param name="name">The name of the key to export.</param>
-        /// <param name="environment">The target environment assertion.</param>
-        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
-        /// <returns>The <see cref="KeyVaultKey"/> that was exported along with the private key if exportable.</returns>
-        /// <exception cref="ArgumentException"><paramref name="name"/> or <paramref name="environment"/> is an empty string.</exception>
-        /// <exception cref="ArgumentNullException"><paramref name="name"/> or <paramref name="environment"/> is null.</exception>
-        /// <seealso cref="ExportKey(string, string, string, CancellationToken)"/>
-        public virtual Response<KeyVaultKey> ExportKey(string name, string environment, CancellationToken cancellationToken = default) =>
-            ExportKey(name, null, environment, cancellationToken);
-
-        /// <summary>
-        /// Exports the latest version of a <see cref="KeyVaultKey"/> including the private key if originally created with <see cref="CreateKeyOptions.Exportable"/> set to true,
-        /// or imported with <see cref="KeyProperties.Exportable"/> in <see cref="ImportKeyOptions"/> set to true.
-        /// </summary>
-        /// <remarks>
-        /// Requires the <see cref="KeyOperation.Export"/> permission.
-        /// </remarks>
-        /// <param name="name">The name of the key to export.</param>
-        /// <param name="environment">The target environment assertion.</param>
-        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
-        /// <returns>The <see cref="KeyVaultKey"/> that was exported along with the private key if exportable.</returns>
-        /// <exception cref="ArgumentException"><paramref name="name"/> or <paramref name="environment"/> is an empty string.</exception>
-        /// <exception cref="ArgumentNullException"><paramref name="name"/> or <paramref name="environment"/> is null.</exception>
-        /// <seealso cref="ExportKeyAsync(string, string, string, CancellationToken)"/>
-        public virtual async Task<Response<KeyVaultKey>> ExportKeyAsync(string name, string environment, CancellationToken cancellationToken = default) =>
-            await ExportKeyAsync(name, null, environment, cancellationToken).ConfigureAwait(false);
-
-        /// <summary>
-        /// Exports a specific version of a <see cref="KeyVaultKey"/> including the private key if originally created with <see cref="CreateKeyOptions.Exportable"/> set to true,
-        /// or imported with <see cref="KeyProperties.Exportable"/> in <see cref="ImportKeyOptions"/> set to true.
-        /// </summary>
-        /// <remarks>
-        /// Requires the <see cref="KeyOperation.Export"/> permission.
-        /// </remarks>
-        /// <param name="name">The name of the key to export.</param>
-        /// <param name="version">The optional version of the key to export.</param>
-        /// <param name="environment">The target environment assertion.</param>
-        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
-        /// <returns>The <see cref="KeyVaultKey"/> that was exported along with the private key if exportable.</returns>
-        /// <exception cref="ArgumentException"><paramref name="name"/> or <paramref name="environment"/> is an empty string.</exception>
-        /// <exception cref="ArgumentNullException"><paramref name="name"/> or <paramref name="environment"/> is null.</exception>
-        /// <seealso cref="ExportKey(string, string, CancellationToken)"/>
-        public virtual Response<KeyVaultKey> ExportKey(string name, string version, string environment, CancellationToken cancellationToken = default)
-        {
-            Argument.AssertNotNullOrEmpty(name, nameof(name));
-            Argument.AssertNotNullOrEmpty(environment, nameof(environment));
-
-            using DiagnosticScope scope = _pipeline.CreateScope($"{nameof(KeyClient)}.{nameof(ExportKey)}");
-            scope.AddAttribute("key", name);
-            scope.Start();
-
-            try
-            {
-                return _pipeline.SendRequest(RequestMethod.Post, new KeyExportParameters(environment), () => new KeyVaultKey(name), cancellationToken, KeysPath, name, "/", version, "/export");
-            }
-            catch (Exception e)
-            {
-                scope.Failed(e);
-                throw;
-            }
-        }
-
-        /// <summary>
-        /// Exports a specific version of a <see cref="KeyVaultKey"/> including the private key if originally created with <see cref="CreateKeyOptions.Exportable"/> set to true,
-        /// or imported with <see cref="KeyProperties.Exportable"/> in <see cref="ImportKeyOptions"/> set to true.
-        /// </summary>
-        /// <remarks>
-        /// Requires the <see cref="KeyOperation.Export"/> permission.
-        /// </remarks>
-        /// <param name="name">The name of the key to export.</param>
-        /// <param name="version">The optional version of the key to export.</param>
-        /// <param name="environment">The target environment assertion.</param>
-        /// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
-        /// <returns>The <see cref="KeyVaultKey"/> that was exported along with the private key if exportable.</returns>
-        /// <exception cref="ArgumentException"><paramref name="name"/> or <paramref name="environment"/> is an empty string.</exception>
-        /// <exception cref="ArgumentNullException"><paramref name="name"/> or <paramref name="environment"/> is null.</exception>
-        /// <seealso cref="ExportKeyAsync(string, string, CancellationToken)"/>
-        public virtual async Task<Response<KeyVaultKey>> ExportKeyAsync(string name, string version, string environment, CancellationToken cancellationToken = default)
-        {
-            Argument.AssertNotNullOrEmpty(name, nameof(name));
-            Argument.AssertNotNullOrEmpty(environment, nameof(environment));
-
-            using DiagnosticScope scope = _pipeline.CreateScope($"{nameof(KeyClient)}.{nameof(ExportKey)}");
-            scope.AddAttribute("key", name);
-            scope.Start();
-
-            try
-            {
-                return await _pipeline.SendRequestAsync(RequestMethod.Post, new KeyExportParameters(environment), () => new KeyVaultKey(name), cancellationToken, KeysPath, name, "/", version, "/export").ConfigureAwait(false);
-            }
-            catch (Exception e)
-            {
-                scope.Failed(e);
-                throw;
-            }
-        }
     }
 }

sdk/keyvault/Azure.Security.KeyVault.Keys/src/KeyOperation.cs

@@ -59,11 +59,6 @@ public KeyOperation(string value)
         /// </summary>
         public static KeyOperation Import { get; } = new KeyOperation("import");
 
-        /// <summary>
-        /// Gets a value that indicates the key can be exported using the <see cref="KeyClient.ExportKeyAsync(string, string, CancellationToken)"/> or <see cref="KeyClient.ExportKey(string, string, CancellationToken)"/> methods.
-        /// </summary>
-        public static KeyOperation Export { get; } = new KeyOperation("export");
-
         /// <summary>
         /// Determines if two <see cref="KeyOperation"/> values are the same.
         /// </summary>