From d5348f0f6b186cbccd72b252219e7b78e68fef82 Mon Sep 17 00:00:00 2001 From: Bin Ma Date: Wed, 19 Aug 2020 11:41:52 +0800 Subject: [PATCH] [Attestation] Add data-plane operations (#1978) --- src/attestation/README.md | 53 +++ src/attestation/azext_attestation/__init__.py | 4 +- .../generated/_client_factory.py | 30 +- .../azext_attestation/generated/_help.py | 69 ++++ .../azext_attestation/generated/_params.py | 36 +- .../generated/_validators.py | 16 + .../azext_attestation/generated/commands.py | 49 ++- .../azext_attestation/generated/custom.py | 38 ++- ...tation.yaml => test_attestation_mgmt.yaml} | 76 +++-- .../recordings/test_attestation_policy.yaml | 254 ++++++++++++++ .../recordings/test_attestation_signer.yaml | 169 +++++++++ .../tests/latest/test_attestation_scenario.py | 198 +++++------ .../azure_attestation/__init__.py | 19 ++ .../azure_attestation/_attestation_client.py | 61 ++++ .../azure_attestation/_configuration.py | 41 +++ .../azure_attestation/models/__init__.py | 23 ++ .../models/_attestation_client_enums.py | 20 ++ .../azure_attestation/models/_models.py | 79 +++++ .../azure_attestation/models/_models_py3.py | 79 +++++ .../azure_attestation/operations/__init__.py | 22 ++ .../_metadata_configuration_operations.py | 100 ++++++ .../_policy_certificates_operations.py | 244 +++++++++++++ .../operations/_policy_operations.py | 323 ++++++++++++++++++ .../_signing_certificates_operations.py | 99 ++++++ .../azure_attestation/version.py | 13 + .../azure_mgmt_attestation/setup.py | 2 +- 26 files changed, 1961 insertions(+), 156 deletions(-) rename src/attestation/azext_attestation/tests/latest/recordings/{test_attestation.yaml => test_attestation_mgmt.yaml} (55%) create mode 100644 src/attestation/azext_attestation/tests/latest/recordings/test_attestation_policy.yaml create mode 100644 src/attestation/azext_attestation/tests/latest/recordings/test_attestation_signer.yaml create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/__init__.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/_attestation_client.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/_configuration.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/__init__.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_attestation_client_enums.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models_py3.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/__init__.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_metadata_configuration_operations.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_certificates_operations.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_operations.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_signing_certificates_operations.py create mode 100644 src/attestation/azext_attestation/vendored_sdks/azure_attestation/version.py diff --git a/src/attestation/README.md b/src/attestation/README.md index 291486382bf..30fc48e0f41 100644 --- a/src/attestation/README.md +++ b/src/attestation/README.md @@ -66,4 +66,57 @@ az attestation delete \ --resource-group "MyResourceGroup" ``` +#### Add a new attestation policy certificate #### +Example: +``` +az attestation signer add \ +-n "myattestationprovider" -g "MyResourceGroup" \ +--signer "eyAiYWxnIjoiUlMyNTYiLCAie..." +``` + +#### Remove the specified policy management certificate #### +Example: +``` +az attestation signer remove \ +-n "myattestationprovider" -g "MyResourceGroup" \ +--signer "eyAiYWxnIjoiUlMyNTYiLCAie..." +``` + +#### Retrieve the set of certificates used to express policy #### +Example: +``` +az attestation signer list \ +-n "myattestationprovider" -g "MyResourceGroup" +``` + +#### Set the policy for a given kind of TEE #### +Note: You need to specify `-n` and `-g` (or use `-u`) even if they are not marked as `required` parameters. + +Example: +``` +az attestation policy set \ +-n "myattestationprovider" -g "MyResourceGroup" \ +--tee SgxEnclave --new-attestation-policy "newAttestationPolicyname" + +az attestation policy set \ +-u https://myattestationprovider.eastus2.attest.azure.net \ +--tee SgxEnclave --new-attestation-policy "newAttestationPolicyname" +``` + +#### Reset the attestation policy #### +Example: +``` +az attestation policy reset \ +-n "myattestationprovider" -g "MyResourceGroup" \ +--tee SgxEnclave --policy-jws "eyJhbGciOiJub25lIn0.." +``` + +#### Retrieve the current policy for a given kind of TEE. #### +Example: +``` +az attestation policy show \ +-n "myattestationprovider" -g "MyResourceGroup" \ +--tee SgxEnclave +``` + If you have issues, please give feedback by opening an issue at https://github.com/Azure/azure-cli-extensions/issues. diff --git a/src/attestation/azext_attestation/__init__.py b/src/attestation/azext_attestation/__init__.py index 7f86e3b6a18..71c84b6d0ee 100644 --- a/src/attestation/azext_attestation/__init__.py +++ b/src/attestation/azext_attestation/__init__.py @@ -16,10 +16,10 @@ class AttestationManagementClientCommandsLoader(AzCommandsLoader): def __init__(self, cli_ctx=None): from azure.cli.core.commands import CliCommandType - from azext_attestation.generated._client_factory import cf_attestation + from azext_attestation.generated._client_factory import cf_attestation_mgmt attestation_custom = CliCommandType( operations_tmpl='azext_attestation.custom#{}', - client_factory=cf_attestation) + client_factory=cf_attestation_mgmt) super(AttestationManagementClientCommandsLoader, self).__init__(cli_ctx=cli_ctx, custom_command_type=attestation_custom) diff --git a/src/attestation/azext_attestation/generated/_client_factory.py b/src/attestation/azext_attestation/generated/_client_factory.py index 5d67ea1ed23..2d43e4c1dab 100644 --- a/src/attestation/azext_attestation/generated/_client_factory.py +++ b/src/attestation/azext_attestation/generated/_client_factory.py @@ -9,11 +9,37 @@ # -------------------------------------------------------------------------- -def cf_attestation(cli_ctx, *_): +def cf_attestation_mgmt(cli_ctx, *_): from azure.cli.core.commands.client_factory import get_mgmt_service_client from ..vendored_sdks.azure_mgmt_attestation import AttestationManagementClient return get_mgmt_service_client(cli_ctx, AttestationManagementClient) def cf_attestation_provider(cli_ctx, *_): - return cf_attestation(cli_ctx).attestation_provider + return cf_attestation_mgmt(cli_ctx).attestation_provider + + +def cf_attestation_data(cli_ctx, *_): + from ..vendored_sdks.azure_attestation import AttestationClient + from azure.cli.core._profile import Profile + + profile = Profile(cli_ctx=cli_ctx) + cred, _, _ = profile.get_login_credentials( + resource="https://attest.azure.net") + return AttestationClient(credentials=cred) + + +def cf_policy(cli_ctx, *_): + return cf_attestation_data(cli_ctx).policy + + +def cf_policy_certificates(cli_ctx, *_): + return cf_attestation_data(cli_ctx).policy_certificates + + +def cf_signing_certificates(cli_ctx, *_): + return cf_attestation_data(cli_ctx).signing_certificates + + +def cf_metadata_configuration(cli_ctx, *_): + return cf_attestation_data(cli_ctx).metadata_configuration diff --git a/src/attestation/azext_attestation/generated/_help.py b/src/attestation/azext_attestation/generated/_help.py index 07f07dfbbd0..3bb17133eee 100644 --- a/src/attestation/azext_attestation/generated/_help.py +++ b/src/attestation/azext_attestation/generated/_help.py @@ -58,3 +58,72 @@ text: |- az attestation delete --name "myattestationprovider" --resource-group "MyResourceGroup" """ + +helps['attestation policy'] = """ + type: group + short-summary: Manage the policies +""" + +helps['attestation policy set'] = """ + type: command + short-summary: Sets the policy for a given kind of TEE. + examples: + - name: Sets the policy for a given kind of TEE (SgxEnclave). + text: |- + az attestation policy set -n "myattestationprovider" -g "MyResourceGroup" --tee SgxEnclave \\ + --new-attestation-policy "newAttestationPolicyname" +""" + +helps['attestation policy reset'] = """ + type: command + short-summary: Resets the attestation policy for the specified tenant and reverts to the default policy. + examples: + - name: Resets the attestation policy for the specified tenant and reverts to the default policy. + text: |- + az attestation policy reset -n "myattestationprovider" -g "MyResourceGroup" --tee SgxEnclave \\ + --policy-jws "eyJhbGciOiJub25lIn0.." +""" + +helps['attestation policy show'] = """ + type: command + short-summary: Retrieves the current policy for a given kind of TEE. + examples: + - name: Retrieves the current policy for a given kind of TEE (SgxEnclave). + text: |- + az attestation policy show -n "myattestationprovider" -g "MyResourceGroup" --tee SgxEnclave +""" + +helps['attestation signer'] = """ + type: group + short-summary: Manage the trusted policy signers +""" + +helps['attestation signer add'] = """ + type: command + short-summary: Adds a new attestation policy certificate to the set of policy management certificates. + examples: + - name: Adds a new attestation policy certificate to the set of policy management certificates. + text: |- + az attestation signer add -n "myattestationprovider" -g "MyResourceGroup" \\ + --signer "eyAiYWxnIjoiUlMyNTYiLCAie..." +""" + +helps['attestation signer remove'] = """ + type: command + short-summary: Removes the specified policy management certificate. Note that the final policy management + certificate cannot be removed. + examples: + - name: Removes the specified policy management certificate. + text: |- + az attestation signer remove -n "myattestationprovider" -g "MyResourceGroup" \\ + --signer "eyAiYWxnIjoiUlMyNTYiLCAie..." +""" + +helps['attestation signer list'] = """ + type: command + short-summary: Retrieves the set of certificates used to express policy for the current tenant. + examples: + - name: Retrieves the set of certificates used to express policy for the current tenant. + text: |- + az attestation signer list -n "myattestationprovider" -g "MyResourceGroup" +""" diff --git a/src/attestation/azext_attestation/generated/_params.py b/src/attestation/azext_attestation/generated/_params.py index 77e76be79fe..c89002431eb 100644 --- a/src/attestation/azext_attestation/generated/_params.py +++ b/src/attestation/azext_attestation/generated/_params.py @@ -15,12 +15,20 @@ tags_type, resource_group_name_type, get_location_type, - file_type + file_type, + get_resource_name_completion_list, + get_enum_type ) from azure.cli.core.commands.validators import get_default_location_from_resource_group +from knack.arguments import CLIArgumentType def load_arguments(self, _): + from ..vendored_sdks.azure_attestation.models import TeeKind + + attestation_name_type = CLIArgumentType( + help='Name of the attestation.', options_list=['--name', '-n'], metavar='NAME', id_part=None, + completer=get_resource_name_completion_list('Microsoft.Attestation/attestationProviders')) with self.argument_context('attestation list') as c: c.argument('resource_group_name', resource_group_name_type) @@ -44,3 +52,29 @@ def load_arguments(self, _): c.argument('resource_group_name', resource_group_name_type) c.argument('provider_name', options_list=['--name', '-n'], help='Name of the attestation service', id_part='name') + + for item in ['list', 'add', 'remove']: + with self.argument_context('attestation signer {}'.format(item)) as c: + c.extra('resource_group_name', resource_group_name_type, required=False) + c.extra('attestation_name', attestation_name_type, required=False) + c.argument('tenant_base_url', options_list=['--attestation-base-url', '-u'], required=False, + help='URL of the attestation, for example: https://myatt.eus2.attest.azure.net. ' + 'You can ignore --name and --resource-group if you specified the URL.') + if item in ['add', 'remove']: + c.argument('policy_certificate_to_{}'.format(item), options_list=['--signer'], + help='The policy certificate to {}. An RFC7519 JSON Web Token containing a claim named ' + '"aas-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a ' + 'new key to update. The RFC7519 JWT must be signed with one of the existing signing ' + 'certificates'.format(item)) + + for item in ['set', 'reset', 'show']: + with self.argument_context('attestation policy {}'.format(item)) as c: + c.extra('resource_group_name', resource_group_name_type, required=False) + c.extra('attestation_name', attestation_name_type, required=False) + c.argument('tenant_base_url', options_list=['--attestation-base-url', '-u'], required=False, + help='URL of the attestation, for example: https://myatt.eus2.attest.azure.net. ' + 'You can ignore --name and --resource-group if you specified the URL.') + c.argument('tee', arg_type=get_enum_type(TeeKind)) + + with self.argument_context('attestation policy set') as c: + c.argument('new_attestation_policy', options_list=['--new-attestation-policy', '-p']) diff --git a/src/attestation/azext_attestation/generated/_validators.py b/src/attestation/azext_attestation/generated/_validators.py index b33a44c1ebf..d19e0bf3747 100644 --- a/src/attestation/azext_attestation/generated/_validators.py +++ b/src/attestation/azext_attestation/generated/_validators.py @@ -7,3 +7,19 @@ # Changes may cause incorrect behavior and will be lost if the code is # regenerated. # -------------------------------------------------------------------------- + +from knack.util import CLIError + +from ._client_factory import cf_attestation_provider + + +def validate_attestation_name(cmd, ns): + if not ns.tenant_base_url: + if ns.attestation_name and ns.resource_group_name: + provider = cf_attestation_provider(cmd.cli_ctx).\ + get(provider_name=ns.attestation_name, resource_group_name=ns.resource_group_name) + ns.tenant_base_url = provider.attest_uri + del ns.attestation_name + del ns.resource_group_name + else: + raise CLIError('incorrect usage: [--attestation-base-url | --name/-n --resource-group-name/-g]') diff --git a/src/attestation/azext_attestation/generated/commands.py b/src/attestation/azext_attestation/generated/commands.py index 82e92f04d6b..7936d47fa01 100644 --- a/src/attestation/azext_attestation/generated/commands.py +++ b/src/attestation/azext_attestation/generated/commands.py @@ -10,18 +10,51 @@ from azure.cli.core.commands import CliCommandType +from ._validators import validate_attestation_name + def load_command_table(self, _): + from ._client_factory import cf_attestation_provider, cf_policy_certificates, cf_policy - from azext_attestation.generated._client_factory import cf_attestation_provider - attestation_attestation_provider = CliCommandType( - operations_tmpl='azext_attestation.vendored_sdks.azure_mgmt_attestation.operations._attestation_provider_opera' - 'tions#AttestationProviderOperations.{}', + attestation_provider_mgmt_tmpl = 'azext_attestation.vendored_sdks.azure_mgmt_attestation.operations.' \ + '_attestation_provider_operations#AttestationProviderOperations.{}' + attestation_provider_mgmt_sdk = CliCommandType( + operations_tmpl=attestation_provider_mgmt_tmpl, client_factory=cf_attestation_provider) - with self.command_group('attestation', attestation_attestation_provider, - client_factory=cf_attestation_provider, is_experimental=True) as g: + + policy_certificates_data_tmpl = 'azext_attestation.vendored_sdks.azure_attestation.operations.' \ + '_policy_certificates_operations#PolicyCertificatesOperations.{}' + policy_certificates_data_sdk = CliCommandType( + operations_tmpl=policy_certificates_data_tmpl, + client_factory=cf_policy_certificates) + + policy_data_tmpl = 'azext_attestation.vendored_sdks.azure_attestation.operations.' \ + '_policy_operations#PolicyOperations.{}' + policy_data_sdk = CliCommandType( + operations_tmpl=policy_data_tmpl, + client_factory=cf_policy) + + with self.command_group('attestation', attestation_provider_mgmt_sdk, client_factory=cf_attestation_provider, + is_experimental=True) as g: g.custom_command('list', 'attestation_attestation_provider_list') g.custom_show_command('show', 'attestation_attestation_provider_show') g.custom_command('create', 'attestation_attestation_provider_create') - g.custom_command( - 'delete', 'attestation_attestation_provider_delete', confirmation=True) + g.custom_command('delete', 'attestation_attestation_provider_delete', confirmation=True) + + with self.command_group('attestation signer', policy_certificates_data_sdk, client_factory=cf_policy_certificates, + is_experimental=True) as g: + g.command('add', 'add', validator=validate_attestation_name, + doc_string_source=policy_certificates_data_tmpl.format('add')) + g.command('remove', 'remove', validator=validate_attestation_name, + doc_string_source=policy_certificates_data_tmpl.format('remove')) + g.custom_command('list', 'list_signers', validator=validate_attestation_name, + doc_string_source=policy_certificates_data_tmpl.format('get')) + + with self.command_group('attestation policy', policy_data_sdk, client_factory=cf_policy, + is_experimental=True) as g: + g.command('set', 'set', validator=validate_attestation_name, + doc_string_source=policy_data_tmpl.format('set')) + g.command('reset', 'reset', validator=validate_attestation_name, + doc_string_source=policy_data_tmpl.format('reset')) + g.custom_command('show', 'get_policy', validator=validate_attestation_name, + doc_string_source=policy_data_tmpl.format('get')) diff --git a/src/attestation/azext_attestation/generated/custom.py b/src/attestation/azext_attestation/generated/custom.py index 923c297cdcf..5ba74fc0e43 100644 --- a/src/attestation/azext_attestation/generated/custom.py +++ b/src/attestation/azext_attestation/generated/custom.py @@ -9,31 +9,34 @@ # -------------------------------------------------------------------------- # pylint: disable=too-many-lines +import jwt + from knack.util import CLIError -def attestation_attestation_provider_list(cmd, client, - resource_group_name=None): +def attestation_attestation_provider_list(client, resource_group_name=None): if resource_group_name: - return client.list_by_resource_group(resource_group_name=resource_group_name) - return client.list() + return client.list_by_resource_group(resource_group_name=resource_group_name).value + return client.list().value -def attestation_attestation_provider_show(cmd, client, +def attestation_attestation_provider_show(client, resource_group_name, provider_name): return client.get(resource_group_name=resource_group_name, provider_name=provider_name) -def attestation_attestation_provider_create(cmd, client, +def attestation_attestation_provider_create(client, resource_group_name, provider_name, location=None, tags=None, attestation_policy=None, certs_input_path=None): - certs = parse_pem(certs_input_path) + certs = [] + if certs_input_path: + certs = parse_pem(certs_input_path) return client.create(resource_group_name=resource_group_name, provider_name=provider_name, location=location, @@ -42,7 +45,7 @@ def attestation_attestation_provider_create(cmd, client, keys=certs) -def attestation_attestation_provider_delete(cmd, client, +def attestation_attestation_provider_delete(client, resource_group_name, provider_name): return client.delete(resource_group_name=resource_group_name, @@ -81,10 +84,27 @@ def parse_pem(input_file): if pem_data[i].endswith('\n'): pem_data[i] = pem_data[i][:-1] cert += pem_data[i] - print(cert) certs.append(cert) start = end + 1 end = start return certs except FileNotFoundError as ex: raise CLIError('File not Found: {}'.format(str(ex))) + + +def list_signers(client, tenant_base_url, resource_group_name=None, attestation_name=None): # pylint: disable=unused-argument + signers = client.get(tenant_base_url=tenant_base_url) + result = jwt.decode(signers, verify=False) + result['jwt'] = signers + return result + + +def get_policy(client, tee, tenant_base_url, resource_group_name=None, attestation_name=None): # pylint: disable=unused-argument + raw_result = client.get(tenant_base_url=tenant_base_url, tee=tee).additional_properties['Policy'] + result = {} + try: + result = jwt.decode(raw_result, verify=False) + except: # pylint: disable=bare-except + pass + result['jwt'] = raw_result + return result diff --git a/src/attestation/azext_attestation/tests/latest/recordings/test_attestation.yaml b/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_mgmt.yaml similarity index 55% rename from src/attestation/azext_attestation/tests/latest/recordings/test_attestation.yaml rename to src/attestation/azext_attestation/tests/latest/recordings/test_attestation_mgmt.yaml index 9f02e114274..93cdb1af382 100644 --- a/src/attestation/azext_attestation/tests/latest/recordings/test_attestation.yaml +++ b/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_mgmt.yaml @@ -19,12 +19,12 @@ interactions: ParameterSetName: - --name --resource-group --location --tags --certs-input-path User-Agent: - - AZURECLI/2.3.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.8.1 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) method: PUT - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002?api-version=2018-09-01-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002?api-version=2018-09-01-preview response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002","name":"clitestat000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestat000002.eus2.attest.azure.net"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002","name":"clitestatt000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestatt000002.eus2.attest.azure.net"}}' headers: cache-control: - no-cache @@ -33,11 +33,11 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 23 Jun 2020 18:03:18 GMT + - Mon, 17 Aug 2020 07:28:05 GMT expires: - '-1' location: - - https://clitestat000002.eus2.attest.azure.net/ + - https://clitestatt000002.eus2.attest.azure.net/ pragma: - no-cache server: @@ -46,8 +46,10 @@ interactions: - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 x-ms-ratelimit-remaining-subscription-writes: - - '1199' + - '1196' status: code: 201 message: Created @@ -65,12 +67,12 @@ interactions: ParameterSetName: - --name --resource-group User-Agent: - - AZURECLI/2.3.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.8.1 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002?api-version=2018-09-01-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002?api-version=2018-09-01-preview response: body: - string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002","name":"clitestat000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestat000002.eus2.attest.azure.net"}}' + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002","name":"clitestatt000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestatt000002.eus2.attest.azure.net"}}' headers: cache-control: - no-cache @@ -79,7 +81,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 23 Jun 2020 18:03:19 GMT + - Mon, 17 Aug 2020 07:28:06 GMT expires: - '-1' pragma: @@ -94,6 +96,8 @@ interactions: - Accept-Encoding x-content-type-options: - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 status: code: 200 message: OK @@ -111,37 +115,37 @@ interactions: ParameterSetName: - --resource-group User-Agent: - - AZURECLI/2.3.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.8.1 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Attestation/attestationProviders?api-version=2018-09-01-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders?api-version=2018-09-01-preview response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg/providers/Microsoft.Attestation/attestationProviders/ap1","name":"ap1","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://ap1.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg/providers/Microsoft.Attestation/attestationProviders/ap2","name":"ap2","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://ap2.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg/providers/Microsoft.Attestation/attestationProviders/ap4","name":"ap4","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://ap4.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002","name":"clitestat000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestat000002.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg/providers/Microsoft.Attestation/attestationProviders/pshtest3","name":"pshtest3","type":"Microsoft.Attestation/attestationProviders","location":"East - US2","tags":null,"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://pshtest3.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg/providers/Microsoft.Attestation/attestationProviders/pshtest4","name":"pshtest4","type":"Microsoft.Attestation/attestationProviders","location":"East - US2","tags":{"Test":"true","CreationYear":"2020"},"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://pshtest4.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg/providers/Microsoft.Attestation/attestationProviders/pshtest5","name":"pshtest5","type":"Microsoft.Attestation/attestationProviders","location":"East - US2","tags":null,"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://pshtest5.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalin-rg-east/providers/Microsoft.Attestation/attestationProviders/ap2","name":"ap2","type":"Microsoft.Attestation/attestationProviders","location":"centralus","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://ap2.cus.attest.azure.net"}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002","name":"clitestatt000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestatt000002.eus2.attest.azure.net"}}]}' headers: cache-control: - no-cache content-length: - - '3042' + - '526' content-type: - application/json; charset=utf-8 date: - - Tue, 23 Jun 2020 18:03:20 GMT + - Mon, 17 Aug 2020 07:28:07 GMT expires: - '-1' pragma: - no-cache + server: + - Kestrel strict-transport-security: - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked vary: - Accept-Encoding x-content-type-options: - nosniff - x-ms-original-request-ids: - - '' - - '' + x-ms-maa-service-version: + - 1.10.01287.0001 status: code: 200 message: OK @@ -156,24 +160,22 @@ interactions: - attestation list Connection: - keep-alive - ParameterSetName: - - --resource-group User-Agent: - - AZURECLI/2.3.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.8.1 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders?api-version=2018-09-01-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Attestation/attestationProviders?api-version=2018-09-01-preview response: body: - string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002","name":"clitestat000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestat000002.eus2.attest.azure.net"}}]}' + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/bim-rg/providers/Microsoft.Attestation/attestationProviders/bimatt","name":"bimatt","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://bimatt.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/bim-rg/providers/Microsoft.Attestation/attestationProviders/bimatt2","name":"bimatt2","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","bKey":"bValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://bimatt2.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/bim-rg/providers/Microsoft.Attestation/attestationProviders/bimatt3","name":"bimatt3","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://bimatt3.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002","name":"clitestatt000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":{"aKey":"aValue","anotherKey":"anotherValue"},"properties":{"trustModel":"Isolated","status":"Ready","attestUri":"https://clitestatt000002.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policyxq6idijnpopnlvqpvg6rulju4vtepuynhi25p5snafaatndefb4lvdwd/providers/Microsoft.Attestation/attestationProviders/clitestattpolicyyesetr3d","name":"clitestattpolicyyesetr3d","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattpolicyyesetr3d.eus2.attest.azure.net"}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_signerwvvirk2z4ioscpzz7jotcho4k74bjmd4y2laz3h2ipnlf3yntm7dfwox/providers/Microsoft.Attestation/attestationProviders/clitestattsignerxak7yvah","name":"clitestattsignerxak7yvah","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattsignerxak7yvah.eus2.attest.azure.net"}}]}' headers: cache-control: - no-cache content-length: - - '526' + - '2542' content-type: - application/json; charset=utf-8 date: - - Tue, 23 Jun 2020 18:03:20 GMT + - Mon, 17 Aug 2020 07:28:09 GMT expires: - '-1' pragma: @@ -188,6 +190,8 @@ interactions: - Accept-Encoding x-content-type-options: - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 status: code: 200 message: OK @@ -207,9 +211,9 @@ interactions: ParameterSetName: - --name --resource-group --yes User-Agent: - - AZURECLI/2.3.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.8.1 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) method: DELETE - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders/clitestat000002?api-version=2018-09-01-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders/clitestatt000002?api-version=2018-09-01-preview response: body: string: '' @@ -219,7 +223,7 @@ interactions: content-length: - '0' date: - - Tue, 23 Jun 2020 18:03:24 GMT + - Mon, 17 Aug 2020 07:28:12 GMT expires: - '-1' pragma: @@ -230,8 +234,10 @@ interactions: - max-age=31536000; includeSubDomains x-content-type-options: - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 x-ms-ratelimit-remaining-subscription-deletes: - - '14999' + - '14997' status: code: 200 message: OK @@ -249,9 +255,9 @@ interactions: ParameterSetName: - --resource-group User-Agent: - - AZURECLI/2.3.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.8.1 (Windows-10-10.0.19041-SP0) + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.Attestation/attestationProviders?api-version=2018-09-01-preview + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att000001/providers/Microsoft.Attestation/attestationProviders?api-version=2018-09-01-preview response: body: string: '{"value":[]}' @@ -263,7 +269,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Tue, 23 Jun 2020 18:03:24 GMT + - Mon, 17 Aug 2020 07:28:13 GMT expires: - '-1' pragma: diff --git a/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_policy.yaml b/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_policy.yaml new file mode 100644 index 00000000000..f4326189641 --- /dev/null +++ b/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_policy.yaml @@ -0,0 +1,254 @@ +interactions: +- request: + body: '{"location": "eastus2", "properties": {"policySigningCertificates": {"keys": + []}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - attestation create + Connection: + - keep-alive + Content-Length: + - '82' + Content-Type: + - application/json + ParameterSetName: + - -n -g -l + User-Agent: + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policy000001/providers/Microsoft.Attestation/attestationProviders/clitestattpolicy000002?api-version=2018-09-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policy000001/providers/Microsoft.Attestation/attestationProviders/clitestattpolicy000002","name":"clitestattpolicy000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattpolicy000002.eus2.attest.azure.net"}}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:06 GMT + expires: + - '-1' + location: + - https://clitestattpolicy000002.eus2.attest.azure.net/ + pragma: + - no-cache + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - attestation policy show + Connection: + - keep-alive + ParameterSetName: + - -n -g --tee + User-Agent: + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policy000001/providers/Microsoft.Attestation/attestationProviders/clitestattpolicy000002?api-version=2018-09-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policy000001/providers/Microsoft.Attestation/attestationProviders/clitestattpolicy000002","name":"clitestattpolicy000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattpolicy000002.eus2.attest.azure.net"}}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:07 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - python/3.7.5 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.4 + azure-attestation/0.1.0 Azure-SDK-For-Python + accept-language: + - en-US + method: GET + uri: https://clitestattpolicy000002.eus2.attest.azure.net/operations/policy/current?api-version=2018-09-01-preview&tee=CyResComponent + response: + body: + string: '{"Policy":"eyJhbGciOiJub25lIn0.eyJBdHRlc3RhdGlvblBvbGljeSI6ICJkbVZ5YzJsdmJqMGdNUzR3TzJGMWRHaHZjbWw2WVhScGIyNXlkV3hsYzN0ak9sdDBlWEJsUFQwaUpHbHpMV1JsWW5WbloyRmliR1VpWFNBOVBpQndaWEp0YVhRb0tUdDlPMmx6YzNWaGJtTmxjblZzWlhON1l6cGJkSGx3WlQwOUlpUndkV0pzYVdOZmEyVjVYekFpWFNBOVBpQnBjM04xWlNoMGVYQmxQU0prWlhacFkyVmZhV1FpTENCMllXeDFaVDFqTG5aaGJIVmxLVHRqT2x0MGVYQmxQVDBpSkhCeWIyUjFZM1JmYVdSZk1DSmRJRDAtSUdsemMzVmxLSFI1Y0dVOUltTnZiWEJ2Ym1WdWRGOHdYMmxrSWl3Z2RtRnNkV1U5WXk1MllXeDFaU2s3UFQ0Z2FYTnpkV1VvZEhsd1pUMGlaWGh3WldOMFpXUmZZMjl0Y0c5dVpXNTBjeUlzSUhaaGJIVmxQU0pqYjIxd2IyNWxiblJmTUNJcE8yTTZXM1I1Y0dVOVBTSWtkR1ZsSWwwZ1BUNGdhWE56ZFdVb2RIbHdaVDBpZEdWbElpd2dkbUZzZFdVOVl5NTJZV3gxWlNrN2ZUcyJ9."}' + headers: + content-length: + - '674' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:10 GMT + server: + - Kestrel + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - python/3.7.5 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.4 + azure-attestation/0.1.0 Azure-SDK-For-Python + accept-language: + - en-US + method: GET + uri: https://clitestattpolicy000002.eus2.attest.azure.net/operations/policy/current?api-version=2018-09-01-preview&tee=CyResComponent + response: + body: + string: '{"Policy":"eyJhbGciOiJub25lIn0.eyJBdHRlc3RhdGlvblBvbGljeSI6ICJkbVZ5YzJsdmJqMGdNUzR3TzJGMWRHaHZjbWw2WVhScGIyNXlkV3hsYzN0ak9sdDBlWEJsUFQwaUpHbHpMV1JsWW5WbloyRmliR1VpWFNBOVBpQndaWEp0YVhRb0tUdDlPMmx6YzNWaGJtTmxjblZzWlhON1l6cGJkSGx3WlQwOUlpUndkV0pzYVdOZmEyVjVYekFpWFNBOVBpQnBjM04xWlNoMGVYQmxQU0prWlhacFkyVmZhV1FpTENCMllXeDFaVDFqTG5aaGJIVmxLVHRqT2x0MGVYQmxQVDBpSkhCeWIyUjFZM1JmYVdSZk1DSmRJRDAtSUdsemMzVmxLSFI1Y0dVOUltTnZiWEJ2Ym1WdWRGOHdYMmxrSWl3Z2RtRnNkV1U5WXk1MllXeDFaU2s3UFQ0Z2FYTnpkV1VvZEhsd1pUMGlaWGh3WldOMFpXUmZZMjl0Y0c5dVpXNTBjeUlzSUhaaGJIVmxQU0pqYjIxd2IyNWxiblJmTUNJcE8yTTZXM1I1Y0dVOVBTSWtkR1ZsSWwwZ1BUNGdhWE56ZFdVb2RIbHdaVDBpZEdWbElpd2dkbUZzZFdVOVl5NTJZV3gxWlNrN2ZUcyJ9."}' + headers: + content-length: + - '674' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:13 GMT + server: + - Kestrel + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - attestation policy reset + Connection: + - keep-alive + ParameterSetName: + - -n -g --tee --policy-jws + User-Agent: + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policy000001/providers/Microsoft.Attestation/attestationProviders/clitestattpolicy000002?api-version=2018-09-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_policy000001/providers/Microsoft.Attestation/attestationProviders/clitestattpolicy000002","name":"clitestattpolicy000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattpolicy000002.eus2.attest.azure.net"}}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:13 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +- request: + body: '"eyJhbGciOiJub25lIn0.."' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '23' + Content-Type: + - text/plain + User-Agent: + - python/3.7.5 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.4 + azure-attestation/0.1.0 Azure-SDK-For-Python + accept-language: + - en-US + method: POST + uri: https://clitestattpolicy000002.eus2.attest.azure.net/operations/policy/current?api-version=2018-09-01-preview&tee=SgxEnclave + response: + body: + string: 'null' + headers: + content-length: + - '4' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:15 GMT + server: + - Kestrel + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +version: 1 diff --git a/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_signer.yaml b/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_signer.yaml new file mode 100644 index 00000000000..922f0c3b68e --- /dev/null +++ b/src/attestation/azext_attestation/tests/latest/recordings/test_attestation_signer.yaml @@ -0,0 +1,169 @@ +interactions: +- request: + body: '{"location": "eastus2", "properties": {"policySigningCertificates": {"keys": + []}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - attestation create + Connection: + - keep-alive + Content-Length: + - '82' + Content-Type: + - application/json + ParameterSetName: + - -n -g -l + User-Agent: + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_signer000001/providers/Microsoft.Attestation/attestationProviders/clitestattsigner000002?api-version=2018-09-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_signer000001/providers/Microsoft.Attestation/attestationProviders/clitestattsigner000002","name":"clitestattsigner000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattsigner000002.eus2.attest.azure.net"}}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:06 GMT + expires: + - '-1' + location: + - https://clitestattsigner000002.eus2.attest.azure.net/ + pragma: + - no-cache + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 + x-ms-ratelimit-remaining-subscription-writes: + - '1194' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - attestation signer list + Connection: + - keep-alive + ParameterSetName: + - -n -g + User-Agent: + - AZURECLI/2.10.1 azsdk-python-mgmt-attestation/0.1.0 Python/3.7.5 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_signer000001/providers/Microsoft.Attestation/attestationProviders/clitestattsigner000002?api-version=2018-09-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_att_signer000001/providers/Microsoft.Attestation/attestationProviders/clitestattsigner000002","name":"clitestattsigner000002","type":"Microsoft.Attestation/attestationProviders","location":"eastus2","tags":null,"properties":{"trustModel":"AAD","status":"Ready","attestUri":"https://clitestattsigner000002.eus2.attest.azure.net"}}' + headers: + cache-control: + - no-cache + content-length: + - '468' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Kestrel + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - python/3.7.5 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.4 + azure-attestation/0.1.0 Azure-SDK-For-Python + accept-language: + - en-US + method: GET + uri: https://clitestattsigner000002.eus2.attest.azure.net/operations/policy/certificates?api-version=2018-09-01-preview + response: + body: + string: '"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vY2xpdGVzdGF0dHNpZ25lcnhhazd5dmFoLmV1czIuYXR0ZXN0LmF6dXJlLm5ldC9jZXJ0cyIsICJraWQiOiAiUlRTOUs3SjZlMm9ZdFV4OGh1ZnlQa1R5ZXVVY2g0aVpxL2MxZDZJcFhJVT0iLCAidHlwIjogIkpXVCJ9.eyJhYXMtcG9saWN5Q2VydGlmaWNhdGVzIjogeyJrZXlzIjogW119LCAiZXhwIjogMTU5NzY1Mjg5MCwgImlhdCI6IDE1OTc2NDkyOTAsICJpc3MiOiAiaHR0cHM6Ly9jbGl0ZXN0YXR0c2lnbmVyeGFrN3l2YWguZXVzMi5hdHRlc3QuYXp1cmUubmV0IiwgIm1hYS1wb2xpY3lDZXJ0aWZpY2F0ZXMiOiB7ImtleXMiOiBbXX0sICJuYmYiOiAxNTk3NjQ5MjkwfQ.QCgaNaxa_41xhGw-Blvcjr5tuj1uxS3FNi6yIh3gg4fSMlpDSE9Tl0Dqb50UJsQVRrzgsZNlUevjeOGCDJtp--eA11Jc1IGte7hgah-vApMSOEaWMAu6Sgo1HGcQEVCuO0UrssKrzPQhxALBNcvmNvEWS8ILTiuDveL_9MRnSd07kY12W5qbEpSEfWFpA1KBy7O8n0VusBqpM3FKI9anAXqhbr262KxeLvxVM_ahv_M1Hr_Ij2HCOuubUjrHYTg_dih7Fl8vNEIcF3GVUwLGPsKGM1YxCHrRrseBXjO-mYaMdpvFRpurU_6FRsTdtAk2hLXyGMcFwNt3LtSLLzImfA"' + headers: + content-length: + - '824' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:09 GMT + server: + - Kestrel + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - python/3.7.5 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.4 + azure-attestation/0.1.0 Azure-SDK-For-Python + accept-language: + - en-US + method: GET + uri: https://clitestattsigner000002.eus2.attest.azure.net/operations/policy/certificates?api-version=2018-09-01-preview + response: + body: + string: '"eyJhbGciOiAiUlMyNTYiLCAiamt1IjogImh0dHBzOi8vY2xpdGVzdGF0dHNpZ25lcnhhazd5dmFoLmV1czIuYXR0ZXN0LmF6dXJlLm5ldC9jZXJ0cyIsICJraWQiOiAiUlRTOUs3SjZlMm9ZdFV4OGh1ZnlQa1R5ZXVVY2g0aVpxL2MxZDZJcFhJVT0iLCAidHlwIjogIkpXVCJ9.eyJhYXMtcG9saWN5Q2VydGlmaWNhdGVzIjogeyJrZXlzIjogW119LCAiZXhwIjogMTU5NzY1Mjg5MiwgImlhdCI6IDE1OTc2NDkyOTIsICJpc3MiOiAiaHR0cHM6Ly9jbGl0ZXN0YXR0c2lnbmVyeGFrN3l2YWguZXVzMi5hdHRlc3QuYXp1cmUubmV0IiwgIm1hYS1wb2xpY3lDZXJ0aWZpY2F0ZXMiOiB7ImtleXMiOiBbXX0sICJuYmYiOiAxNTk3NjQ5MjkyfQ.I_XcHuM0IuuQ3oNMm8QGNs1zl7XYXYl9tCbwol3IMmp0Y3RwnXo6Qe3L-WxECKDLKdq5IKXqC8PRsX7EP5Wwa6RPoOQ_Veq1ewBErrIAoumtQgeRc04_soZpoC-UFbA8r-idBDWsFuVRSHnDnqlePH2mcAvA8s8IhS2VuVluJszeRleVxCnSXuhjbf8Te6GpDyfDXG8ixiDrPhWMzJp3JII8Lo0HV731KsrmOOMxPdw3BP6tzfr-LkQzfsVidxEEjUCZ5KJpXSLBD8N5UaYepPtPqT8oju5yx0tFBd4YJMcK_uh4jd9o0m0yMfxFMlm2qYJDG6MQsRjVxnY9V85T9A"' + headers: + content-length: + - '824' + content-type: + - application/json; charset=utf-8 + date: + - Mon, 17 Aug 2020 07:28:11 GMT + server: + - Kestrel + x-ms-maa-service-version: + - 1.10.01287.0001 + status: + code: 200 + message: OK +version: 1 diff --git a/src/attestation/azext_attestation/tests/latest/test_attestation_scenario.py b/src/attestation/azext_attestation/tests/latest/test_attestation_scenario.py index 8c10c59c662..685fd93f8e5 100644 --- a/src/attestation/azext_attestation/tests/latest/test_attestation_scenario.py +++ b/src/attestation/azext_attestation/tests/latest/test_attestation_scenario.py @@ -9,10 +9,8 @@ # -------------------------------------------------------------------------- import os -from .. import try_manual, raise_if -from azure.cli.testsdk import JMESPathCheck -from azure.cli.testsdk import JMESPathCheckExists -from azure.cli.testsdk import NoneCheck +import unittest + from azure.cli.testsdk import ResourceGroupPreparer from azure.cli.testsdk import ScenarioTest @@ -20,101 +18,105 @@ TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) -@try_manual -def setup(test, rg): - pass - - -# EXAMPLE: AttestationProviders_Create -@try_manual -def step_attestationproviders_create(test, rg): - test.cmd('az attestation create ' - '--name "{myattestation}" ' - '--resource-group "{rg}" ' - '--location "eastus2" ' - '--tags aKey=aValue anotherKey=anotherValue ' - '--certs-input-path "src/attestation/azext_attestation/tests/latest/policySigningCerts.pem"', - checks=[ - JMESPathCheck('name', test.kwargs.get('myattestation', '')), - JMESPathCheck('resourceGroup', rg), - JMESPathCheck('location', 'eastus2'), - JMESPathCheck( - 'tags', '{\'aKey\': \'aValue\', \'anotherKey\': \'anotherValue\'}')]) - - -# EXAMPLE: AttestationProviders_Get -@try_manual -def step_attestationproviders_get(test, rg): - test.cmd('az attestation show ' - '--name "{myattestation}" ' - '--resource-group "{rg}"', - checks=[ - JMESPathCheck('name', test.kwargs.get('myattestation', '')), - JMESPathCheck('resourceGroup', rg), - JMESPathCheck('location', 'eastus2') - ]) - - -# EXAMPLE: AttestationProviders_List -@try_manual -def step_attestationproviders_list(test, rg): - test.cmd('az attestation list ' - '--resource-group=', - checks=[ - JMESPathCheckExists('value[?name==\'{}\']'.format( - test.kwargs.get('myattestation', ''))) - ]) - - -# EXAMPLE: AttestationProviders_ListByResourceGroup -@try_manual -def step_attestationproviders_listbyresourcegroup(test, rg): - test.cmd('az attestation list ' - '--resource-group "{rg}"', - checks=[ - JMESPathCheck('value[0].name', - test.kwargs.get('myattestation', '')) - ]) - - -# EXAMPLE: AttestationProviders_Delete -@try_manual -def step_attestationproviders_delete(test, rg): - test.cmd('az attestation delete ' - '--name "{myattestation}" ' - '--resource-group "{rg}" ' - '--yes', - checks=[]) - test.cmd('az attestation list ' - '--resource-group "{rg}"', - checks=[test.check('length(value)', 0)]) - - -@try_manual -def cleanup(test, rg): - pass - - -@try_manual -def call_scenario(test, rg): - setup(test, rg) - step_attestationproviders_create(test, rg) - step_attestationproviders_get(test, rg) - step_attestationproviders_list(test, rg) - step_attestationproviders_listbyresourcegroup(test, rg) - step_attestationproviders_delete(test, rg) - cleanup(test, rg) - - -@try_manual -class AttestationManagementClientScenarioTest(ScenarioTest): - - @ResourceGroupPreparer(name_prefix='clitestattestation_MyResourceGroup'[:7], key='rg', parameter_name='rg') - def test_attestation(self, rg): +class AttestationMgmtScenarioTest(ScenarioTest): + def _create(self, rg): + self.kwargs['cert_path'] = os.path.join(TEST_DIR, 'policySigningCerts.pem') + self.cmd('az attestation create ' + '--name "{myattestation}" ' + '--resource-group "{rg}" ' + '--location "eastus2" ' + '--tags aKey=aValue anotherKey=anotherValue ' + '--certs-input-path "{cert_path}"', + checks=[ + self.check('name', '{myattestation}'), + self.check('resourceGroup', rg), + self.check('location', 'eastus2'), + self.check('tags', '{{\'aKey\': \'aValue\', \'anotherKey\': \'anotherValue\'}}') + ]) + + def _get(self, rg): + self.cmd('az attestation show ' + '--name "{myattestation}" ' + '--resource-group "{rg}"', + checks=[ + self.check('name', '{myattestation}'), + self.check('resourceGroup', rg), + self.check('location', 'eastus2') + ]) + + def _list_by_resource_group(self, rg): + self.cmd('az attestation list ' + '--resource-group "{rg}"', + checks=self.check('[0].name', '{myattestation}')) + + def _list_by_subscription(self): + self.cmd('az attestation list', checks=self.check('length(@)', 6)) + + def _delete(self, rg): + self.cmd('az attestation delete ' + '--name "{myattestation}" ' + '--resource-group "{rg}" ' + '--yes') + self.cmd('az attestation list ' + '--resource-group "{rg}"', + checks=self.check('length(@)', 0)) + + @ResourceGroupPreparer(name_prefix='cli_test_att') + def test_attestation_mgmt(self, resource_group): + self.kwargs.update({ + 'myattestation': self.create_random_name(prefix='clitestatt', length=24) + }) + + self._create(resource_group) + self._get(resource_group) + self._list_by_resource_group(resource_group) + self._list_by_subscription() + self._delete(resource_group) + + +class AttestationSignerScenarioTest(ScenarioTest): + @ResourceGroupPreparer(name_prefix='cli_test_att_signer') + def test_attestation_signer(self, resource_group): + self.kwargs.update({ + 'att_name': self.create_random_name(prefix='clitestattsigner', length=24), + 'loc': 'eastus2', + }) + + att_json = self.cmd('az attestation create -n {att_name} -g {rg} -l {loc}').get_output_in_json() + self.kwargs['att_url'] = att_json['attestUri'] + + self.cmd('az attestation signer list -n {att_name} -g {rg}', checks=[ + self.exists('jwt'), + self.exists('iss') + ]) + self.cmd('az attestation signer list --attestation-base-url {att_url} -g {rg}', checks=[ + self.exists('jwt'), + self.exists('iss') + ]) + +class AttestationPolicyScenarioTest(ScenarioTest): + @ResourceGroupPreparer(name_prefix='cli_test_att_policy') + def test_attestation_policy(self, resource_group): self.kwargs.update({ - 'myattestation': self.create_random_name(prefix='clitestattestation'[:9], length=24) + 'att_name': self.create_random_name(prefix='clitestattpolicy', length=24), + 'loc': 'eastus2', }) - call_scenario(self, rg) - raise_if() + att_json = self.cmd('az attestation create -n {att_name} -g {rg} -l {loc}').get_output_in_json() + self.kwargs['att_url'] = att_json['attestUri'] + + self.cmd('az attestation policy show -n {att_name} -g {rg} --tee CyResComponent', checks=[ + self.exists('jwt'), + self.exists('AttestationPolicy') + ]) + self.cmd('az attestation policy show --attestation-base-url {att_url} -g {rg} --tee CyResComponent', checks=[ + self.exists('jwt'), + self.exists('AttestationPolicy') + ]) + self.cmd('az attestation policy reset -n {att_name} -g {rg} --tee SgxEnclave ' + '--policy-jws "eyJhbGciOiJub25lIn0.."') + + +if __name__ == '__main__': + unittest.main() diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/__init__.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/__init__.py new file mode 100644 index 00000000000..cfca63c02e0 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/__init__.py @@ -0,0 +1,19 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._configuration import AttestationClientConfiguration +from ._attestation_client import AttestationClient +__all__ = ['AttestationClient', 'AttestationClientConfiguration'] + +from .version import VERSION + +__version__ = VERSION + diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/_attestation_client.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/_attestation_client.py new file mode 100644 index 00000000000..43648228be5 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/_attestation_client.py @@ -0,0 +1,61 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.service_client import SDKClient +from msrest import Serializer, Deserializer + +from ._configuration import AttestationClientConfiguration +from .operations import PolicyOperations +from .operations import PolicyCertificatesOperations +from .operations import SigningCertificatesOperations +from .operations import MetadataConfigurationOperations +from . import models + + +class AttestationClient(SDKClient): + """Describes the interface for the per-tenant enclave service. + + :ivar config: Configuration for client. + :vartype config: AttestationClientConfiguration + + :ivar policy: Policy operations + :vartype policy: azure.attestation.operations.PolicyOperations + :ivar policy_certificates: PolicyCertificates operations + :vartype policy_certificates: azure.attestation.operations.PolicyCertificatesOperations + :ivar signing_certificates: SigningCertificates operations + :vartype signing_certificates: azure.attestation.operations.SigningCertificatesOperations + :ivar metadata_configuration: MetadataConfiguration operations + :vartype metadata_configuration: azure.attestation.operations.MetadataConfigurationOperations + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials): + + self.config = AttestationClientConfiguration(credentials) + super(AttestationClient, self).__init__(self.config.credentials, self.config) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '2018-09-01-preview' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + self.policy = PolicyOperations( + self._client, self.config, self._serialize, self._deserialize) + self.policy_certificates = PolicyCertificatesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.signing_certificates = SigningCertificatesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.metadata_configuration = MetadataConfigurationOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/_configuration.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/_configuration.py new file mode 100644 index 00000000000..4346af59281 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/_configuration.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from msrestazure import AzureConfiguration + +from .version import VERSION + + +class AttestationClientConfiguration(AzureConfiguration): + """Configuration for AttestationClient + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + """ + + def __init__( + self, credentials): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + base_url = '{tenantBaseUrl}' + + super(AttestationClientConfiguration, self).__init__(base_url) + + # Starting Autorest.Python 4.0.64, make connection pool activated by default + self.keep_alive = True + + self.add_user_agent('azure-attestation/{}'.format(VERSION)) + self.add_user_agent('Azure-SDK-For-Python') + + self.credentials = credentials diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/__init__.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/__init__.py new file mode 100644 index 00000000000..e51294edbea --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/__init__.py @@ -0,0 +1,23 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import AttestationPolicy +except (SyntaxError, ImportError): + from ._models import AttestationPolicy +from ._attestation_client_enums import ( + TeeKind, +) + +__all__ = [ + 'AttestationPolicy', + 'TeeKind', +] diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_attestation_client_enums.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_attestation_client_enums.py new file mode 100644 index 00000000000..4d5bea35696 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_attestation_client_enums.py @@ -0,0 +1,20 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum + + +class TeeKind(str, Enum): + + sgx_enclave = "SgxEnclave" #: Intel Software Guard eXtensions + open_enclave = "OpenEnclave" #: OpenEnclave extensions to SGX + cy_res_component = "CyResComponent" #: IoT Edge validation + vsm_enclave = "VSMEnclave" #: VSM Enclave Attestation diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models.py new file mode 100644 index 00000000000..aa159280ba7 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from msrest.exceptions import HttpOperationError + + +class AttestationPolicy(Model): + """AttestationPolicy. + + :param policy: String-encoded attestation policy document. + :type policy: str + """ + + _attribute_map = { + 'policy': {'key': 'policy', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AttestationPolicy, self).__init__(**kwargs) + self.policy = kwargs.get('policy', None) + + +class CloudError(Model): + """An error response from Attestation. + + :param error: + :type error: ~azure.attestation.models.CloudErrorBody + """ + + _attribute_map = { + 'error': {'key': 'error', 'type': 'CloudErrorBody'}, + } + + def __init__(self, **kwargs): + super(CloudError, self).__init__(**kwargs) + self.error = kwargs.get('error', None) + + +class CloudErrorException(HttpOperationError): + """Server responsed with exception of type: 'CloudError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, deserialize, response, *args): + + super(CloudErrorException, self).__init__(deserialize, response, 'CloudError', *args) + + +class CloudErrorBody(Model): + """An error response from Attestation. + + :param code: An identifier for the error. Codes are invariant and are + intended to be consumed programmatically. + :type code: str + :param message: A message describing the error, intended to be suitable + for displaying in a user interface. + :type message: str + """ + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CloudErrorBody, self).__init__(**kwargs) + self.code = kwargs.get('code', None) + self.message = kwargs.get('message', None) diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models_py3.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models_py3.py new file mode 100644 index 00000000000..9bddedd46d5 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/models/_models_py3.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from msrest.exceptions import HttpOperationError + + +class AttestationPolicy(Model): + """AttestationPolicy. + + :param policy: String-encoded attestation policy document. + :type policy: str + """ + + _attribute_map = { + 'policy': {'key': 'policy', 'type': 'str'}, + } + + def __init__(self, *, policy: str=None, **kwargs) -> None: + super(AttestationPolicy, self).__init__(**kwargs) + self.policy = policy + + +class CloudError(Model): + """An error response from Attestation. + + :param error: + :type error: ~azure.attestation.models.CloudErrorBody + """ + + _attribute_map = { + 'error': {'key': 'error', 'type': 'CloudErrorBody'}, + } + + def __init__(self, *, error=None, **kwargs) -> None: + super(CloudError, self).__init__(**kwargs) + self.error = error + + +class CloudErrorException(HttpOperationError): + """Server responsed with exception of type: 'CloudError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, deserialize, response, *args): + + super(CloudErrorException, self).__init__(deserialize, response, 'CloudError', *args) + + +class CloudErrorBody(Model): + """An error response from Attestation. + + :param code: An identifier for the error. Codes are invariant and are + intended to be consumed programmatically. + :type code: str + :param message: A message describing the error, intended to be suitable + for displaying in a user interface. + :type message: str + """ + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + } + + def __init__(self, *, code: str=None, message: str=None, **kwargs) -> None: + super(CloudErrorBody, self).__init__(**kwargs) + self.code = code + self.message = message diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/__init__.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/__init__.py new file mode 100644 index 00000000000..521137a0b3c --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/__init__.py @@ -0,0 +1,22 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._policy_operations import PolicyOperations +from ._policy_certificates_operations import PolicyCertificatesOperations +from ._signing_certificates_operations import SigningCertificatesOperations +from ._metadata_configuration_operations import MetadataConfigurationOperations + +__all__ = [ + 'PolicyOperations', + 'PolicyCertificatesOperations', + 'SigningCertificatesOperations', + 'MetadataConfigurationOperations', +] diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_metadata_configuration_operations.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_metadata_configuration_operations.py new file mode 100644 index 00000000000..60b4da09d64 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_metadata_configuration_operations.py @@ -0,0 +1,100 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class MetadataConfigurationOperations(object): + """MetadataConfigurationOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + + self.config = config + + def get( + self, tenant_base_url, custom_headers=None, raw=False, **operation_config): + """Retrieves the OpenID Configuration data for the Azure Attestation + Service. + + Retrieves metadata about the attestation signing keys in use by the + attestation service. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('object', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/.well-known/openid-configuration'} diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_certificates_operations.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_certificates_operations.py new file mode 100644 index 00000000000..efc823e1c07 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_certificates_operations.py @@ -0,0 +1,244 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class PolicyCertificatesOperations(object): + """PolicyCertificatesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: Client API version. Constant value: "2018-09-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2018-09-01-preview" + + self.config = config + + def get( + self, tenant_base_url, custom_headers=None, raw=False, **operation_config): + """Retrieves the set of certificates used to express policy for the + current tenant. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('str', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/operations/policy/certificates'} + + def add( + self, tenant_base_url, policy_certificate_to_add, custom_headers=None, raw=False, **operation_config): + """Adds a new attestation policy certificate to the set of policy + management certificates. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param policy_certificate_to_add: An RFC7519 JSON Web Token containing + a claim named "aas-policyCertificate" whose value is an RFC7517 JSON + Web Key which specifies a new key to add. The RFC7519 JWT must be + signed with one of the existing signing certificates + :type policy_certificate_to_add: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.add.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(policy_certificate_to_add, 'str') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('str', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + add.metadata = {'url': '/operations/policy/certificates'} + + def remove( + self, tenant_base_url, policy_certificate_to_remove, custom_headers=None, raw=False, **operation_config): + """Removes the specified policy management certificate. Note that the + final policy management certificate cannot be removed. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param policy_certificate_to_remove: An RFC7519 JSON Web Token + containing a claim named "aas-policyCertificate" whose value is an + RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 + JWT must be signed with one of the existing signing certificates + :type policy_certificate_to_remove: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.remove.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(policy_certificate_to_remove, 'str') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('str', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + remove.metadata = {'url': '/operations/policy/certificates'} diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_operations.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_operations.py new file mode 100644 index 00000000000..11e85fe7c73 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_policy_operations.py @@ -0,0 +1,323 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class PolicyOperations(object): + """PolicyOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: Client API version. Constant value: "2018-09-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2018-09-01-preview" + + self.config = config + + def prepare_to_set( + self, tenant_base_url, tee, policy_jws, custom_headers=None, raw=False, **operation_config): + """Accepts a new policy document and returns a JWT which expresses used + in preparation to set attestation policy. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param tee: Specifies the trusted execution environment to be used to + validate the evidence. Possible values include: 'SgxEnclave', + 'OpenEnclave', 'CyResComponent', 'VSMEnclave' + :type tee: str or ~azure.attestation.models.TeeKind + :param policy_jws: JSON Web Signature (See RFC7515) expressing the new + policy + :type policy_jws: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.prepare_to_set.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + query_parameters['tee'] = self._serialize.query("tee", tee, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'text/plain' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(policy_jws, 'str') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('str', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + prepare_to_set.metadata = {'url': '/operations/policy/updatepolicy'} + + def get( + self, tenant_base_url, tee, custom_headers=None, raw=False, **operation_config): + """Retrieves the current policy for a given kind of TEE. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param tee: Specifies the trusted execution environment to be used to + validate the evidence. Possible values include: 'SgxEnclave', + 'OpenEnclave', 'CyResComponent', 'VSMEnclave' + :type tee: str or ~azure.attestation.models.TeeKind + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + query_parameters['tee'] = self._serialize.query("tee", tee, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AttestationPolicy', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/operations/policy/current'} + + def set( + self, tenant_base_url, tee, new_attestation_policy, custom_headers=None, raw=False, **operation_config): + """Sets the policy for a given kind of TEE. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param tee: Specifies the trusted execution environment to be used to + validate the evidence. Possible values include: 'SgxEnclave', + 'OpenEnclave', 'CyResComponent', 'VSMEnclave' + :type tee: str or ~azure.attestation.models.TeeKind + :param new_attestation_policy: JWT Expressing the new policy + :type new_attestation_policy: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.set.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + query_parameters['tee'] = self._serialize.query("tee", tee, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'text/plain' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(new_attestation_policy, 'str') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + set.metadata = {'url': '/operations/policy/current'} + + def reset( + self, tenant_base_url, tee, policy_jws, custom_headers=None, raw=False, **operation_config): + """Resets the attestation policy for the specified tenant and reverts to + the default policy. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param tee: Specifies the trusted execution environment to be used to + validate the evidence. Possible values include: 'SgxEnclave', + 'OpenEnclave', 'CyResComponent', 'VSMEnclave' + :type tee: str or ~azure.attestation.models.TeeKind + :param policy_jws: JSON Web Signature with an empty policy document + :type policy_jws: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.reset.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + query_parameters['tee'] = self._serialize.query("tee", tee, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'text/plain' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(policy_jws, 'str') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400, 401]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('str', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + if response.status_code == 401: + deserialized = self._deserialize('str', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + reset.metadata = {'url': '/operations/policy/current'} diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_signing_certificates_operations.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_signing_certificates_operations.py new file mode 100644 index 00000000000..e06f0da09d2 --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/operations/_signing_certificates_operations.py @@ -0,0 +1,99 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class SigningCertificatesOperations(object): + """SigningCertificatesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + + self.config = config + + def get( + self, tenant_base_url, custom_headers=None, raw=False, **operation_config): + """Retrieves the OpenID Configuration data for the Azure Attestation + Service. + + Retrieves attestation signing keys in use by the attestation service. + + :param tenant_base_url: The tenant name, for example + https://mytenant.attest.azure.net. + :type tenant_base_url: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: object or ClientRawResponse if raw=true + :rtype: object or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'tenantBaseUrl': self._serialize.url("tenant_base_url", tenant_base_url, 'str', skip_quote=True) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 400]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('object', response) + if response.status_code == 400: + deserialized = self._deserialize('CloudError', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/certs'} diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_attestation/version.py b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/version.py new file mode 100644 index 00000000000..e0ec669828c --- /dev/null +++ b/src/attestation/azext_attestation/vendored_sdks/azure_attestation/version.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +VERSION = "0.1.0" + diff --git a/src/attestation/azext_attestation/vendored_sdks/azure_mgmt_attestation/setup.py b/src/attestation/azext_attestation/vendored_sdks/azure_mgmt_attestation/setup.py index 3e268afcb5c..7d2465bc0f2 100644 --- a/src/attestation/azext_attestation/vendored_sdks/azure_mgmt_attestation/setup.py +++ b/src/attestation/azext_attestation/vendored_sdks/azure_mgmt_attestation/setup.py @@ -19,7 +19,7 @@ # prerequisite: setuptools # http://pypi.python.org/pypi/setuptools -REQUIRES = ["msrest>=0.6.0", "azure-core<2.0.0,>=1.2.0"] +REQUIRES = ["msrest>=0.6.0", "azure-core<2.0.0,>=1.2.0", "pyjwt<2.0.0,>=1.7.1"] setup( name=NAME,