diff --git a/go.mod b/go.mod index 9da4ec88f6..3eebd627c3 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.3 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 - github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1 + github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0 github.com/Masterminds/semver v1.5.0 github.com/Microsoft/go-winio v0.4.17 github.com/Microsoft/hcsshim v0.8.23 @@ -54,7 +54,7 @@ require ( require ( code.cloudfoundry.org/clock v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect diff --git a/go.sum b/go.sum index 5e12cf8d48..b6a036d281 100644 --- a/go.sum +++ b/go.sum @@ -47,10 +47,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4Sath github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1 h1:X7FHRMKr0u5YiPnD6L/nqG64XBOcK0IYavhAHBQEmms= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1/go.mod h1:WcC2Tk6JyRlqjn2byvinNnZzgdXmZ1tOiIOWNh1u0uA= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0 h1:82w8tzLcOwDP/Q35j/wEBPt0n0kVC3cjtPdD62G8UAk= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0/go.mod h1:S78i9yTr4o/nXlH76bKjGUye9Z2wSxO5Tz7GoDr4vfI= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/CHANGELOG.md index 868a527ddf..ede3b6e025 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/CHANGELOG.md +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/CHANGELOG.md @@ -1,5 +1,38 @@ # Release History +## 0.11.0 (2022-11-08) + +### Breaking Changes +* `NewClient` returns an `error` + +## 0.10.1 (2022-09-20) + +### Features Added +* Added `ClientOptions.DisableChallengeResourceVerification`. + See https://aka.ms/azsdk/blog/vault-uri for more information. + +## 0.10.0 (2022-09-12) + +### Breaking Changes +* Verify the challenge resource matches the vault domain. + +## 0.9.0 (2022-08-09) + +### Breaking Changes +* Changed type of `NewClient` options parameter to `azsecrets.ClientOptions`, which embeds + the former type, `azcore.ClientOptions` + +## 0.8.0 (2022-07-07) + +### Breaking Changes +* The `Client` API now corresponds more directly to the Key Vault REST API. + Most method signatures and types have changed. See the + [module documentation](https://aka.ms/azsdk/go/keyvault-secrets/docs) + for updated code examples and more details. + +### Other Changes +* Upgrade to latest `azcore` + ## 0.7.1 (2022-05-12) ### Other Changes diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/README.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/README.md index 7cec8e52f2..9365444acb 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/README.md +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/README.md @@ -1,427 +1,143 @@ -# Azure Key Vault Secrets client library for Go +# Azure Key Vault Secrets client module for Go + Azure Key Vault helps solve the following problems: -* Secrets management (this library) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets -* Cryptographic key management ([azkeys](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) - create, store, and control access to the keys used to encrypt your data -* Certificate management ([azcertificates](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azcertificates)) - create, manage, and deploy public and private SSL/TLS certificates -Azure Key Vault helps securely store and control access to tokens, passwords, certificates, API keys, and other secrets. +* Secrets management (this module) - securely store and control access to tokens, passwords, certificates, API keys, and other secrets +* Cryptographic key management ([azkeys](https://azsdk/go/keyvault-keys/docs)) - create, store, and control access to the keys used to encrypt your data +* Certificate management ([azcertificates](https://aka.ms/azsdk/go/keyvault-certificates/docs)) - create, manage, and deploy public and private SSL/TLS certificates -[Source code][secret_client_src] | [Package (pkg.go.dev)][reference_docs] | [Product documentation][keyvault_docs] | [Samples][secrets_samples] +[Source code][module_source] | [Package (pkg.go.dev)][reference_docs] | [Product documentation][keyvault_docs] | [Samples][secrets_samples] ## Getting started ### Install packages -Install `azsecrets` and [azidentity][azidentity_goget]: + +Install `azsecrets` and `azidentity` with `go get`: ``` -go get -u github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets +go get github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets +go get github.com/Azure/azure-sdk-for-go/sdk/azidentity ``` [azidentity][azure_identity] is used for Azure Active Directory authentication as demonstrated below. -``` -go get -u github.com/Azure/azure-sdk-for-go/sdk/azidentity -``` ### Prerequisites + * An [Azure subscription][azure_sub] -* Go version 1.18 or later -* A Key Vault. If you need to create one, you can use the [Azure Cloud Shell][azure_cloud_shell] to create one with these commands (replace `"my-resource-group"` and `"my-key-vault"` with your own, unique names): - - (Optional) if you want a new resource group to hold the Key Vault: - ```sh - az group create --name my-resource-group --location westus2 - ``` - - Create the Key Vault: - ```Bash - az keyvault create --resource-group my-resource-group --name my-key-vault - ``` - - Output: - ```json - { - "id": "...", - "location": "westus2", - "name": "my-key-vault", - "properties": { - "accessPolicies": [...], - "createMode": null, - "enablePurgeProtection": null, - "enableSoftDelete": null, - "enabledForDeployment": false, - "enabledForDiskEncryption": null, - "enabledForTemplateDeployment": null, - "networkAcls": null, - "provisioningState": "Succeeded", - "sku": { "name": "standard" }, - "tenantId": "...", - "vaultUri": "https://my-key-vault.vault.azure.net/" - }, - "resourceGroup": "my-resource-group", - "type": "Microsoft.KeyVault/vaults" - } - ``` - - > The `"vaultUri"` property is the `vaultUrl` used by [azsecrets.NewClient][secret_client_docs] - -### Authenticate the client -This document demonstrates using [DefaultAzureCredential][default_cred_ref] to authenticate as a service principal. However, [Client][secret_client_docs] accepts any [azidentity][azure_identity] credential. See the [azidentity][azure_identity] documentation for more information about other credentials. - - -#### Create a service principal (optional) -This [Azure Cloud Shell][azure_cloud_shell] snippet shows how to create a new service principal. Before using it, replace "your-application-name" with a more appropriate name for your service principal. - -Create a service principal: -```Bash -az ad sp create-for-rbac --name http://my-application --skip-assignment -``` +* A supported Go version (the Azure SDK supports the two most recent Go releases) +* A key vault. If you need to create one, see the Key Vault documentation for instructions on doing so in the [Azure Portal][azure_keyvault_portal] or with the [Azure CLI][azure_keyvault_cli]. -> Output: -> ```json -> { -> "appId": "generated app id", -> "displayName": "my-application", -> "name": "http://my-application", -> "password": "random password", -> "tenant": "tenant id" -> } -> ``` - -Use the output to set **AZURE_CLIENT_ID** ("appId" above), **AZURE_CLIENT_SECRET** ("password" above) and **AZURE_TENANT_ID** ("tenant" above) environment variables. The following example shows a way to do this in Bash: -```Bash -export AZURE_CLIENT_ID="generated app id" -export AZURE_CLIENT_SECRET="random password" -export AZURE_TENANT_ID="tenant id" -``` +### Authentication -Authorize the service principal to perform key operations in your Key Vault: -```Bash -az keyvault set-policy --name my-key-vault --spn $AZURE_CLIENT_ID --secret-permissions get set list delete backup recover restore purge -``` -> Possible permissions: -> - Secret management: set, backup, delete, get, list, purge, recover, restore +This document demonstrates using [azidentity.NewDefaultAzureCredential][default_cred_ref] to authenticate. This credential type works in both local development and production environments. We recommend using a [managed identity][managed_identity] in production. -If you have enabled role-based access control (RBAC) for Key Vault instead, you can find roles like "Key Vault Secrets Officer" in our [RBAC guide][rbac_guide]. +[Client][client_docs] accepts any [azidentity][azure_identity] credential. See the [azidentity][azure_identity] documentation for more information about other credential types. #### Create a client -Once the **AZURE_CLIENT_ID**, **AZURE_CLIENT_SECRET** and **AZURE_TENANT_ID** environment variables are set, [DefaultAzureCredential][default_cred_ref] will be able to authenticate the Client. -Constructing the client also requires your vault's URL, which you can get from the Azure CLI or the Azure Portal. In the Azure Portal, this URL is the vault's "DNS Name". +Constructing the client also requires your vault's URL, which you can get from the Azure CLI or the Azure Portal. ```golang import ( - "context" - "fmt" - "os" - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" ) func main() { - vaultURL := os.Getenv("AZURE_KEYVAULT_URL") cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { - panic(err) + // TODO: handle error } - client, err := azsecrets.NewClient(vaultURL, cred, nil) - if err != nil { - panic(err) - } + client := azsecrets.NewClient("https://.vault.azure.net", cred, nil) } ``` ## Key concepts + ### Secret + A secret consists of a secret value and its associated metadata and management information. This library handles secret values as strings, but Azure Key Vault doesn't store them as such. For more information about secrets and how Key Vault stores and manages them, see the [Key Vault documentation](https://docs.microsoft.com/azure/key-vault/general/about-keys-secrets-certificates). -Client can set secret values in the vault, update secret metadata, and delete secrets, as shown in the [examples](#examples "examples") below. +`azseecrets.Client` can set secret values in the vault, update secret metadata, and delete secrets, as shown in the examples below. ## Examples -This section contains code snippets covering common tasks: -* [Set a Secret](#set-a-secret "Set a Secret") -* [Retrieve a Secret](#retrieve-a-secret "Retrieve a Secret") -* [Update Secret metadata](#update-secret-metadata "Update Secret metadata") -* [Delete a Secret](#delete-a-secret "Delete a Secret") -* [List Secrets](#list-secrets "List Secrets") - -### Set a Secret -[SetSecret](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#Client.SetSecret) creates new secrets and changes the values of existing secrets. If no secret with the given name exists, `SetSecret` creates a new secret with that name and the given value. If the given name is in use, `SetSecret` creates a new version of that secret, with the given value. - -```golang -import ( - "context" - "fmt" - "os" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" -) - -func main() { - vaultURL := os.Getenv("AZURE_KEYVAULT_URL") - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - panic(err) - } - - client, err := azsecrets.NewClient(vaultURL, cred, nil) - if err != nil { - panic(err) - } - - secretName := "mySecret" - secretValue := "mySecretValue" - - resp, err := client.SetSecret(context.TODO(), secretName, secretValue, nil) - if err != nil { - panic(err) - } - - fmt.Printf("Set secret %s", *resp.Secret.ID) -} -``` - -### Retrieve a Secret -[GetSecret](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#Client.GetSecret) retrieves a secret previously stored in the Key Vault. - -```golang -import ( - "context" - "fmt" - "os" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" -) - -func main() { - vaultURL := os.Getenv("AZURE_KEYVAULT_URL") - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - panic(err) - } - - client, err := azsecrets.NewClient(vaultURL, cred, nil) - if err != nil { - panic(err) - } - - resp, err := client.GetSecret(context.TODO(), "mySecretName", nil) - if err != nil { - panic(err) - } - - fmt.Printf("Secret Name: %s\tSecret Value: %s", *resp.Secret.ID, *resp.Secret.Value) -} -``` - -### Update Secret metadata -`UpdateSecretProperties` updates a secret's metadata. It cannot change the secret's value; use [SetSecret](#set-a-secret) to set a secret's value. - -```golang -import ( - "context" - "fmt" - "os" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" -) - -func main() { - vaultURL := os.Getenv("AZURE_KEYVAULT_URL") - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - panic(err) - } - - client, err := azsecrets.NewClient(vaultURL, cred, nil) - if err != nil { - panic(err) - } - - getResp, err := client.GetSecret(context.TODO(), "secret-to-update", nil) - if err != nil { - panic(err) - } - - if getResp.Secret.Properties == nil { - getResp.Secret.Properties = &azsecrets.Properties{} - } - getResp.Secret.Properties = &azsecrets.Properties{ - Enabled: to.Ptr(true), - ExpiresOn: to.Ptr(time.Now().Add(48 * time.Hour)), - NotBefore: to.Ptr(time.Now().Add(-24 * time.Hour)), - ContentType: to.Ptr("password"), - Tags: map[string]string{"Tag1": "Tag1Value"}, - // Remember to preserve the name and version - Name: getResp.Secret.Properties.Name, - Version: getResp.Secret.Properties.Version, - } - resp, err := client.UpdateSecretProperties(context.Background(), *getResp.Secret, nil) - if err != nil { - panic(err) - } - fmt.Printf("Updated secret with ID: %s\n", *resp.Secret.ID) -} -``` - -### Delete a Secret -[BeginDeleteSecret](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#Client.BeginDeleteSecret) requests Key Vault delete a secret, returning a poller which allows you to wait for the deletion to finish. Waiting is helpful when the vault has [soft-delete][soft_delete] enabled, and you want to purge (permanently delete) the secret as soon as possible. When [soft-delete][soft_delete] is disabled, `BeginDeleteSecret` itself is permanent. - -```golang -import ( - "context" - "fmt" - "os" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" -) - -func main() { - vaultURL := os.Getenv("AZURE_KEYVAULT_URL") - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - panic(err) - } - - client, err := azsecrets.NewClient(vaultURL, cred, nil) - if err != nil { - panic(err) - } - - resp, err := client.BeginDeleteSecret(context.TODO(), "secretToDelete", nil) - if err != nil { - panic(err) - } - - // If you do not care when the secret is deleted, you do not have to - // call resp.PollUntilDone. If you need to know when it's done use - // the PollUntilDone method. - _, err = resp.PollUntilDone(context.TODO(), 250*time.Millisecond) - if err != nil { - panic(err) - } -} -``` - -### List secrets -[ListPropertiesOfSecrets](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#Client.ListPropertiesOfSecrets) lists the properties of all of the secrets in the client's vault. This list doesn't include the secret's values. - -```golang -import ( - "context" - "fmt" - "os" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" -) -func main() { - vaultURL := os.Getenv("AZURE_KEYVAULT_URL") - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - panic(err) - } - - client, err := azsecrets.NewClient(vaultURL, cred, nil) - if err != nil { - panic(err) - } - - pager := client.ListPropertiesOfSecrets(nil) - for pager.More() { - page, err := pager.NextPage(context.TODO()) - if err != nil { - panic(err) - } - for _, v := range page.Secrets { - fmt.Printf("Secret Name: %s\tSecret Tags: %v\n", *v.ID, v.Tags) - } - } -} -``` +Get started with our [examples](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#pkg-examples). ## Troubleshooting ### Error Handling -All I/O operations will return an `error` that can be investigated to discover more information about the error. In addition, you can investigate the raw response of any response object: -```golang -resp, err := client.GetSecret(context.Background(), "mySecretName", nil) +All methods which send HTTP requests return `*azcore.ResponseError` when these requests fail. `ResponseError` has error details and the raw response from Key Vault. + +```go +import "github.com/Azure/azure-sdk-for-go/sdk/azcore" + +resp, err := client.GetSecret(context.Background(), "secretName", nil) if err != nil { - var httpErr azcore.ResponseError + var httpErr *azcore.ResponseError if errors.As(err, &httpErr) { - // investigate httpErr.RawResponse + // TODO: investigate httpErr + } else { + // TODO: not an HTTP error } } ``` ### Logging -This module uses the classification based logging implementation in `azcore`. To turn on logging set `AZURE_SDK_GO_LOGGING` to `all`. If you only want to include logs for `azsecrets`, you must create your own logger and set the log classification as `LogCredential`. - -To obtain more detailed logging, including request/response bodies and header values, make sure to leave the logger as default or enable the `LogRequest` and/or `LogResponse` classificatons. A logger that only includes credential logs can be like the following: +This module uses the logging implementation in `azcore`. To turn on logging for all Azure SDK modules, set `AZURE_SDK_GO_LOGGING` to `all`. By default the logger writes to stderr. Use the `azcore/log` package to control log output. For example, logging only HTTP request and response events, and printing them to stdout: ```go import azlog "github.com/Azure/azure-sdk-for-go/sdk/azcore/log" -// Set log to output to the console + +// Print log events to stdout azlog.SetListener(func(cls azlog.Event, msg string) { - fmt.Println(msg) + fmt.Println(msg) }) // Includes only requests and responses in credential logs azlog.SetEvents(azlog.EventRequest, azlog.EventResponse) ``` -> CAUTION: logs from credentials contain sensitive information. -> These logs must be protected to avoid compromising account security. - ### Accessing `http.Response` -You can access the raw `*http.Response` returned by the service using the `runtime.WithCaptureResponse` method and a context passed to any client method. + +You can access the raw `*http.Response` returned by Key Vault using the `runtime.WithCaptureResponse` method and a context passed to any client method. ```go import "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" -func main() { - var respFromCtx *http.Response - ctx := runtime.WithCaptureResponse(context.Background(), &respFromCtx) - _, err = client.GetSecret(ctx, "mySecretName", nil) - if err != nil { - panic(err) - } - // Do something with *http.Response - fmt.Println(respFromCtx.StatusCode) +var response *http.Response +ctx := runtime.WithCaptureResponse(context.TODO(), &response) +_, err = client.GetSecret(ctx, "secretName", nil) +if err != nil { + // TODO: handle error } +// TODO: do something with response ``` ### Additional Documentation -For more extensive documentation on Azure Key Vault, see the [API reference documentation][reference_docs]. + +See the [API reference documentation][reference_docs] for complete documentation of this module. ## Contributing + This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com. When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA. This project has adopted the [Microsoft Open Source Code of Conduct][code_of_conduct]. For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact opencode@microsoft.com with any additional questions or comments. -[azure_cloud_shell]: https://shell.azure.com/bash -[azure_core_exceptions]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/core/azure-core#azure-core-library-exceptions -[azure_identity]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity/ -[azidentity_goget]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity +[azure_identity]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity +[azure_keyvault_cli]: https://docs.microsoft.com/azure/key-vault/general/quick-create-cli +[azure_keyvault_portal]: https://docs.microsoft.com/azure/key-vault/general/quick-create-portal [azure_sub]: https://azure.microsoft.com/free/ [code_of_conduct]: https://opensource.microsoft.com/codeofconduct/ -[default_cred_ref]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#NewDefaultAzureCredential +[default_cred_ref]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity#defaultazurecredential [keyvault_docs]: https://docs.microsoft.com/azure/key-vault/ -[rbac_guide]: https://docs.microsoft.com/azure/key-vault/general/rbac-guide -[reference_docs]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets -[secret_client_docs]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets#Client -[secret_client_src]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azsecrets/client.go -[soft_delete]: https://docs.microsoft.com/azure/key-vault/general/soft-delete-overview +[managed_identity]: https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview +[reference_docs]: https://aka.ms/azsdk/go/keyvault-secrets/docs +[client_docs]: https://aka.ms/azsdk/go/keyvault-secrets/docs#Client +[module_source]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azsecrets [secrets_samples]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/keyvault/azsecrets/example_test.go -![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-go%2Fsdk%2Fkeyvault%2Fazsecrets%2FREADME.png) \ No newline at end of file +![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-go%2Fsdk%2Fkeyvault%2Fazsecrets%2FREADME.png) diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/autorest.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/autorest.md index 8ccae37590..d734e33f87 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/autorest.md +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/autorest.md @@ -2,17 +2,100 @@ These settings apply only when `--go` is specified on the command line. -``` yaml +```yaml +clear-output-folder: false +export-clients: true go: true -version: "^3.0.0" -input-file: -- https://github.com/Azure/azure-rest-api-specs/blob/e2ef44b87405b412403ccb005bfb3975411adf60/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.3/secrets.json +input-file: https://github.com/Azure/azure-rest-api-specs/blob/e2ef44b87405b412403ccb005bfb3975411adf60/specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.3/secrets.json license-header: MICROSOFT_MIT_NO_VERSION -clear-output-folder: true -output-folder: internal -tag: package-7.2 -credential-scope: none -use: "@autorest/go@4.0.0-preview.37" -module-version: 0.7.0 -export-clients: true +module: github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets +openapi-type: "data-plane" +output-folder: ../azsecrets +override-client-name: Client +security: "AADToken" +security-scopes: "https://vault.azure.net/.default" +use: "@autorest/go@4.0.0-preview.43" +version: "^3.0.0" + +directive: + # delete unused model + - remove-model: SecretProperties + + # make vault URL a parameter of the client constructor + - from: swagger-document + where: $["x-ms-parameterized-host"] + transform: $.parameters[0]["x-ms-parameter-location"] = "client" + + # rename parameter models to match their methods + - rename-model: + from: SecretRestoreParameters + to: RestoreSecretParameters + - rename-model: + from: SecretSetParameters + to: SetSecretParameters + - rename-model: + from: SecretUpdateParameters + to: UpdateSecretParameters + + # rename paged operations from Get* to List* + - rename-operation: + from: GetDeletedSecrets + to: ListDeletedSecrets + - rename-operation: + from: GetSecrets + to: ListSecrets + - rename-operation: + from: GetSecretVersions + to: ListSecretVersions + + # delete unused error models + - from: models.go + where: $ + transform: return $.replace(/(?:\/\/.*\s)+type (?:Error|KeyVaultError).+\{(?:\s.+\s)+\}\s/g, ""); + - from: models_serde.go + where: $ + transform: return $.replace(/(?:\/\/.*\s)+func \(\w \*?(?:Error|KeyVaultError)\).*\{\s(?:.+\s)+\}\s/g, ""); + + # delete the Attributes model defined in common.json (it's used only with allOf) + - from: models.go + where: $ + transform: return $.replace(/(?:\/\/.*\s)+type Attributes.+\{(?:\s.+\s)+\}\s/g, ""); + - from: models_serde.go + where: $ + transform: return $.replace(/(?:\/\/.*\s)+func \(a \*?Attributes\).*\{\s(?:.+\s)+\}\s/g, ""); + + # delete generated constructor + - from: client.go + where: $ + transform: return $.replace(/(?:\/\/.*\s)+func NewClient.+\{\s(?:.+\s)+\}\s/, ""); + + # delete the version path param check (version == "" is legal for Key Vault but indescribable by OpenAPI) + - from: client.go + where: $ + transform: return $.replace(/\sif secretVersion == "" \{\s+.+secretVersion cannot be empty"\)\s+\}\s/g, ""); + + # delete client name prefix from method options and response types + - from: + - client.go + - models.go + - response_types.go + where: $ + transform: return $.replace(/Client(\w+)((?:Options|Response))/g, "$1$2"); + + # make secret IDs a convenience type so we can add parsing methods + - from: models.go + where: $ + transform: return $.replace(/(\sID \*)string(\s+.*)/g, "$1ID$2") + + # Maxresults -> MaxResults + - from: + - client.go + - models.go + where: $ + transform: return $.replace(/Maxresults/g, "MaxResults") + + # secretName, secretVersion -> name, version + - from: client.go + - where: $ + - transform: return $.replace(/secretName/g, "name").replace(/secretVersion/g, "version") ``` diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/client.go index f87934d0d6..257fb616ce 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/client.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/client.go @@ -3,803 +3,231 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. +// DO NOT EDIT. package azsecrets import ( "context" - "encoding/json" "errors" - "net/http" - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal" - shared "github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal" + "net/http" + "net/url" + "strconv" + "strings" ) -// Client is the struct for interacting with a KeyVault Secrets instance +// Client contains the methods for the Client group. +// Don't use this type directly, use NewClient() instead. type Client struct { - kvClient *internal.KeyVaultClient - vaultUrl string -} - -// ClientOptions are the configurable options on a Client. -type ClientOptions struct { - azcore.ClientOptions -} - -func (c *ClientOptions) toConnectionOptions() *policy.ClientOptions { - if c == nil { - return nil - } - - return &policy.ClientOptions{ - Logging: c.Logging, - Retry: c.Retry, - Telemetry: c.Telemetry, - Transport: c.Transport, - PerCallPolicies: c.PerCallPolicies, - PerRetryPolicies: c.PerRetryPolicies, - } -} - -// NewClient returns a pointer to a Client object affinitized to a vaultUrl. -func NewClient(vaultUrl string, credential azcore.TokenCredential, options *ClientOptions) (*Client, error) { - if options == nil { - options = &ClientOptions{} - } - - conOptions := options.toConnectionOptions() - - conOptions.PerRetryPolicies = append( - conOptions.PerRetryPolicies, - shared.NewKeyVaultChallengePolicy(credential), - ) - - return &Client{ - kvClient: internal.NewKeyVaultClient(conOptions), - vaultUrl: vaultUrl, - }, nil -} - -// VaultURL returns the vault URL string for the client -func (c *Client) VaultURL() string { - return c.vaultUrl -} - -// GetSecretOptions holds the optional parameters for the Client.GetSecret function -type GetSecretOptions struct { - // Version specifies the version of a secret. If unspecified, the most recent version will be returned - Version string -} - -// convert the exposed options struct to the internal one. -func (g *GetSecretOptions) toGenerated() *internal.KeyVaultClientGetSecretOptions { - if g == nil { - return &internal.KeyVaultClientGetSecretOptions{} - } - return &internal.KeyVaultClientGetSecretOptions{} -} - -// GetSecretResponse is the response object for the Client.GetSecret operation -type GetSecretResponse struct { - Secret -} - -func getSecretResponseFromGenerated(i internal.KeyVaultClientGetSecretResponse) GetSecretResponse { - vaultURL, name, version := shared.ParseID(i.ID) - return GetSecretResponse{ - Secret: Secret{ - Properties: &Properties{ - ContentType: i.ContentType, - CreatedOn: i.Attributes.Created, - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - IsManaged: i.Managed, - KeyID: i.Kid, - NotBefore: i.Attributes.NotBefore, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - Tags: convertPtrMap(i.Tags), - UpdatedOn: i.Attributes.Updated, - VaultURL: vaultURL, - Version: version, - Name: name, - }, - ID: i.ID, - Name: name, - Value: i.Value, - }, - } -} - -// GetSecret gets a specified secret from a given key vault. The GET operation is applicable to any secret -// stored in Azure Key Vault. This operation requires the secrets/get permission -func (c *Client) GetSecret(ctx context.Context, name string, options *GetSecretOptions) (GetSecretResponse, error) { - if options == nil { - options = &GetSecretOptions{} + endpoint string + pl runtime.Pipeline +} + +// BackupSecret - Requests that a backup of the specified secret be downloaded to the client. All versions of the secret will +// be downloaded. This operation requires the secrets/backup permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// options - BackupSecretOptions contains the optional parameters for the Client.BackupSecret method. +func (client *Client) BackupSecret(ctx context.Context, name string, options *BackupSecretOptions) (BackupSecretResponse, error) { + req, err := client.backupSecretCreateRequest(ctx, name, options) + if err != nil { + return BackupSecretResponse{}, err } - resp, err := c.kvClient.GetSecret(ctx, c.vaultUrl, name, options.Version, options.toGenerated()) + resp, err := client.pl.Do(req) if err != nil { - return GetSecretResponse{}, err + return BackupSecretResponse{}, err } - return getSecretResponseFromGenerated(resp), nil -} - -// SetSecretOptions contains the optional parameters for a Client.SetSecret operation -type SetSecretOptions struct { - // Type of the secret value such as a password. - ContentType *string `json:"contentType,omitempty"` - - // The secret management attributes. - Properties *Properties `json:"attributes,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]string `json:"tags,omitempty"` -} - -// Convert the exposed struct to the generated code version -func (s *SetSecretOptions) toGenerated() *internal.KeyVaultClientSetSecretOptions { - if s == nil { - return nil - } - return &internal.KeyVaultClientSetSecretOptions{} -} - -// SetSecretResponse is the response struct for the Client.SetSecret operation. -type SetSecretResponse struct { - Secret -} - -// convert generated response to publicly exposed response. -func setSecretResponseFromGenerated(i internal.KeyVaultClientSetSecretResponse) SetSecretResponse { - vaultURL, name, version := shared.ParseID(i.ID) - return SetSecretResponse{ - Secret: Secret{ - Properties: &Properties{ - ContentType: i.ContentType, - CreatedOn: i.Attributes.Created, - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - IsManaged: i.Managed, - KeyID: i.Kid, - NotBefore: i.Attributes.NotBefore, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - Tags: convertPtrMap(i.Tags), - UpdatedOn: i.Attributes.Updated, - VaultURL: vaultURL, - Version: version, - Name: name, - }, - ID: i.ID, - Name: name, - Value: i.Value, - }, + if !runtime.HasStatusCode(resp, http.StatusOK) { + return BackupSecretResponse{}, runtime.NewResponseError(resp) } + return client.backupSecretHandleResponse(resp) } -// SetSecret sets a secret in a specifed key vault. The set operation adds a secret to the Azure Key Vault, if the named secret -// already exists, Azure Key Vault creates a new version of that secret. This operation requires the secrets/set permission. -func (c *Client) SetSecret(ctx context.Context, name string, value string, options *SetSecretOptions) (SetSecretResponse, error) { - if options == nil { - options = &SetSecretOptions{} +// backupSecretCreateRequest creates the BackupSecret request. +func (client *Client) backupSecretCreateRequest(ctx context.Context, name string, options *BackupSecretOptions) (*policy.Request, error) { + urlPath := "/secrets/{secret-name}/backup" + if name == "" { + return nil, errors.New("parameter name cannot be empty") } - var secretAttribs internal.SecretAttributes - if options.Properties != nil { - secretAttribs = *options.Properties.toGenerated() - } - resp, err := c.kvClient.SetSecret(ctx, c.vaultUrl, name, internal.SecretSetParameters{ - Value: &value, - ContentType: options.ContentType, - SecretAttributes: &secretAttribs, - Tags: convertToGeneratedMap(options.Tags), - }, options.toGenerated()) + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.endpoint, urlPath)) if err != nil { - return SetSecretResponse{}, err - } - return setSecretResponseFromGenerated(resp), nil -} - -// DeleteSecretResponse contains the response for a Client.DeleteSecret operation. -type DeleteSecretResponse struct { - DeletedSecret -} - -func deleteSecretResponseFromGenerated(i internal.KeyVaultClientDeleteSecretResponse) DeleteSecretResponse { - vaultURL, name, version := shared.ParseID(i.ID) - return DeleteSecretResponse{ - DeletedSecret: DeletedSecret{ - ID: i.ID, - Name: name, - Properties: &Properties{ - ContentType: i.ContentType, - CreatedOn: i.Attributes.Created, - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - IsManaged: i.Managed, - KeyID: i.Kid, - NotBefore: i.Attributes.NotBefore, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - Tags: convertPtrMap(i.Tags), - UpdatedOn: i.Attributes.Updated, - VaultURL: vaultURL, - Version: version, - Name: name, - }, - RecoveryID: i.RecoveryID, - DeletedOn: i.DeletedDate, - ScheduledPurgeDate: i.ScheduledPurgeDate, - }, + return nil, err } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil } -// BeginDeleteSecretOptions contains the optional parameters for the Client.BeginDeleteSecret method. -type BeginDeleteSecretOptions struct { - // ResumeToken is a string to rehydrate a poller for an operation that has already begun. - ResumeToken *string -} - -// convert public options to generated options struct -func (b *BeginDeleteSecretOptions) toGenerated() *internal.KeyVaultClientDeleteSecretOptions { - return &internal.KeyVaultClientDeleteSecretOptions{} -} - -// DeleteSecretPoller is the poller returned by the Client.StartDeleteSecret operation -type DeleteSecretPoller struct { - secretName string // This is the secret to Poll for in GetDeletedSecret - vaultUrl string - client *internal.KeyVaultClient - deleteResponse internal.KeyVaultClientDeleteSecretResponse - lastResponse internal.KeyVaultClientGetDeletedSecretResponse - rawResponse *http.Response - resumeToken string -} - -// Done returns true if the LRO has reached a terminal state -func (s *DeleteSecretPoller) Done() bool { - if s.rawResponse == nil { - return false - } - return s.rawResponse.StatusCode == http.StatusOK -} - -// Poll fetches the latest state of the LRO. It returns an HTTP response or error.( -// If the LRO has completed successfully, the poller's state is updated and the HTTP response is returned. -// If the LRO has completed with failure or was cancelled, the poller's state is updated and the error is returned.) -func (s *DeleteSecretPoller) Poll(ctx context.Context) (*http.Response, error) { - var rawResp *http.Response - ctx = runtime.WithCaptureResponse(ctx, &rawResp) - resp, err := s.client.GetDeletedSecret(ctx, s.vaultUrl, s.secretName, nil) - if err == nil { - // Service recognizes DeletedSecret, operation is done - s.lastResponse = resp - s.rawResponse = rawResp - return rawResp, nil - } - if rawResp != nil && rawResp.StatusCode == http.StatusNotFound { - // This is the expected result - s.rawResponse = rawResp - return rawResp, nil - } - return rawResp, err -} - -// FinalResponse returns the final response after the operations has finished -func (s *DeleteSecretPoller) FinalResponse(ctx context.Context) (DeleteSecretResponse, error) { - return deleteSecretResponseFromGenerated(s.deleteResponse), nil -} - -// PollUntilDone continually calls the Poll operation until the operation is completed. In between each -// Poll is a wait determined by the t parameter. -func (s *DeleteSecretPoller) PollUntilDone(ctx context.Context, t time.Duration) (DeleteSecretResponse, error) { - for { - resp, err := s.Poll(ctx) - if err != nil { - return DeleteSecretResponse{}, err - } - s.rawResponse = resp - if s.Done() { - break - } - time.Sleep(t) - } - return deleteSecretResponseFromGenerated(s.deleteResponse), nil -} - -// ResumeToken returns a token for resuming polling at a later time -func (s *DeleteSecretPoller) ResumeToken() (string, error) { - return s.resumeToken, nil -} - -// BeginDeleteSecret deletes a secret from the keyvault. Delete cannot be applied to an individual version of a secret. This operation -// requires the secrets/delete permission. This response contains a Poller struct that can be used to Poll for a response, or the -// response PollUntilDone function can be used to poll until completion. -func (c *Client) BeginDeleteSecret(ctx context.Context, name string, options *BeginDeleteSecretOptions) (*DeleteSecretPoller, error) { - if options == nil { - options = &BeginDeleteSecretOptions{} - } - var resumeToken string - var delResp internal.KeyVaultClientDeleteSecretResponse - var err error - if options.ResumeToken == nil { - delResp, err = c.kvClient.DeleteSecret(ctx, c.vaultUrl, name, options.toGenerated()) - if err != nil { - return nil, err - } - - marshalled, err := json.Marshal(delResp) - if err != nil { - return nil, err - } - resumeToken = string(marshalled) - } else { - resumeToken = *options.ResumeToken - err = json.Unmarshal([]byte(resumeToken), &delResp) - if err != nil { - return nil, err - } - } - - getResp, err := c.kvClient.GetDeletedSecret(ctx, c.vaultUrl, name, nil) - var httpErr *azcore.ResponseError - if errors.As(err, &httpErr) { - if httpErr.StatusCode != http.StatusNotFound { - return nil, err - } - } - - return &DeleteSecretPoller{ - vaultUrl: c.vaultUrl, - secretName: name, - client: c.kvClient, - deleteResponse: delResp, - lastResponse: getResp, - resumeToken: resumeToken, - }, nil -} - -// GetDeletedSecretOptions contains the optional parameters for the Client.GetDeletedSecret method. -type GetDeletedSecretOptions struct { - // placeholder for future optional parameters -} - -func (g *GetDeletedSecretOptions) toGenerated() *internal.KeyVaultClientGetDeletedSecretOptions { - return &internal.KeyVaultClientGetDeletedSecretOptions{} -} - -// GetDeletedSecretResponse contains the response struct for the Client.GetDeletedSecret operation. -type GetDeletedSecretResponse struct { - DeletedSecret -} - -// Convert the generated response to the publicly exposed version -func getDeletedSecretResponseFromGenerated(i internal.KeyVaultClientGetDeletedSecretResponse) GetDeletedSecretResponse { - vaultURL, name, version := shared.ParseID(i.ID) - return GetDeletedSecretResponse{ - DeletedSecret: DeletedSecret{ - Properties: &Properties{ - ContentType: i.ContentType, - CreatedOn: i.Attributes.Created, - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - IsManaged: i.Managed, - KeyID: i.Kid, - NotBefore: i.Attributes.NotBefore, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - Tags: convertPtrMap(i.Tags), - UpdatedOn: i.Attributes.Updated, - VaultURL: vaultURL, - Version: version, - Name: name, - }, - ID: i.ID, - Name: name, - RecoveryID: i.RecoveryID, - DeletedOn: i.DeletedDate, - ScheduledPurgeDate: i.ScheduledPurgeDate, - }, +// backupSecretHandleResponse handles the BackupSecret response. +func (client *Client) backupSecretHandleResponse(resp *http.Response) (BackupSecretResponse, error) { + result := BackupSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.BackupSecretResult); err != nil { + return BackupSecretResponse{}, err } + return result, nil } -// GetDeletedSecret gets the specified deleted secret. The operation returns the deleted secret along with its attributes. -// This operation requires the secrets/get permission. -func (c *Client) GetDeletedSecret(ctx context.Context, name string, options *GetDeletedSecretOptions) (GetDeletedSecretResponse, error) { - if options == nil { - options = &GetDeletedSecretOptions{} +// DeleteSecret - The DELETE operation applies to any secret stored in Azure Key Vault. DELETE cannot be applied to an individual +// version of a secret. This operation requires the secrets/delete permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// options - DeleteSecretOptions contains the optional parameters for the Client.DeleteSecret method. +func (client *Client) DeleteSecret(ctx context.Context, name string, options *DeleteSecretOptions) (DeleteSecretResponse, error) { + req, err := client.deleteSecretCreateRequest(ctx, name, options) + if err != nil { + return DeleteSecretResponse{}, err } - resp, err := c.kvClient.GetDeletedSecret(ctx, c.vaultUrl, name, options.toGenerated()) + resp, err := client.pl.Do(req) if err != nil { - return GetDeletedSecretResponse{}, err + return DeleteSecretResponse{}, err } - return getDeletedSecretResponseFromGenerated(resp), nil -} - -// UpdateSecretPropertiesOptions contains the optional parameters for the Client.UpdateSecretProperties method. -type UpdateSecretPropertiesOptions struct { - // placeholder for future optional parameters -} - -// UpdateSecretPropertiesResponse contains the underlying response object for the UpdateSecretProperties method -type UpdateSecretPropertiesResponse struct { - Secret -} - -func updateSecretPropertiesResponseFromGenerated(i internal.KeyVaultClientUpdateSecretResponse) UpdateSecretPropertiesResponse { - vaultURL, name, version := shared.ParseID(i.ID) - return UpdateSecretPropertiesResponse{ - Secret: Secret{ - Properties: &Properties{ - ContentType: i.ContentType, - CreatedOn: i.Attributes.Created, - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - IsManaged: i.Managed, - KeyID: i.Kid, - NotBefore: i.Attributes.NotBefore, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - Tags: convertPtrMap(i.Tags), - UpdatedOn: i.Attributes.Updated, - VaultURL: vaultURL, - Version: version, - Name: name, - }, - ID: i.ID, - Name: name, - Value: i.Value, - }, + if !runtime.HasStatusCode(resp, http.StatusOK) { + return DeleteSecretResponse{}, runtime.NewResponseError(resp) } + return client.deleteSecretHandleResponse(resp) } -// UpdateSecretProperties updates the attributes associated with a specified secret in a given key vault. The update -// operation changes specified attributes of an existing stored secret, attributes that are not specified in the -// request are left unchanged. The value of a secret itself cannot be changed. This operation requires the secrets/set permission. -func (c *Client) UpdateSecretProperties(ctx context.Context, secret Secret, options *UpdateSecretPropertiesOptions) (UpdateSecretPropertiesResponse, error) { - name, version := "", "" - if secret.Properties != nil && secret.Properties.Name != nil { - name = *secret.Properties.Name - } - if secret.Properties != nil && secret.Properties.Version != nil { - version = *secret.Properties.Version +// deleteSecretCreateRequest creates the DeleteSecret request. +func (client *Client) deleteSecretCreateRequest(ctx context.Context, name string, options *DeleteSecretOptions) (*policy.Request, error) { + urlPath := "/secrets/{secret-name}" + if name == "" { + return nil, errors.New("parameter name cannot be empty") } - - resp, err := c.kvClient.UpdateSecret( - ctx, - c.vaultUrl, - name, - version, - secret.toGeneratedProperties(), - &internal.KeyVaultClientUpdateSecretOptions{}, - ) + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.endpoint, urlPath)) if err != nil { - return UpdateSecretPropertiesResponse{}, err + return nil, err } - - return updateSecretPropertiesResponseFromGenerated(resp), err -} - -// BackupSecretOptions contains the optional parameters for the Client.BackupSecret method. -type BackupSecretOptions struct { - // placeholder for future optional parameters -} - -func (b *BackupSecretOptions) toGenerated() *internal.KeyVaultClientBackupSecretOptions { - return &internal.KeyVaultClientBackupSecretOptions{} -} - -// BackupSecretResponse contains the response object for the Client.BackupSecret method. -type BackupSecretResponse struct { - // READ-ONLY; The backup blob containing the backed up secret. - Value []byte `json:"value,omitempty" azure:"ro"` + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil } -// convert generated response to the publicly exposed version. -func backupSecretResponseFromGenerated(i internal.KeyVaultClientBackupSecretResponse) BackupSecretResponse { - return BackupSecretResponse{ - Value: i.Value, +// deleteSecretHandleResponse handles the DeleteSecret response. +func (client *Client) deleteSecretHandleResponse(resp *http.Response) (DeleteSecretResponse, error) { + result := DeleteSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.DeletedSecretBundle); err != nil { + return DeleteSecretResponse{}, err } + return result, nil } -// BackupSecrets backs up the specified secret. Requests that a backup of the specified secret be downloaded to the client. -// All versions of the secret will be downloaded. This operation requires the secrets/backup permission. -func (c *Client) BackupSecret(ctx context.Context, name string, options *BackupSecretOptions) (BackupSecretResponse, error) { - if options == nil { - options = &BackupSecretOptions{} +// GetDeletedSecret - The Get Deleted Secret operation returns the specified deleted secret along with its attributes. This +// operation requires the secrets/get permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// options - GetDeletedSecretOptions contains the optional parameters for the Client.GetDeletedSecret method. +func (client *Client) GetDeletedSecret(ctx context.Context, name string, options *GetDeletedSecretOptions) (GetDeletedSecretResponse, error) { + req, err := client.getDeletedSecretCreateRequest(ctx, name, options) + if err != nil { + return GetDeletedSecretResponse{}, err } - - resp, err := c.kvClient.BackupSecret(ctx, c.vaultUrl, name, options.toGenerated()) + resp, err := client.pl.Do(req) if err != nil { - return BackupSecretResponse{}, err + return GetDeletedSecretResponse{}, err } - - return backupSecretResponseFromGenerated(resp), nil -} - -// RestoreSecretBackupOptions contains the optional parameters for the Client.RestoreSecret method. -type RestoreSecretBackupOptions struct { - // placeholder for future optional parameters -} - -func (r RestoreSecretBackupOptions) toGenerated() *internal.KeyVaultClientRestoreSecretOptions { - return &internal.KeyVaultClientRestoreSecretOptions{} -} - -// RestoreSecretBackupResponse contains the response object for the Client.RestoreSecretBackup operation. -type RestoreSecretBackupResponse struct { - Secret -} - -// converts the generated response to the publicly exposed version. -func restoreSecretBackupResponseFromGenerated(i internal.KeyVaultClientRestoreSecretResponse) RestoreSecretBackupResponse { - vaultURL, name, version := shared.ParseID(i.ID) - return RestoreSecretBackupResponse{ - Secret: Secret{ - ID: i.ID, - Name: name, - Value: i.Value, - Properties: &Properties{ - ContentType: i.ContentType, - CreatedOn: i.Attributes.Created, - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - IsManaged: i.Managed, - KeyID: i.Kid, - NotBefore: i.Attributes.NotBefore, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - Tags: convertPtrMap(i.Tags), - UpdatedOn: i.Attributes.Updated, - VaultURL: vaultURL, - Version: version, - Name: name, - }, - }, + if !runtime.HasStatusCode(resp, http.StatusOK) { + return GetDeletedSecretResponse{}, runtime.NewResponseError(resp) } + return client.getDeletedSecretHandleResponse(resp) } -// RestoreSecretBackup restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore permission. -// The backup parameter is a blob of the secret to restore, this can be received from the Client.BackupSecret function. -func (c *Client) RestoreSecretBackup(ctx context.Context, backup []byte, options *RestoreSecretBackupOptions) (RestoreSecretBackupResponse, error) { - if options == nil { - options = &RestoreSecretBackupOptions{} +// getDeletedSecretCreateRequest creates the GetDeletedSecret request. +func (client *Client) getDeletedSecretCreateRequest(ctx context.Context, name string, options *GetDeletedSecretOptions) (*policy.Request, error) { + urlPath := "/deletedsecrets/{secret-name}" + if name == "" { + return nil, errors.New("parameter name cannot be empty") } - - resp, err := c.kvClient.RestoreSecret(ctx, c.vaultUrl, internal.SecretRestoreParameters{SecretBundleBackup: backup}, options.toGenerated()) + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.endpoint, urlPath)) if err != nil { - return RestoreSecretBackupResponse{}, err - } - - return restoreSecretBackupResponseFromGenerated(resp), nil -} - -// PurgeDeletedSecretOptions is the struct for any future options for Client.PurgeDeletedSecret. -type PurgeDeletedSecretOptions struct { - // placeholder for future optional parameters -} - -func (p *PurgeDeletedSecretOptions) toGenerated() *internal.KeyVaultClientPurgeDeletedSecretOptions { - return &internal.KeyVaultClientPurgeDeletedSecretOptions{} -} - -// PurgeDeletedSecretResponse contains the response from method Client.PurgeDeletedSecret. -type PurgeDeletedSecretResponse struct { - // placeholder for future response fields -} - -// Converts the generated response to the publicly exposed version. -func purgeDeletedSecretResponseFromGenerated(i internal.KeyVaultClientPurgeDeletedSecretResponse) PurgeDeletedSecretResponse { - return PurgeDeletedSecretResponse{} -} - -// PurgeDeletedSecret deletes the specified secret. The purge deleted secret operation removes the secret permanently, without the possibility of recovery. -// This operation can only be enabled on a soft-delete enabled vault. This operation requires the secrets/purge permission. -func (c *Client) PurgeDeletedSecret(ctx context.Context, name string, options *PurgeDeletedSecretOptions) (PurgeDeletedSecretResponse, error) { - if options == nil { - options = &PurgeDeletedSecretOptions{} + return nil, err } - resp, err := c.kvClient.PurgeDeletedSecret(ctx, c.vaultUrl, name, options.toGenerated()) - return purgeDeletedSecretResponseFromGenerated(resp), err + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil } -// RecoverDeletedSecretPoller is the poller returned by Client.BeginRecoverDeletedSecret -type RecoverDeletedSecretPoller struct { - secretName string - vaultUrl string - client *internal.KeyVaultClient - recoverResponse internal.KeyVaultClientRecoverDeletedSecretResponse - lastResponse internal.KeyVaultClientGetSecretResponse - rawResponse *http.Response - resumeToken string -} - -// Done returns true when the polling operation is completed -func (b *RecoverDeletedSecretPoller) Done() bool { - if b.rawResponse == nil { - return false - } - return b.rawResponse.StatusCode == http.StatusOK -} - -// Poll fetches the latest state of the LRO. It returns an HTTP response or error. -// If the LRO has completed successfully, the poller's state is updated and the HTTP response is returned. -// If the LRO has completed with failure or was cancelled, the poller's state is updated and the error is returned. -func (b *RecoverDeletedSecretPoller) Poll(ctx context.Context) (*http.Response, error) { - var rawResp *http.Response - ctx = runtime.WithCaptureResponse(ctx, &rawResp) - resp, err := b.client.GetSecret(ctx, b.vaultUrl, b.secretName, "", nil) - if err == nil { - // secret has been recovered, finish - b.lastResponse = resp - b.rawResponse = rawResp - return b.rawResponse, nil - } - - if rawResp != nil && rawResp.StatusCode == http.StatusNotFound { - // this is the expected response - b.lastResponse = resp - b.rawResponse = rawResp - return b.rawResponse, nil +// getDeletedSecretHandleResponse handles the GetDeletedSecret response. +func (client *Client) getDeletedSecretHandleResponse(resp *http.Response) (GetDeletedSecretResponse, error) { + result := GetDeletedSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.DeletedSecretBundle); err != nil { + return GetDeletedSecretResponse{}, err } - - return rawResp, err -} - -// FinalResponse returns the final response after the operations has finished -func (b *RecoverDeletedSecretPoller) FinalResponse(ctx context.Context) (RecoverDeletedSecretResponse, error) { - return recoverDeletedSecretResponseFromGenerated(b.recoverResponse), nil + return result, nil } -// PollUntilDone continually calls the Poll operation until the operation is completed. In between each -// Poll is a wait determined by the t parameter. -func (b *RecoverDeletedSecretPoller) PollUntilDone(ctx context.Context, t time.Duration) (RecoverDeletedSecretResponse, error) { - for { - resp, err := b.Poll(ctx) - if err != nil { - b.rawResponse = resp - } - if b.Done() { - break - } - b.rawResponse = resp - time.Sleep(t) +// GetSecret - The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get +// permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// version - The version of the secret. This URI fragment is optional. If not specified, the latest version of the secret +// is returned. +// options - GetSecretOptions contains the optional parameters for the Client.GetSecret method. +func (client *Client) GetSecret(ctx context.Context, name string, version string, options *GetSecretOptions) (GetSecretResponse, error) { + req, err := client.getSecretCreateRequest(ctx, name, version, options) + if err != nil { + return GetSecretResponse{}, err } - return recoverDeletedSecretResponseFromGenerated(b.recoverResponse), nil -} - -// ResumeToken returns a token for resuming polling at a later time -func (s *RecoverDeletedSecretPoller) ResumeToken() (string, error) { - return s.resumeToken, nil -} - -// BeginRecoverDeletedSecretOptions contains the optional parameters for the Client.BeginRecoverDeletedSecret operation -type BeginRecoverDeletedSecretOptions struct { - // ResumeToken is a string to rehydrate a poller for an operation that has already begun. - ResumeToken *string -} - -// Convert the publicly exposed options object to the generated version -func (b BeginRecoverDeletedSecretOptions) toGenerated() *internal.KeyVaultClientRecoverDeletedSecretOptions { - return &internal.KeyVaultClientRecoverDeletedSecretOptions{} -} - -// RecoverDeletedSecretResponse is the response object for the Client.RecoverDeletedSecret operation. -type RecoverDeletedSecretResponse struct { - SecretItem -} - -// change recover deleted secret reponse to the generated version. -func recoverDeletedSecretResponseFromGenerated(i internal.KeyVaultClientRecoverDeletedSecretResponse) RecoverDeletedSecretResponse { - var a *Properties - if i.Attributes != nil { - a = &Properties{ - Enabled: i.Attributes.Enabled, - ExpiresOn: i.Attributes.Expires, - NotBefore: i.Attributes.NotBefore, - CreatedOn: i.Attributes.Created, - UpdatedOn: i.Attributes.Updated, - RecoverableDays: i.Attributes.RecoverableDays, - RecoveryLevel: (*string)(i.Attributes.RecoveryLevel), - } + resp, err := client.pl.Do(req) + if err != nil { + return GetSecretResponse{}, err } - - _, name, _ := shared.ParseID(i.ID) - return RecoverDeletedSecretResponse{ - SecretItem: SecretItem{ - Properties: a, - ContentType: i.ContentType, - ID: i.ID, - Name: name, - Tags: convertPtrMap(i.Tags), - IsManaged: i.Managed, - }, + if !runtime.HasStatusCode(resp, http.StatusOK) { + return GetSecretResponse{}, runtime.NewResponseError(resp) } + return client.getSecretHandleResponse(resp) } -// BeginRecoverDeletedSecret recovers the deleted secret in the specified vault to the latest version. -// This operation can only be performed on a soft-delete enabled vault. This operation requires the secrets/recover permission. -func (c *Client) BeginRecoverDeletedSecret(ctx context.Context, name string, options *BeginRecoverDeletedSecretOptions) (*RecoverDeletedSecretPoller, error) { - if options == nil { - options = &BeginRecoverDeletedSecretOptions{} - } - var resumeToken string - var recoverResp internal.KeyVaultClientRecoverDeletedSecretResponse - var err error - if options.ResumeToken == nil { - recoverResp, err = c.kvClient.RecoverDeletedSecret(ctx, c.vaultUrl, name, options.toGenerated()) - if err != nil { - return nil, err - } - - marshalled, err := json.Marshal(recoverResp) - if err != nil { - return nil, err - } - resumeToken = string(marshalled) - } else { - resumeToken = *options.ResumeToken - err = json.Unmarshal([]byte(resumeToken), &recoverResp) - if err != nil { - return nil, err - } +// getSecretCreateRequest creates the GetSecret request. +func (client *Client) getSecretCreateRequest(ctx context.Context, name string, version string, options *GetSecretOptions) (*policy.Request, error) { + urlPath := "/secrets/{secret-name}/{secret-version}" + if name == "" { + return nil, errors.New("parameter name cannot be empty") } - - getResp, err := c.kvClient.GetSecret(ctx, c.vaultUrl, name, "", nil) - var httpErr *azcore.ResponseError - if errors.As(err, &httpErr) { - if httpErr.StatusCode != http.StatusNotFound { - return nil, err - } + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + urlPath = strings.ReplaceAll(urlPath, "{secret-version}", url.PathEscape(version)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err } - - return &RecoverDeletedSecretPoller{ - lastResponse: getResp, - secretName: name, - client: c.kvClient, - vaultUrl: c.vaultUrl, - recoverResponse: recoverResp, - resumeToken: resumeToken, - }, nil -} - -// ListDeletedSecretsResponse holds the data for a single page. -type ListDeletedSecretsResponse struct { - // READ-ONLY; The URL to get the next set of deleted secrets. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` - - // READ-ONLY; A response message containing a list of the deleted secrets in the vault along with a link to the next page of deleted secrets - DeletedSecrets []DeletedSecretItem `json:"value,omitempty" azure:"ro"` + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil } -func listDeletedSecretsPageFromGenerated(g internal.KeyVaultClientGetDeletedSecretsResponse) ListDeletedSecretsResponse { - var items []DeletedSecretItem - - if len(g.DeletedSecretListResult.Value) > 0 { - items = make([]DeletedSecretItem, len(g.DeletedSecretListResult.Value)) - for idx, v := range g.DeletedSecretListResult.Value { - items[idx] = deletedSecretItemFromGenerated(v) - } - } - - return ListDeletedSecretsResponse{ - NextLink: g.NextLink, - DeletedSecrets: items, +// getSecretHandleResponse handles the GetSecret response. +func (client *Client) getSecretHandleResponse(resp *http.Response) (GetSecretResponse, error) { + result := GetSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { + return GetSecretResponse{}, err } + return result, nil } -// ListDeletedSecretsOptions contains the optional parameters for the Client.ListDeletedSecrets operation. -type ListDeletedSecretsOptions struct { - // placeholder for future optional parameters -} - -// ListDeletedSecrets lists all versions of the specified secret. The full secret identifier and attributes are provided -// in the response. No values are returned for the secrets. This operation requires the secrets/list permission. -func (c *Client) ListDeletedSecrets(options *ListDeletedSecretsOptions) *runtime.Pager[ListDeletedSecretsResponse] { +// NewListDeletedSecretsPager - The Get Deleted Secrets operation returns the secrets that have been deleted for a vault enabled +// for soft-delete. This operation requires the secrets/list permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// options - ListDeletedSecretsOptions contains the optional parameters for the Client.ListDeletedSecrets method. +func (client *Client) NewListDeletedSecretsPager(options *ListDeletedSecretsOptions) *runtime.Pager[ListDeletedSecretsResponse] { return runtime.NewPager(runtime.PagingHandler[ListDeletedSecretsResponse]{ More: func(page ListDeletedSecretsResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 @@ -808,147 +236,404 @@ func (c *Client) ListDeletedSecrets(options *ListDeletedSecretsOptions) *runtime var req *policy.Request var err error if page == nil { - req, err = c.kvClient.GetDeletedSecretsCreateRequest(ctx, c.vaultUrl, &internal.KeyVaultClientGetDeletedSecretsOptions{}) + req, err = client.listDeletedSecretsCreateRequest(ctx, options) } else { req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) } if err != nil { return ListDeletedSecretsResponse{}, err } - resp, err := c.kvClient.Pl.Do(req) + resp, err := client.pl.Do(req) if err != nil { return ListDeletedSecretsResponse{}, err } if !runtime.HasStatusCode(resp, http.StatusOK) { return ListDeletedSecretsResponse{}, runtime.NewResponseError(resp) } - genResp, err := c.kvClient.GetDeletedSecretsHandleResponse(resp) - if err != nil { - return ListDeletedSecretsResponse{}, err - } - return listDeletedSecretsPageFromGenerated(genResp), nil + return client.listDeletedSecretsHandleResponse(resp) }, }) } -// ListSecretVersionsOptions contains the options for the ListSecretVersions operations -type ListSecretVersionsOptions struct { - // placeholder for future optional parameters -} - -// ListPropertiesOfSecretVersionsResponse contains response field for ListSecretVersionsPager.NextPage -type ListPropertiesOfSecretVersionsResponse struct { - // READ-ONLY; The URL to get the next set of secrets. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` - - // READ-ONLY; A response message containing a list of secrets in the key vault along with a link to the next page of secrets. - Secrets []SecretItem `json:"value,omitempty" azure:"ro"` +// listDeletedSecretsCreateRequest creates the ListDeletedSecrets request. +func (client *Client) listDeletedSecretsCreateRequest(ctx context.Context, options *ListDeletedSecretsOptions) (*policy.Request, error) { + urlPath := "/deletedsecrets" + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.MaxResults != nil { + reqQP.Set("maxresults", strconv.FormatInt(int64(*options.MaxResults), 10)) + } + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil } -// create ListSecretsPage from generated pager -func listSecretVersionsPageFromGenerated(i internal.KeyVaultClientGetSecretVersionsResponse) ListPropertiesOfSecretVersionsResponse { - var secrets []SecretItem - for _, s := range i.Value { - secrets = append(secrets, secretItemFromGenerated(s)) - } - return ListPropertiesOfSecretVersionsResponse{ - NextLink: i.NextLink, - Secrets: secrets, +// listDeletedSecretsHandleResponse handles the ListDeletedSecrets response. +func (client *Client) listDeletedSecretsHandleResponse(resp *http.Response) (ListDeletedSecretsResponse, error) { + result := ListDeletedSecretsResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.DeletedSecretListResult); err != nil { + return ListDeletedSecretsResponse{}, err } + return result, nil } -// ListPropertiesOfSecretVersions lists all versions of the specified secret. The full secret identifer and -// attributes are provided in the response. No values are returned for the secrets. This operation -// requires the secrets/list permission. -func (c *Client) ListPropertiesOfSecretVersions(name string, options *ListSecretVersionsOptions) *runtime.Pager[ListPropertiesOfSecretVersionsResponse] { - return runtime.NewPager(runtime.PagingHandler[ListPropertiesOfSecretVersionsResponse]{ - More: func(page ListPropertiesOfSecretVersionsResponse) bool { +// NewListSecretVersionsPager - The full secret identifier and attributes are provided in the response. No values are returned +// for the secrets. This operations requires the secrets/list permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// options - ListSecretVersionsOptions contains the optional parameters for the Client.ListSecretVersions method. +func (client *Client) NewListSecretVersionsPager(name string, options *ListSecretVersionsOptions) *runtime.Pager[ListSecretVersionsResponse] { + return runtime.NewPager(runtime.PagingHandler[ListSecretVersionsResponse]{ + More: func(page ListSecretVersionsResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 }, - Fetcher: func(ctx context.Context, page *ListPropertiesOfSecretVersionsResponse) (ListPropertiesOfSecretVersionsResponse, error) { + Fetcher: func(ctx context.Context, page *ListSecretVersionsResponse) (ListSecretVersionsResponse, error) { var req *policy.Request var err error if page == nil { - req, err = c.kvClient.GetSecretVersionsCreateRequest(ctx, c.vaultUrl, name, &internal.KeyVaultClientGetSecretVersionsOptions{}) + req, err = client.listSecretVersionsCreateRequest(ctx, name, options) } else { req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) } if err != nil { - return ListPropertiesOfSecretVersionsResponse{}, err + return ListSecretVersionsResponse{}, err } - resp, err := c.kvClient.Pl.Do(req) + resp, err := client.pl.Do(req) if err != nil { - return ListPropertiesOfSecretVersionsResponse{}, err + return ListSecretVersionsResponse{}, err } if !runtime.HasStatusCode(resp, http.StatusOK) { - return ListPropertiesOfSecretVersionsResponse{}, runtime.NewResponseError(resp) + return ListSecretVersionsResponse{}, runtime.NewResponseError(resp) } - genResp, err := c.kvClient.GetSecretVersionsHandleResponse(resp) - if err != nil { - return ListPropertiesOfSecretVersionsResponse{}, err - } - return listSecretVersionsPageFromGenerated(genResp), nil + return client.listSecretVersionsHandleResponse(resp) }, }) } -// ListSecretsOptions contains the options for the ListSecretVersions operations -type ListSecretsOptions struct { - // placeholder for future optional parameters. -} - -// ListPropertiesOfSecretsResponse contains the current page of results for the Client.ListSecrets operation. -type ListPropertiesOfSecretsResponse struct { - // READ-ONLY; The URL to get the next set of secrets. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` - - // READ-ONLY; A response message containing a list of secrets in the key vault along with a link to the next page of secrets. - Secrets []SecretItem `json:"value,omitempty" azure:"ro"` +// listSecretVersionsCreateRequest creates the ListSecretVersions request. +func (client *Client) listSecretVersionsCreateRequest(ctx context.Context, name string, options *ListSecretVersionsOptions) (*policy.Request, error) { + urlPath := "/secrets/{secret-name}/versions" + if name == "" { + return nil, errors.New("parameter name cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.MaxResults != nil { + reqQP.Set("maxresults", strconv.FormatInt(int64(*options.MaxResults), 10)) + } + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil } -// create a ListSecretsPage from a generated code response -func listSecretsPageFromGenerated(i internal.KeyVaultClientGetSecretsResponse) ListPropertiesOfSecretsResponse { - var secrets []SecretItem - for _, s := range i.Value { - secrets = append(secrets, secretItemFromGenerated(s)) - } - return ListPropertiesOfSecretsResponse{ - NextLink: i.NextLink, - Secrets: secrets, +// listSecretVersionsHandleResponse handles the ListSecretVersions response. +func (client *Client) listSecretVersionsHandleResponse(resp *http.Response) (ListSecretVersionsResponse, error) { + result := ListSecretVersionsResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretListResult); err != nil { + return ListSecretVersionsResponse{}, err } + return result, nil } -// ListPropertiesOfSecrets list all secrets in a specified key vault. The ListPropertiesOfSecrets operation is applicable to the entire vault, -// however, only the base secret identifier and its attributes are provided in the response. Individual -// secret versions are not listed in the response. This operation requires the secrets/list permission. -func (c *Client) ListPropertiesOfSecrets(options *ListSecretsOptions) *runtime.Pager[ListPropertiesOfSecretsResponse] { - return runtime.NewPager(runtime.PagingHandler[ListPropertiesOfSecretsResponse]{ - More: func(page ListPropertiesOfSecretsResponse) bool { +// NewListSecretsPager - The Get Secrets operation is applicable to the entire vault. However, only the base secret identifier +// and its attributes are provided in the response. Individual secret versions are not listed in the +// response. This operation requires the secrets/list permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// options - ListSecretsOptions contains the optional parameters for the Client.ListSecrets method. +func (client *Client) NewListSecretsPager(options *ListSecretsOptions) *runtime.Pager[ListSecretsResponse] { + return runtime.NewPager(runtime.PagingHandler[ListSecretsResponse]{ + More: func(page ListSecretsResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 }, - Fetcher: func(ctx context.Context, page *ListPropertiesOfSecretsResponse) (ListPropertiesOfSecretsResponse, error) { + Fetcher: func(ctx context.Context, page *ListSecretsResponse) (ListSecretsResponse, error) { var req *policy.Request var err error if page == nil { - req, err = c.kvClient.GetSecretsCreateRequest(ctx, c.vaultUrl, &internal.KeyVaultClientGetSecretsOptions{}) + req, err = client.listSecretsCreateRequest(ctx, options) } else { req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) } if err != nil { - return ListPropertiesOfSecretsResponse{}, err + return ListSecretsResponse{}, err } - resp, err := c.kvClient.Pl.Do(req) + resp, err := client.pl.Do(req) if err != nil { - return ListPropertiesOfSecretsResponse{}, err + return ListSecretsResponse{}, err } if !runtime.HasStatusCode(resp, http.StatusOK) { - return ListPropertiesOfSecretsResponse{}, runtime.NewResponseError(resp) + return ListSecretsResponse{}, runtime.NewResponseError(resp) } - genResp, err := c.kvClient.GetSecretsHandleResponse(resp) - if err != nil { - return ListPropertiesOfSecretsResponse{}, err - } - return listSecretsPageFromGenerated(genResp), nil + return client.listSecretsHandleResponse(resp) }, }) } + +// listSecretsCreateRequest creates the ListSecrets request. +func (client *Client) listSecretsCreateRequest(ctx context.Context, options *ListSecretsOptions) (*policy.Request, error) { + urlPath := "/secrets" + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.MaxResults != nil { + reqQP.Set("maxresults", strconv.FormatInt(int64(*options.MaxResults), 10)) + } + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listSecretsHandleResponse handles the ListSecrets response. +func (client *Client) listSecretsHandleResponse(resp *http.Response) (ListSecretsResponse, error) { + result := ListSecretsResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretListResult); err != nil { + return ListSecretsResponse{}, err + } + return result, nil +} + +// PurgeDeletedSecret - The purge deleted secret operation removes the secret permanently, without the possibility of recovery. +// This operation can only be enabled on a soft-delete enabled vault. This operation requires the +// secrets/purge permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// options - PurgeDeletedSecretOptions contains the optional parameters for the Client.PurgeDeletedSecret method. +func (client *Client) PurgeDeletedSecret(ctx context.Context, name string, options *PurgeDeletedSecretOptions) (PurgeDeletedSecretResponse, error) { + req, err := client.purgeDeletedSecretCreateRequest(ctx, name, options) + if err != nil { + return PurgeDeletedSecretResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return PurgeDeletedSecretResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusNoContent) { + return PurgeDeletedSecretResponse{}, runtime.NewResponseError(resp) + } + return PurgeDeletedSecretResponse{}, nil +} + +// purgeDeletedSecretCreateRequest creates the PurgeDeletedSecret request. +func (client *Client) purgeDeletedSecretCreateRequest(ctx context.Context, name string, options *PurgeDeletedSecretOptions) (*policy.Request, error) { + urlPath := "/deletedsecrets/{secret-name}" + if name == "" { + return nil, errors.New("parameter name cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// RecoverDeletedSecret - Recovers the deleted secret in the specified vault. This operation can only be performed on a soft-delete +// enabled vault. This operation requires the secrets/recover permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the deleted secret. +// options - RecoverDeletedSecretOptions contains the optional parameters for the Client.RecoverDeletedSecret method. +func (client *Client) RecoverDeletedSecret(ctx context.Context, name string, options *RecoverDeletedSecretOptions) (RecoverDeletedSecretResponse, error) { + req, err := client.recoverDeletedSecretCreateRequest(ctx, name, options) + if err != nil { + return RecoverDeletedSecretResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return RecoverDeletedSecretResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return RecoverDeletedSecretResponse{}, runtime.NewResponseError(resp) + } + return client.recoverDeletedSecretHandleResponse(resp) +} + +// recoverDeletedSecretCreateRequest creates the RecoverDeletedSecret request. +func (client *Client) recoverDeletedSecretCreateRequest(ctx context.Context, name string, options *RecoverDeletedSecretOptions) (*policy.Request, error) { + urlPath := "/deletedsecrets/{secret-name}/recover" + if name == "" { + return nil, errors.New("parameter name cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// recoverDeletedSecretHandleResponse handles the RecoverDeletedSecret response. +func (client *Client) recoverDeletedSecretHandleResponse(resp *http.Response) (RecoverDeletedSecretResponse, error) { + result := RecoverDeletedSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { + return RecoverDeletedSecretResponse{}, err + } + return result, nil +} + +// RestoreSecret - Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore +// permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// parameters - The parameters to restore the secret. +// options - RestoreSecretOptions contains the optional parameters for the Client.RestoreSecret method. +func (client *Client) RestoreSecret(ctx context.Context, parameters RestoreSecretParameters, options *RestoreSecretOptions) (RestoreSecretResponse, error) { + req, err := client.restoreSecretCreateRequest(ctx, parameters, options) + if err != nil { + return RestoreSecretResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return RestoreSecretResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return RestoreSecretResponse{}, runtime.NewResponseError(resp) + } + return client.restoreSecretHandleResponse(resp) +} + +// restoreSecretCreateRequest creates the RestoreSecret request. +func (client *Client) restoreSecretCreateRequest(ctx context.Context, parameters RestoreSecretParameters, options *RestoreSecretOptions) (*policy.Request, error) { + urlPath := "/secrets/restore" + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// restoreSecretHandleResponse handles the RestoreSecret response. +func (client *Client) restoreSecretHandleResponse(resp *http.Response) (RestoreSecretResponse, error) { + result := RestoreSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { + return RestoreSecretResponse{}, err + } + return result, nil +} + +// SetSecret - The SET operation adds a secret to the Azure Key Vault. If the named secret already exists, Azure Key Vault +// creates a new version of that secret. This operation requires the secrets/set permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// parameters - The parameters for setting the secret. +// options - SetSecretOptions contains the optional parameters for the Client.SetSecret method. +func (client *Client) SetSecret(ctx context.Context, name string, parameters SetSecretParameters, options *SetSecretOptions) (SetSecretResponse, error) { + req, err := client.setSecretCreateRequest(ctx, name, parameters, options) + if err != nil { + return SetSecretResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SetSecretResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return SetSecretResponse{}, runtime.NewResponseError(resp) + } + return client.setSecretHandleResponse(resp) +} + +// setSecretCreateRequest creates the SetSecret request. +func (client *Client) setSecretCreateRequest(ctx context.Context, name string, parameters SetSecretParameters, options *SetSecretOptions) (*policy.Request, error) { + urlPath := "/secrets/{secret-name}" + if name == "" { + return nil, errors.New("parameter name cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// setSecretHandleResponse handles the SetSecret response. +func (client *Client) setSecretHandleResponse(resp *http.Response) (SetSecretResponse, error) { + result := SetSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { + return SetSecretResponse{}, err + } + return result, nil +} + +// UpdateSecret - The UPDATE operation changes specified attributes of an existing stored secret. Attributes that are not +// specified in the request are left unchanged. The value of a secret itself cannot be changed. +// This operation requires the secrets/set permission. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 7.3 +// name - The name of the secret. +// version - The version of the secret. +// parameters - The parameters for update secret operation. +// options - UpdateSecretOptions contains the optional parameters for the Client.UpdateSecret method. +func (client *Client) UpdateSecret(ctx context.Context, name string, version string, parameters UpdateSecretParameters, options *UpdateSecretOptions) (UpdateSecretResponse, error) { + req, err := client.updateSecretCreateRequest(ctx, name, version, parameters, options) + if err != nil { + return UpdateSecretResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return UpdateSecretResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return UpdateSecretResponse{}, runtime.NewResponseError(resp) + } + return client.updateSecretHandleResponse(resp) +} + +// updateSecretCreateRequest creates the UpdateSecret request. +func (client *Client) updateSecretCreateRequest(ctx context.Context, name string, version string, parameters UpdateSecretParameters, options *UpdateSecretOptions) (*policy.Request, error) { + urlPath := "/secrets/{secret-name}/{secret-version}" + if name == "" { + return nil, errors.New("parameter name cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(name)) + urlPath = strings.ReplaceAll(urlPath, "{secret-version}", url.PathEscape(version)) + req, err := runtime.NewRequest(ctx, http.MethodPatch, runtime.JoinPaths(client.endpoint, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "7.3") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// updateSecretHandleResponse handles the UpdateSecret response. +func (client *Client) updateSecretHandleResponse(resp *http.Response) (UpdateSecretResponse, error) { + result := UpdateSecretResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { + return UpdateSecretResponse{}, err + } + return result, nil +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/constants.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/constants.go similarity index 94% rename from vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/constants.go rename to vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/constants.go index fab58abee2..d897d67a12 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/constants.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/constants.go @@ -1,17 +1,13 @@ -//go:build go1.16 -// +build go1.16 +//go:build go1.18 +// +build go1.18 // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. // Code generated by Microsoft (R) AutoRest Code Generator. // Changes may cause incorrect behavior and will be lost if the code is regenerated. +// DO NOT EDIT. -package internal - -const ( - ModuleName = "azsecrets" - ModuleVersion = "v0.7.1" -) +package azsecrets // DeletionRecoveryLevel - Reflects the deletion recovery level currently in effect for secrets in the current vault. If it // contains 'Purgeable', the secret can be permanently deleted by a privileged user; otherwise, only the @@ -65,8 +61,3 @@ func PossibleDeletionRecoveryLevelValues() []DeletionRecoveryLevel { DeletionRecoveryLevelRecoverablePurgeable, } } - -// ToPtr returns a *DeletionRecoveryLevel pointing to the current value. -func (c DeletionRecoveryLevel) ToPtr() *DeletionRecoveryLevel { - return &c -} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/custom_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/custom_client.go new file mode 100644 index 0000000000..4f894b06cf --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/custom_client.go @@ -0,0 +1,60 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. + +package azsecrets + +// this file contains handwritten additions to the generated code + +import ( + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal" +) + +// ClientOptions contains optional settings for Client. +type ClientOptions struct { + azcore.ClientOptions + + // DisableChallengeResourceVerification controls whether the policy requires the + // authentication challenge resource to match the Key Vault or Managed HSM domain. + // See https://aka.ms/azsdk/blog/vault-uri for more information. + DisableChallengeResourceVerification bool +} + +// NewClient creates a client that accesses a Key Vault's secrets. You should validate that +// vaultURL references a valid Key Vault. See https://aka.ms/azsdk/blog/vault-uri for details. +func NewClient(vaultURL string, credential azcore.TokenCredential, options *ClientOptions) (*Client, error) { + if options == nil { + options = &ClientOptions{} + } + authPolicy := internal.NewKeyVaultChallengePolicy( + credential, + &internal.KeyVaultChallengePolicyOptions{ + DisableChallengeResourceVerification: options.DisableChallengeResourceVerification, + }, + ) + pl := runtime.NewPipeline(moduleName, version, runtime.PipelineOptions{PerRetry: []policy.Policy{authPolicy}}, &options.ClientOptions) + return &Client{endpoint: vaultURL, pl: pl}, nil +} + +// ID is a secret's unique ID, containing its name and version. +type ID string + +// Name of the secret. +func (i *ID) Name() string { + _, name, _ := internal.ParseID((*string)(i)) + return *name +} + +// Version of the secret. This returns an empty string when the ID contains no version. +func (i *ID) Version() string { + _, _, version := internal.ParseID((*string)(i)) + if version == nil { + return "" + } + return *version +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/doc.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/doc.go deleted file mode 100644 index 3fdb7edae4..0000000000 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. -/* - -Package azsecrets can be used to access Azure KeyVault Secrets instance. - -Azure KeyVault helps securely store and control access to tokens, passwords, certificates, API -keys, and other secrets. - -A secret consists of a secret value and its associated metadata and management information. This -library library handles secret values as strings, but Azure Key Vault does not store them -as such. For more information about secrets about secrets and how Key Vault stores and manages them, -check out the Key Vault documentation (https://docs.microsoft.com/azure/key-vault/general/about-keys-secrets-certificates). - -*/ - -package azsecrets diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/keyvault_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/keyvault_client.go deleted file mode 100644 index b3b447842b..0000000000 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/keyvault_client.go +++ /dev/null @@ -1,638 +0,0 @@ -//go:build go1.16 -// +build go1.16 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package internal - -import ( - "context" - "errors" - "net/http" - "net/url" - "strconv" - "strings" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" -) - -// KeyVaultClient contains the methods for the KeyVaultClient group. -// Don't use this type directly, use NewKeyVaultClient() instead. -type KeyVaultClient struct { - Pl runtime.Pipeline -} - -// NewKeyVaultClient creates a new instance of KeyVaultClient with the specified values. -// options - pass nil to accept the default values. -func NewKeyVaultClient(options *azcore.ClientOptions) *KeyVaultClient { - if options == nil { - options = &azcore.ClientOptions{} - } - client := &KeyVaultClient{ - Pl: runtime.NewPipeline(ModuleName, ModuleVersion, runtime.PipelineOptions{}, options), - } - return client -} - -// BackupSecret - Requests that a backup of the specified secret be downloaded to the client. All versions of the secret will -// be downloaded. This operation requires the secrets/backup permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// options - KeyVaultClientBackupSecretOptions contains the optional parameters for the KeyVaultClient.BackupSecret method. -func (client *KeyVaultClient) BackupSecret(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientBackupSecretOptions) (KeyVaultClientBackupSecretResponse, error) { - req, err := client.backupSecretCreateRequest(ctx, vaultBaseURL, secretName, options) - if err != nil { - return KeyVaultClientBackupSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientBackupSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientBackupSecretResponse{}, runtime.NewResponseError(resp) - } - return client.backupSecretHandleResponse(resp) -} - -// backupSecretCreateRequest creates the BackupSecret request. -func (client *KeyVaultClient) backupSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientBackupSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/{secret-name}/backup" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// backupSecretHandleResponse handles the BackupSecret response. -func (client *KeyVaultClient) backupSecretHandleResponse(resp *http.Response) (KeyVaultClientBackupSecretResponse, error) { - result := KeyVaultClientBackupSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.BackupSecretResult); err != nil { - return KeyVaultClientBackupSecretResponse{}, err - } - return result, nil -} - -// DeleteSecret - The DELETE operation applies to any secret stored in Azure Key Vault. DELETE cannot be applied to an individual -// version of a secret. This operation requires the secrets/delete permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// options - KeyVaultClientDeleteSecretOptions contains the optional parameters for the KeyVaultClient.DeleteSecret method. -func (client *KeyVaultClient) DeleteSecret(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientDeleteSecretOptions) (KeyVaultClientDeleteSecretResponse, error) { - req, err := client.deleteSecretCreateRequest(ctx, vaultBaseURL, secretName, options) - if err != nil { - return KeyVaultClientDeleteSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientDeleteSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientDeleteSecretResponse{}, runtime.NewResponseError(resp) - } - return client.deleteSecretHandleResponse(resp) -} - -// deleteSecretCreateRequest creates the DeleteSecret request. -func (client *KeyVaultClient) deleteSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientDeleteSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/{secret-name}" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// deleteSecretHandleResponse handles the DeleteSecret response. -func (client *KeyVaultClient) deleteSecretHandleResponse(resp *http.Response) (KeyVaultClientDeleteSecretResponse, error) { - result := KeyVaultClientDeleteSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.DeletedSecretBundle); err != nil { - return KeyVaultClientDeleteSecretResponse{}, err - } - return result, nil -} - -// GetDeletedSecret - The Get Deleted Secret operation returns the specified deleted secret along with its attributes. This -// operation requires the secrets/get permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// options - KeyVaultClientGetDeletedSecretOptions contains the optional parameters for the KeyVaultClient.GetDeletedSecret -// method. -func (client *KeyVaultClient) GetDeletedSecret(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientGetDeletedSecretOptions) (KeyVaultClientGetDeletedSecretResponse, error) { - req, err := client.getDeletedSecretCreateRequest(ctx, vaultBaseURL, secretName, options) - if err != nil { - return KeyVaultClientGetDeletedSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientGetDeletedSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientGetDeletedSecretResponse{}, runtime.NewResponseError(resp) - } - return client.getDeletedSecretHandleResponse(resp) -} - -// getDeletedSecretCreateRequest creates the GetDeletedSecret request. -func (client *KeyVaultClient) getDeletedSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientGetDeletedSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/deletedsecrets/{secret-name}" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// getDeletedSecretHandleResponse handles the GetDeletedSecret response. -func (client *KeyVaultClient) getDeletedSecretHandleResponse(resp *http.Response) (KeyVaultClientGetDeletedSecretResponse, error) { - result := KeyVaultClientGetDeletedSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.DeletedSecretBundle); err != nil { - return KeyVaultClientGetDeletedSecretResponse{}, err - } - return result, nil -} - -// GetDeletedSecrets - The Get Deleted Secrets operation returns the secrets that have been deleted for a vault enabled for -// soft-delete. This operation requires the secrets/list permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// options - KeyVaultClientGetDeletedSecretsOptions contains the optional parameters for the KeyVaultClient.GetDeletedSecrets -// method. -func (client *KeyVaultClient) GetDeletedSecrets(vaultBaseURL string, options *KeyVaultClientGetDeletedSecretsOptions) *KeyVaultClientGetDeletedSecretsPager { - return &KeyVaultClientGetDeletedSecretsPager{ - client: client, - requester: func(ctx context.Context) (*policy.Request, error) { - return client.GetDeletedSecretsCreateRequest(ctx, vaultBaseURL, options) - }, - advancer: func(ctx context.Context, resp KeyVaultClientGetDeletedSecretsResponse) (*policy.Request, error) { - return runtime.NewRequest(ctx, http.MethodGet, *resp.DeletedSecretListResult.NextLink) - }, - } -} - -// GetDeletedSecretsCreateRequest creates the GetDeletedSecrets request. -func (client *KeyVaultClient) GetDeletedSecretsCreateRequest(ctx context.Context, vaultBaseURL string, options *KeyVaultClientGetDeletedSecretsOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/deletedsecrets" - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - if options != nil && options.Maxresults != nil { - reqQP.Set("maxresults", strconv.FormatInt(int64(*options.Maxresults), 10)) - } - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// GetDeletedSecretsHandleResponse handles the GetDeletedSecrets response. -func (client *KeyVaultClient) GetDeletedSecretsHandleResponse(resp *http.Response) (KeyVaultClientGetDeletedSecretsResponse, error) { - result := KeyVaultClientGetDeletedSecretsResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.DeletedSecretListResult); err != nil { - return KeyVaultClientGetDeletedSecretsResponse{}, err - } - return result, nil -} - -// GetSecret - The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get -// permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// secretVersion - The version of the secret. This URI fragment is optional. If not specified, the latest version of the secret -// is returned. -// options - KeyVaultClientGetSecretOptions contains the optional parameters for the KeyVaultClient.GetSecret method. -func (client *KeyVaultClient) GetSecret(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string, options *KeyVaultClientGetSecretOptions) (KeyVaultClientGetSecretResponse, error) { - req, err := client.getSecretCreateRequest(ctx, vaultBaseURL, secretName, secretVersion, options) - if err != nil { - return KeyVaultClientGetSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientGetSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientGetSecretResponse{}, runtime.NewResponseError(resp) - } - return client.getSecretHandleResponse(resp) -} - -// getSecretCreateRequest creates the GetSecret request. -func (client *KeyVaultClient) getSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string, options *KeyVaultClientGetSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/{secret-name}/{secret-version}" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - // if secretVersion == "" { - // return nil, errors.New("parameter secretVersion cannot be empty") - // } - urlPath = strings.ReplaceAll(urlPath, "{secret-version}", url.PathEscape(secretVersion)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// getSecretHandleResponse handles the GetSecret response. -func (client *KeyVaultClient) getSecretHandleResponse(resp *http.Response) (KeyVaultClientGetSecretResponse, error) { - result := KeyVaultClientGetSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { - return KeyVaultClientGetSecretResponse{}, err - } - return result, nil -} - -// GetSecretVersions - The full secret identifier and attributes are provided in the response. No values are returned for -// the secrets. This operations requires the secrets/list permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// options - KeyVaultClientGetSecretVersionsOptions contains the optional parameters for the KeyVaultClient.GetSecretVersions -// method. -func (client *KeyVaultClient) GetSecretVersions(vaultBaseURL string, secretName string, options *KeyVaultClientGetSecretVersionsOptions) *KeyVaultClientGetSecretVersionsPager { - return &KeyVaultClientGetSecretVersionsPager{ - client: client, - requester: func(ctx context.Context) (*policy.Request, error) { - return client.GetSecretVersionsCreateRequest(ctx, vaultBaseURL, secretName, options) - }, - advancer: func(ctx context.Context, resp KeyVaultClientGetSecretVersionsResponse) (*policy.Request, error) { - return runtime.NewRequest(ctx, http.MethodGet, *resp.SecretListResult.NextLink) - }, - } -} - -// GetSecretVersionsCreateRequest creates the GetSecretVersions request. -func (client *KeyVaultClient) GetSecretVersionsCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientGetSecretVersionsOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/{secret-name}/versions" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - if options != nil && options.Maxresults != nil { - reqQP.Set("maxresults", strconv.FormatInt(int64(*options.Maxresults), 10)) - } - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// GetSecretVersionsHandleResponse handles the GetSecretVersions response. -func (client *KeyVaultClient) GetSecretVersionsHandleResponse(resp *http.Response) (KeyVaultClientGetSecretVersionsResponse, error) { - result := KeyVaultClientGetSecretVersionsResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretListResult); err != nil { - return KeyVaultClientGetSecretVersionsResponse{}, err - } - return result, nil -} - -// GetSecrets - The Get Secrets operation is applicable to the entire vault. However, only the base secret identifier and -// its attributes are provided in the response. Individual secret versions are not listed in the -// response. This operation requires the secrets/list permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// options - KeyVaultClientGetSecretsOptions contains the optional parameters for the KeyVaultClient.GetSecrets method. -func (client *KeyVaultClient) GetSecrets(vaultBaseURL string, options *KeyVaultClientGetSecretsOptions) *KeyVaultClientGetSecretsPager { - return &KeyVaultClientGetSecretsPager{ - client: client, - requester: func(ctx context.Context) (*policy.Request, error) { - return client.GetSecretsCreateRequest(ctx, vaultBaseURL, options) - }, - advancer: func(ctx context.Context, resp KeyVaultClientGetSecretsResponse) (*policy.Request, error) { - return runtime.NewRequest(ctx, http.MethodGet, *resp.SecretListResult.NextLink) - }, - } -} - -// GetSecretsCreateRequest creates the GetSecrets request. -func (client *KeyVaultClient) GetSecretsCreateRequest(ctx context.Context, vaultBaseURL string, options *KeyVaultClientGetSecretsOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets" - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - if options != nil && options.Maxresults != nil { - reqQP.Set("maxresults", strconv.FormatInt(int64(*options.Maxresults), 10)) - } - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// GetSecretsHandleResponse handles the GetSecrets response. -func (client *KeyVaultClient) GetSecretsHandleResponse(resp *http.Response) (KeyVaultClientGetSecretsResponse, error) { - result := KeyVaultClientGetSecretsResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretListResult); err != nil { - return KeyVaultClientGetSecretsResponse{}, err - } - return result, nil -} - -// PurgeDeletedSecret - The purge deleted secret operation removes the secret permanently, without the possibility of recovery. -// This operation can only be enabled on a soft-delete enabled vault. This operation requires the -// secrets/purge permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// options - KeyVaultClientPurgeDeletedSecretOptions contains the optional parameters for the KeyVaultClient.PurgeDeletedSecret -// method. -func (client *KeyVaultClient) PurgeDeletedSecret(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientPurgeDeletedSecretOptions) (KeyVaultClientPurgeDeletedSecretResponse, error) { - req, err := client.purgeDeletedSecretCreateRequest(ctx, vaultBaseURL, secretName, options) - if err != nil { - return KeyVaultClientPurgeDeletedSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientPurgeDeletedSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusNoContent) { - return KeyVaultClientPurgeDeletedSecretResponse{}, runtime.NewResponseError(resp) - } - return KeyVaultClientPurgeDeletedSecretResponse{}, nil -} - -// purgeDeletedSecretCreateRequest creates the PurgeDeletedSecret request. -func (client *KeyVaultClient) purgeDeletedSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientPurgeDeletedSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/deletedsecrets/{secret-name}" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// RecoverDeletedSecret - Recovers the deleted secret in the specified vault. This operation can only be performed on a soft-delete -// enabled vault. This operation requires the secrets/recover permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the deleted secret. -// options - KeyVaultClientRecoverDeletedSecretOptions contains the optional parameters for the KeyVaultClient.RecoverDeletedSecret -// method. -func (client *KeyVaultClient) RecoverDeletedSecret(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientRecoverDeletedSecretOptions) (KeyVaultClientRecoverDeletedSecretResponse, error) { - req, err := client.recoverDeletedSecretCreateRequest(ctx, vaultBaseURL, secretName, options) - if err != nil { - return KeyVaultClientRecoverDeletedSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientRecoverDeletedSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientRecoverDeletedSecretResponse{}, runtime.NewResponseError(resp) - } - return client.recoverDeletedSecretHandleResponse(resp) -} - -// recoverDeletedSecretCreateRequest creates the RecoverDeletedSecret request. -func (client *KeyVaultClient) recoverDeletedSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, options *KeyVaultClientRecoverDeletedSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/deletedsecrets/{secret-name}/recover" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, nil -} - -// recoverDeletedSecretHandleResponse handles the RecoverDeletedSecret response. -func (client *KeyVaultClient) recoverDeletedSecretHandleResponse(resp *http.Response) (KeyVaultClientRecoverDeletedSecretResponse, error) { - result := KeyVaultClientRecoverDeletedSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { - return KeyVaultClientRecoverDeletedSecretResponse{}, err - } - return result, nil -} - -// RestoreSecret - Restores a backed up secret, and all its versions, to a vault. This operation requires the secrets/restore -// permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// parameters - The parameters to restore the secret. -// options - KeyVaultClientRestoreSecretOptions contains the optional parameters for the KeyVaultClient.RestoreSecret method. -func (client *KeyVaultClient) RestoreSecret(ctx context.Context, vaultBaseURL string, parameters SecretRestoreParameters, options *KeyVaultClientRestoreSecretOptions) (KeyVaultClientRestoreSecretResponse, error) { - req, err := client.restoreSecretCreateRequest(ctx, vaultBaseURL, parameters, options) - if err != nil { - return KeyVaultClientRestoreSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientRestoreSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientRestoreSecretResponse{}, runtime.NewResponseError(resp) - } - return client.restoreSecretHandleResponse(resp) -} - -// restoreSecretCreateRequest creates the RestoreSecret request. -func (client *KeyVaultClient) restoreSecretCreateRequest(ctx context.Context, vaultBaseURL string, parameters SecretRestoreParameters, options *KeyVaultClientRestoreSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/restore" - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, runtime.MarshalAsJSON(req, parameters) -} - -// restoreSecretHandleResponse handles the RestoreSecret response. -func (client *KeyVaultClient) restoreSecretHandleResponse(resp *http.Response) (KeyVaultClientRestoreSecretResponse, error) { - result := KeyVaultClientRestoreSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { - return KeyVaultClientRestoreSecretResponse{}, err - } - return result, nil -} - -// SetSecret - The SET operation adds a secret to the Azure Key Vault. If the named secret already exists, Azure Key Vault -// creates a new version of that secret. This operation requires the secrets/set permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// parameters - The parameters for setting the secret. -// options - KeyVaultClientSetSecretOptions contains the optional parameters for the KeyVaultClient.SetSecret method. -func (client *KeyVaultClient) SetSecret(ctx context.Context, vaultBaseURL string, secretName string, parameters SecretSetParameters, options *KeyVaultClientSetSecretOptions) (KeyVaultClientSetSecretResponse, error) { - req, err := client.setSecretCreateRequest(ctx, vaultBaseURL, secretName, parameters, options) - if err != nil { - return KeyVaultClientSetSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientSetSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientSetSecretResponse{}, runtime.NewResponseError(resp) - } - return client.setSecretHandleResponse(resp) -} - -// setSecretCreateRequest creates the SetSecret request. -func (client *KeyVaultClient) setSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, parameters SecretSetParameters, options *KeyVaultClientSetSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/{secret-name}" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, runtime.MarshalAsJSON(req, parameters) -} - -// setSecretHandleResponse handles the SetSecret response. -func (client *KeyVaultClient) setSecretHandleResponse(resp *http.Response) (KeyVaultClientSetSecretResponse, error) { - result := KeyVaultClientSetSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { - return KeyVaultClientSetSecretResponse{}, err - } - return result, nil -} - -// UpdateSecret - The UPDATE operation changes specified attributes of an existing stored secret. Attributes that are not -// specified in the request are left unchanged. The value of a secret itself cannot be changed. -// This operation requires the secrets/set permission. -// If the operation fails it returns an *azcore.ResponseError type. -// vaultBaseURL - The vault name, for example https://myvault.vault.azure.net. -// secretName - The name of the secret. -// secretVersion - The version of the secret. -// parameters - The parameters for update secret operation. -// options - KeyVaultClientUpdateSecretOptions contains the optional parameters for the KeyVaultClient.UpdateSecret method. -func (client *KeyVaultClient) UpdateSecret(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string, parameters SecretUpdateParameters, options *KeyVaultClientUpdateSecretOptions) (KeyVaultClientUpdateSecretResponse, error) { - req, err := client.updateSecretCreateRequest(ctx, vaultBaseURL, secretName, secretVersion, parameters, options) - if err != nil { - return KeyVaultClientUpdateSecretResponse{}, err - } - resp, err := client.Pl.Do(req) - if err != nil { - return KeyVaultClientUpdateSecretResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - return KeyVaultClientUpdateSecretResponse{}, runtime.NewResponseError(resp) - } - return client.updateSecretHandleResponse(resp) -} - -// updateSecretCreateRequest creates the UpdateSecret request. -func (client *KeyVaultClient) updateSecretCreateRequest(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string, parameters SecretUpdateParameters, options *KeyVaultClientUpdateSecretOptions) (*policy.Request, error) { - host := "{vaultBaseUrl}" - host = strings.ReplaceAll(host, "{vaultBaseUrl}", vaultBaseURL) - urlPath := "/secrets/{secret-name}/{secret-version}" - if secretName == "" { - return nil, errors.New("parameter secretName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{secret-name}", url.PathEscape(secretName)) - // if secretVersion == "" { - // return nil, errors.New("parameter secretVersion cannot be empty") - // } - urlPath = strings.ReplaceAll(urlPath, "{secret-version}", url.PathEscape(secretVersion)) - req, err := runtime.NewRequest(ctx, http.MethodPatch, runtime.JoinPaths(host, urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "7.3") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header.Set("Accept", "application/json") - return req, runtime.MarshalAsJSON(req, parameters) -} - -// updateSecretHandleResponse handles the UpdateSecret response. -func (client *KeyVaultClient) updateSecretHandleResponse(resp *http.Response) (KeyVaultClientUpdateSecretResponse, error) { - result := KeyVaultClientUpdateSecretResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SecretBundle); err != nil { - return KeyVaultClientUpdateSecretResponse{}, err - } - return result, nil -} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/models.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/models.go deleted file mode 100644 index 423b711bdc..0000000000 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/models.go +++ /dev/null @@ -1,310 +0,0 @@ -//go:build go1.16 -// +build go1.16 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package internal - -import "time" - -// Attributes - The object attributes managed by the KeyVault service. -type Attributes struct { - // Determines whether the object is enabled. - Enabled *bool `json:"enabled,omitempty"` - - // Expiry date in UTC. - Expires *time.Time `json:"exp,omitempty"` - - // Not before date in UTC. - NotBefore *time.Time `json:"nbf,omitempty"` - - // READ-ONLY; Creation time in UTC. - Created *time.Time `json:"created,omitempty" azure:"ro"` - - // READ-ONLY; Last updated time in UTC. - Updated *time.Time `json:"updated,omitempty" azure:"ro"` -} - -// BackupSecretResult - The backup secret result, containing the backup blob. -type BackupSecretResult struct { - // READ-ONLY; The backup blob containing the backed up secret. - Value []byte `json:"value,omitempty" azure:"ro"` -} - -// DeletedSecretBundle - A Deleted Secret consisting of its previous id, attributes and its tags, as well as information on -// when it will be purged. -type DeletedSecretBundle struct { - // The secret management attributes. - Attributes *SecretAttributes `json:"attributes,omitempty"` - - // The content type of the secret. - ContentType *string `json:"contentType,omitempty"` - - // The secret id. - ID *string `json:"id,omitempty"` - - // The url of the recovery object, used to identify and recover the deleted secret. - RecoveryID *string `json:"recoveryId,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]*string `json:"tags,omitempty"` - - // The secret value. - Value *string `json:"value,omitempty"` - - // READ-ONLY; The time when the secret was deleted, in UTC - DeletedDate *time.Time `json:"deletedDate,omitempty" azure:"ro"` - - // READ-ONLY; If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV - // certificate. - Kid *string `json:"kid,omitempty" azure:"ro"` - - // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed - // will be true. - Managed *bool `json:"managed,omitempty" azure:"ro"` - - // READ-ONLY; The time when the secret is scheduled to be purged, in UTC - ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"` -} - -// DeletedSecretItem - The deleted secret item containing metadata about the deleted secret. -type DeletedSecretItem struct { - // The secret management attributes. - Attributes *SecretAttributes `json:"attributes,omitempty"` - - // Type of the secret value such as a password. - ContentType *string `json:"contentType,omitempty"` - - // Secret identifier. - ID *string `json:"id,omitempty"` - - // The url of the recovery object, used to identify and recover the deleted secret. - RecoveryID *string `json:"recoveryId,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]*string `json:"tags,omitempty"` - - // READ-ONLY; The time when the secret was deleted, in UTC - DeletedDate *time.Time `json:"deletedDate,omitempty" azure:"ro"` - - // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a key backing a certificate, then managed - // will be true. - Managed *bool `json:"managed,omitempty" azure:"ro"` - - // READ-ONLY; The time when the secret is scheduled to be purged, in UTC - ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"` -} - -// DeletedSecretListResult - The deleted secret list result -type DeletedSecretListResult struct { - // READ-ONLY; The URL to get the next set of deleted secrets. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` - - // READ-ONLY; A response message containing a list of the deleted secrets in the vault along with a link to the next page - // of deleted secrets - Value []*DeletedSecretItem `json:"value,omitempty" azure:"ro"` -} - -// Error - The key vault server error. -type Error struct { - // READ-ONLY; The error code. - Code *string `json:"code,omitempty" azure:"ro"` - - // READ-ONLY; The key vault server error. - InnerError *Error `json:"innererror,omitempty" azure:"ro"` - - // READ-ONLY; The error message. - Message *string `json:"message,omitempty" azure:"ro"` -} - -// KeyVaultClientBackupSecretOptions contains the optional parameters for the KeyVaultClient.BackupSecret method. -type KeyVaultClientBackupSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientDeleteSecretOptions contains the optional parameters for the KeyVaultClient.DeleteSecret method. -type KeyVaultClientDeleteSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientGetDeletedSecretOptions contains the optional parameters for the KeyVaultClient.GetDeletedSecret method. -type KeyVaultClientGetDeletedSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientGetDeletedSecretsOptions contains the optional parameters for the KeyVaultClient.GetDeletedSecrets method. -type KeyVaultClientGetDeletedSecretsOptions struct { - // Maximum number of results to return in a page. If not specified the service will return up to 25 results. - Maxresults *int32 -} - -// KeyVaultClientGetSecretOptions contains the optional parameters for the KeyVaultClient.GetSecret method. -type KeyVaultClientGetSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientGetSecretVersionsOptions contains the optional parameters for the KeyVaultClient.GetSecretVersions method. -type KeyVaultClientGetSecretVersionsOptions struct { - // Maximum number of results to return in a page. If not specified, the service will return up to 25 results. - Maxresults *int32 -} - -// KeyVaultClientGetSecretsOptions contains the optional parameters for the KeyVaultClient.GetSecrets method. -type KeyVaultClientGetSecretsOptions struct { - // Maximum number of results to return in a page. If not specified, the service will return up to 25 results. - Maxresults *int32 -} - -// KeyVaultClientPurgeDeletedSecretOptions contains the optional parameters for the KeyVaultClient.PurgeDeletedSecret method. -type KeyVaultClientPurgeDeletedSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientRecoverDeletedSecretOptions contains the optional parameters for the KeyVaultClient.RecoverDeletedSecret -// method. -type KeyVaultClientRecoverDeletedSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientRestoreSecretOptions contains the optional parameters for the KeyVaultClient.RestoreSecret method. -type KeyVaultClientRestoreSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientSetSecretOptions contains the optional parameters for the KeyVaultClient.SetSecret method. -type KeyVaultClientSetSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultClientUpdateSecretOptions contains the optional parameters for the KeyVaultClient.UpdateSecret method. -type KeyVaultClientUpdateSecretOptions struct { - // placeholder for future optional parameters -} - -// KeyVaultError - The key vault error exception. -type KeyVaultError struct { - // READ-ONLY; The key vault server error. - Error *Error `json:"error,omitempty" azure:"ro"` -} - -// SecretAttributes - The secret management attributes. -type SecretAttributes struct { - // Determines whether the object is enabled. - Enabled *bool `json:"enabled,omitempty"` - - // Expiry date in UTC. - Expires *time.Time `json:"exp,omitempty"` - - // Not before date in UTC. - NotBefore *time.Time `json:"nbf,omitempty"` - - // READ-ONLY; Creation time in UTC. - Created *time.Time `json:"created,omitempty" azure:"ro"` - - // READ-ONLY; softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. - RecoverableDays *int32 `json:"recoverableDays,omitempty" azure:"ro"` - - // READ-ONLY; Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', - // the secret can be permanently deleted by a privileged user; otherwise, only the - // system can purge the secret, at the end of the retention interval. - RecoveryLevel *DeletionRecoveryLevel `json:"recoveryLevel,omitempty" azure:"ro"` - - // READ-ONLY; Last updated time in UTC. - Updated *time.Time `json:"updated,omitempty" azure:"ro"` -} - -// SecretBundle - A secret consisting of a value, id and its attributes. -type SecretBundle struct { - // The secret management attributes. - Attributes *SecretAttributes `json:"attributes,omitempty"` - - // The content type of the secret. - ContentType *string `json:"contentType,omitempty"` - - // The secret id. - ID *string `json:"id,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]*string `json:"tags,omitempty"` - - // The secret value. - Value *string `json:"value,omitempty"` - - // READ-ONLY; If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV - // certificate. - Kid *string `json:"kid,omitempty" azure:"ro"` - - // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed - // will be true. - Managed *bool `json:"managed,omitempty" azure:"ro"` -} - -// SecretItem - The secret item containing secret metadata. -type SecretItem struct { - // The secret management attributes. - Attributes *SecretAttributes `json:"attributes,omitempty"` - - // Type of the secret value such as a password. - ContentType *string `json:"contentType,omitempty"` - - // Secret identifier. - ID *string `json:"id,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]*string `json:"tags,omitempty"` - - // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a key backing a certificate, then managed - // will be true. - Managed *bool `json:"managed,omitempty" azure:"ro"` -} - -// SecretListResult - The secret list result. -type SecretListResult struct { - // READ-ONLY; The URL to get the next set of secrets. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` - - // READ-ONLY; A response message containing a list of secrets in the key vault along with a link to the next page of secrets. - Value []*SecretItem `json:"value,omitempty" azure:"ro"` -} - -// SecretProperties - Properties of the key backing a certificate. -type SecretProperties struct { - // The media type (MIME type). - ContentType *string `json:"contentType,omitempty"` -} - -// SecretRestoreParameters - The secret restore parameters. -type SecretRestoreParameters struct { - // REQUIRED; The backup blob associated with a secret bundle. - SecretBundleBackup []byte `json:"value,omitempty"` -} - -// SecretSetParameters - The secret set parameters. -type SecretSetParameters struct { - // REQUIRED; The value of the secret. - Value *string `json:"value,omitempty"` - - // Type of the secret value such as a password. - ContentType *string `json:"contentType,omitempty"` - - // The secret management attributes. - SecretAttributes *SecretAttributes `json:"attributes,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]*string `json:"tags,omitempty"` -} - -// SecretUpdateParameters - The secret update parameters. -type SecretUpdateParameters struct { - // Type of the secret value such as a password. - ContentType *string `json:"contentType,omitempty"` - - // The secret management attributes. - SecretAttributes *SecretAttributes `json:"attributes,omitempty"` - - // Application specific metadata in the form of key-value pairs. - Tags map[string]*string `json:"tags,omitempty"` -} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/pagers.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/pagers.go deleted file mode 100644 index 5d2926e18e..0000000000 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/pagers.go +++ /dev/null @@ -1,165 +0,0 @@ -//go:build go1.16 -// +build go1.16 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package internal - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "reflect" -) - -// KeyVaultClientGetDeletedSecretsPager provides operations for iterating over paged responses. -type KeyVaultClientGetDeletedSecretsPager struct { - client *KeyVaultClient - current KeyVaultClientGetDeletedSecretsResponse - requester func(context.Context) (*policy.Request, error) - advancer func(context.Context, KeyVaultClientGetDeletedSecretsResponse) (*policy.Request, error) -} - -// More returns true if there are more pages to retrieve. -func (p *KeyVaultClientGetDeletedSecretsPager) More() bool { - if !reflect.ValueOf(p.current).IsZero() { - if p.current.DeletedSecretListResult.NextLink == nil || len(*p.current.DeletedSecretListResult.NextLink) == 0 { - return false - } - } - return true -} - -// NextPage advances the pager to the next page. -func (p *KeyVaultClientGetDeletedSecretsPager) NextPage(ctx context.Context) (KeyVaultClientGetDeletedSecretsResponse, error) { - var req *policy.Request - var err error - if !reflect.ValueOf(p.current).IsZero() { - if !p.More() { - return KeyVaultClientGetDeletedSecretsResponse{}, errors.New("no more pages") - } - req, err = p.advancer(ctx, p.current) - } else { - req, err = p.requester(ctx) - } - if err != nil { - return KeyVaultClientGetDeletedSecretsResponse{}, err - } - resp, err := p.client.Pl.Do(req) - if err != nil { - return KeyVaultClientGetDeletedSecretsResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - - return KeyVaultClientGetDeletedSecretsResponse{}, runtime.NewResponseError(resp) - } - result, err := p.client.GetDeletedSecretsHandleResponse(resp) - if err != nil { - return KeyVaultClientGetDeletedSecretsResponse{}, err - } - p.current = result - return p.current, nil -} - -// KeyVaultClientGetSecretVersionsPager provides operations for iterating over paged responses. -type KeyVaultClientGetSecretVersionsPager struct { - client *KeyVaultClient - current KeyVaultClientGetSecretVersionsResponse - requester func(context.Context) (*policy.Request, error) - advancer func(context.Context, KeyVaultClientGetSecretVersionsResponse) (*policy.Request, error) -} - -// More returns true if there are more pages to retrieve. -func (p *KeyVaultClientGetSecretVersionsPager) More() bool { - if !reflect.ValueOf(p.current).IsZero() { - if p.current.SecretListResult.NextLink == nil || len(*p.current.SecretListResult.NextLink) == 0 { - return false - } - } - return true -} - -// NextPage advances the pager to the next page. -func (p *KeyVaultClientGetSecretVersionsPager) NextPage(ctx context.Context) (KeyVaultClientGetSecretVersionsResponse, error) { - var req *policy.Request - var err error - if !reflect.ValueOf(p.current).IsZero() { - if !p.More() { - return KeyVaultClientGetSecretVersionsResponse{}, errors.New("no more pages") - } - req, err = p.advancer(ctx, p.current) - } else { - req, err = p.requester(ctx) - } - if err != nil { - return KeyVaultClientGetSecretVersionsResponse{}, err - } - resp, err := p.client.Pl.Do(req) - if err != nil { - return KeyVaultClientGetSecretVersionsResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - - return KeyVaultClientGetSecretVersionsResponse{}, runtime.NewResponseError(resp) - } - result, err := p.client.GetSecretVersionsHandleResponse(resp) - if err != nil { - return KeyVaultClientGetSecretVersionsResponse{}, err - } - p.current = result - return p.current, nil -} - -// KeyVaultClientGetSecretsPager provides operations for iterating over paged responses. -type KeyVaultClientGetSecretsPager struct { - client *KeyVaultClient - current KeyVaultClientGetSecretsResponse - requester func(context.Context) (*policy.Request, error) - advancer func(context.Context, KeyVaultClientGetSecretsResponse) (*policy.Request, error) -} - -// More returns true if there are more pages to retrieve. -func (p *KeyVaultClientGetSecretsPager) More() bool { - if !reflect.ValueOf(p.current).IsZero() { - if p.current.SecretListResult.NextLink == nil || len(*p.current.SecretListResult.NextLink) == 0 { - return false - } - } - return true -} - -// NextPage advances the pager to the next page. -func (p *KeyVaultClientGetSecretsPager) NextPage(ctx context.Context) (KeyVaultClientGetSecretsResponse, error) { - var req *policy.Request - var err error - if !reflect.ValueOf(p.current).IsZero() { - if !p.More() { - return KeyVaultClientGetSecretsResponse{}, errors.New("no more pages") - } - req, err = p.advancer(ctx, p.current) - } else { - req, err = p.requester(ctx) - } - if err != nil { - return KeyVaultClientGetSecretsResponse{}, err - } - resp, err := p.client.Pl.Do(req) - if err != nil { - return KeyVaultClientGetSecretsResponse{}, err - } - if !runtime.HasStatusCode(resp, http.StatusOK) { - - return KeyVaultClientGetSecretsResponse{}, runtime.NewResponseError(resp) - } - result, err := p.client.GetSecretsHandleResponse(resp) - if err != nil { - return KeyVaultClientGetSecretsResponse{}, err - } - p.current = result - return p.current, nil -} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/response_types.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/response_types.go deleted file mode 100644 index 4da733a967..0000000000 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/response_types.go +++ /dev/null @@ -1,69 +0,0 @@ -//go:build go1.16 -// +build go1.16 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package internal - -// KeyVaultClientBackupSecretResponse contains the response from method KeyVaultClient.BackupSecret. -type KeyVaultClientBackupSecretResponse struct { - BackupSecretResult -} - -// KeyVaultClientDeleteSecretResponse contains the response from method KeyVaultClient.DeleteSecret. -type KeyVaultClientDeleteSecretResponse struct { - DeletedSecretBundle -} - -// KeyVaultClientGetDeletedSecretResponse contains the response from method KeyVaultClient.GetDeletedSecret. -type KeyVaultClientGetDeletedSecretResponse struct { - DeletedSecretBundle -} - -// KeyVaultClientGetDeletedSecretsResponse contains the response from method KeyVaultClient.GetDeletedSecrets. -type KeyVaultClientGetDeletedSecretsResponse struct { - DeletedSecretListResult -} - -// KeyVaultClientGetSecretResponse contains the response from method KeyVaultClient.GetSecret. -type KeyVaultClientGetSecretResponse struct { - SecretBundle -} - -// KeyVaultClientGetSecretVersionsResponse contains the response from method KeyVaultClient.GetSecretVersions. -type KeyVaultClientGetSecretVersionsResponse struct { - SecretListResult -} - -// KeyVaultClientGetSecretsResponse contains the response from method KeyVaultClient.GetSecrets. -type KeyVaultClientGetSecretsResponse struct { - SecretListResult -} - -// KeyVaultClientPurgeDeletedSecretResponse contains the response from method KeyVaultClient.PurgeDeletedSecret. -type KeyVaultClientPurgeDeletedSecretResponse struct { - // placeholder for future response values -} - -// KeyVaultClientRecoverDeletedSecretResponse contains the response from method KeyVaultClient.RecoverDeletedSecret. -type KeyVaultClientRecoverDeletedSecretResponse struct { - SecretBundle -} - -// KeyVaultClientRestoreSecretResponse contains the response from method KeyVaultClient.RestoreSecret. -type KeyVaultClientRestoreSecretResponse struct { - SecretBundle -} - -// KeyVaultClientSetSecretResponse contains the response from method KeyVaultClient.SetSecret. -type KeyVaultClientSetSecretResponse struct { - SecretBundle -} - -// KeyVaultClientUpdateSecretResponse contains the response from method KeyVaultClient.UpdateSecret. -type KeyVaultClientUpdateSecretResponse struct { - SecretBundle -} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models.go index 2f4a4106e2..70118f998e 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models.go @@ -3,262 +3,266 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. +// DO NOT EDIT. package azsecrets -import ( - "time" +import "time" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal" - shared "github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal" -) +// BackupSecretResult - The backup secret result, containing the backup blob. +type BackupSecretResult struct { + // READ-ONLY; The backup blob containing the backed up secret. + Value []byte `json:"value,omitempty" azure:"ro"` +} -// DeletedSecret consists of the previous ID, attributes, tags, and information on when it will be purged. -type DeletedSecret struct { - // The secret management attributes. - Properties *Properties `json:"attributes,omitempty"` +// BackupSecretOptions contains the optional parameters for the Client.BackupSecret method. +type BackupSecretOptions struct { + // placeholder for future optional parameters +} - // The secret id. - ID *string `json:"id,omitempty"` +// DeleteSecretOptions contains the optional parameters for the Client.DeleteSecret method. +type DeleteSecretOptions struct { + // placeholder for future optional parameters +} - // Name of the secret - Name *string +// GetDeletedSecretOptions contains the optional parameters for the Client.GetDeletedSecret method. +type GetDeletedSecretOptions struct { + // placeholder for future optional parameters +} - // The url of the recovery object, used to identify and recover the deleted secret. - RecoveryID *string `json:"recoveryId,omitempty"` +// GetSecretOptions contains the optional parameters for the Client.GetSecret method. +type GetSecretOptions struct { + // placeholder for future optional parameters +} - // READ-ONLY; The time when the secret was deleted, in UTC - DeletedOn *time.Time `json:"deletedDate,omitempty" azure:"ro"` +// ListDeletedSecretsOptions contains the optional parameters for the Client.ListDeletedSecrets method. +type ListDeletedSecretsOptions struct { + // Maximum number of results to return in a page. If not specified the service will return up to 25 results. + MaxResults *int32 +} - // READ-ONLY; The time when the secret is scheduled to be purged, in UTC - ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"` +// ListSecretVersionsOptions contains the optional parameters for the Client.ListSecretVersions method. +type ListSecretVersionsOptions struct { + // Maximum number of results to return in a page. If not specified, the service will return up to 25 results. + MaxResults *int32 } -// Secret - A secret consisting of a value, id and its attributes. -type Secret struct { - // The secret management attributes. - Properties *Properties `json:"attributes,omitempty"` +// ListSecretsOptions contains the optional parameters for the Client.ListSecrets method. +type ListSecretsOptions struct { + // Maximum number of results to return in a page. If not specified, the service will return up to 25 results. + MaxResults *int32 +} - // The secret id. - ID *string `json:"id,omitempty"` +// PurgeDeletedSecretOptions contains the optional parameters for the Client.PurgeDeletedSecret method. +type PurgeDeletedSecretOptions struct { + // placeholder for future optional parameters +} - // The name of the secret - Name *string +// RecoverDeletedSecretOptions contains the optional parameters for the Client.RecoverDeletedSecret method. +type RecoverDeletedSecretOptions struct { + // placeholder for future optional parameters +} - // The secret value. - Value *string `json:"value,omitempty"` +// RestoreSecretOptions contains the optional parameters for the Client.RestoreSecret method. +type RestoreSecretOptions struct { + // placeholder for future optional parameters +} + +// SetSecretOptions contains the optional parameters for the Client.SetSecret method. +type SetSecretOptions struct { + // placeholder for future optional parameters } -func (s Secret) toGeneratedProperties() internal.SecretUpdateParameters { - var contentType *string - if s.Properties != nil && s.Properties.ContentType != nil { - contentType = s.Properties.ContentType - } - var tags map[string]*string - if s.Properties != nil && s.Properties.Tags != nil { - tags = convertToGeneratedMap(s.Properties.Tags) - } - return internal.SecretUpdateParameters{ - ContentType: contentType, - SecretAttributes: s.Properties.toGenerated(), - Tags: tags, - } +// UpdateSecretOptions contains the optional parameters for the Client.UpdateSecret method. +type UpdateSecretOptions struct { + // placeholder for future optional parameters } -// Properties - The secret management properties. -type Properties struct { +// DeletedSecretBundle - A Deleted Secret consisting of its previous id, attributes and its tags, as well as information on +// when it will be purged. +type DeletedSecretBundle struct { + // The secret management attributes. + Attributes *SecretAttributes `json:"attributes,omitempty"` + // The content type of the secret. ContentType *string `json:"contentType,omitempty"` - // READ-ONLY; Creation time in UTC. - CreatedOn *time.Time `json:"created,omitempty" azure:"ro"` + // The secret id. + ID *ID `json:"id,omitempty"` - // Determines whether the object is enabled. - Enabled *bool `json:"enabled,omitempty"` + // The url of the recovery object, used to identify and recover the deleted secret. + RecoveryID *string `json:"recoveryId,omitempty"` - // Expiry date in UTC. - ExpiresOn *time.Time `json:"exp,omitempty"` + // Application specific metadata in the form of key-value pairs. + Tags map[string]*string `json:"tags,omitempty"` - // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed - // will be true. - IsManaged *bool `json:"managed,omitempty" azure:"ro"` + // The secret value. + Value *string `json:"value,omitempty"` + + // READ-ONLY; The time when the secret was deleted, in UTC + DeletedDate *time.Time `json:"deletedDate,omitempty" azure:"ro"` // READ-ONLY; If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV // certificate. - KeyID *string `json:"kid,omitempty" azure:"ro"` + Kid *string `json:"kid,omitempty" azure:"ro"` - // NotBefore is the secret's not before date in UTC. - NotBefore *time.Time `json:"nbf,omitempty"` + // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed + // will be true. + Managed *bool `json:"managed,omitempty" azure:"ro"` - // READ-ONLY; softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. - RecoverableDays *int32 `json:"recoverableDays,omitempty" azure:"ro"` + // READ-ONLY; The time when the secret is scheduled to be purged, in UTC + ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"` +} - // READ-ONLY; Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', the secret can be permanently - // deleted by a privileged user; otherwise, only the - // system can purge the secret, at the end of the retention interval. - RecoveryLevel *string `json:"recoveryLevel,omitempty" azure:"ro"` +// DeletedSecretItem - The deleted secret item containing metadata about the deleted secret. +type DeletedSecretItem struct { + // The secret management attributes. + Attributes *SecretAttributes `json:"attributes,omitempty"` + + // Type of the secret value such as a password. + ContentType *string `json:"contentType,omitempty"` + + // Secret identifier. + ID *ID `json:"id,omitempty"` + + // The url of the recovery object, used to identify and recover the deleted secret. + RecoveryID *string `json:"recoveryId,omitempty"` // Application specific metadata in the form of key-value pairs. - Tags map[string]string `json:"tags,omitempty"` + Tags map[string]*string `json:"tags,omitempty"` - // READ-ONLY; Last updated time in UTC. - UpdatedOn *time.Time `json:"updated,omitempty" azure:"ro"` + // READ-ONLY; The time when the secret was deleted, in UTC + DeletedDate *time.Time `json:"deletedDate,omitempty" azure:"ro"` + + // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a key backing a certificate, then managed + // will be true. + Managed *bool `json:"managed,omitempty" azure:"ro"` - // VaultURL is the vault url the secret came from - VaultURL *string + // READ-ONLY; The time when the secret is scheduled to be purged, in UTC + ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"` +} - // Version is the version of the secret - Version *string +// DeletedSecretListResult - The deleted secret list result +type DeletedSecretListResult struct { + // READ-ONLY; The URL to get the next set of deleted secrets. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` - // Name is the name of the secret - Name *string + // READ-ONLY; A response message containing a list of the deleted secrets in the vault along with a link to the next page + // of deleted secrets + Value []*DeletedSecretItem `json:"value,omitempty" azure:"ro"` } -func (s *Properties) toGenerated() *internal.SecretAttributes { - if s == nil { - return nil - } - return &internal.SecretAttributes{ - RecoverableDays: s.RecoverableDays, - RecoveryLevel: (*internal.DeletionRecoveryLevel)(s.RecoveryLevel), - Enabled: s.Enabled, - Expires: s.ExpiresOn, - NotBefore: s.NotBefore, - Created: s.CreatedOn, - Updated: s.UpdatedOn, - } +// RestoreSecretParameters - The secret restore parameters. +type RestoreSecretParameters struct { + // REQUIRED; The backup blob associated with a secret bundle. + SecretBundleBackup []byte `json:"value,omitempty"` } -// create a SecretAttributes object from an internal.SecretAttributes object -func secretPropertiesFromGenerated(i *internal.SecretAttributes) *Properties { - if i == nil { - return nil - } - return &Properties{ - ContentType: nil, - CreatedOn: i.Created, - Enabled: i.Enabled, - ExpiresOn: i.Expires, - IsManaged: nil, - KeyID: nil, - NotBefore: i.NotBefore, - RecoverableDays: i.RecoverableDays, - RecoveryLevel: (*string)(i.RecoveryLevel), - Tags: nil, - UpdatedOn: i.Updated, - } +// SecretAttributes - The secret management attributes. +type SecretAttributes struct { + // Determines whether the object is enabled. + Enabled *bool `json:"enabled,omitempty"` + + // Expiry date in UTC. + Expires *time.Time `json:"exp,omitempty"` + + // Not before date in UTC. + NotBefore *time.Time `json:"nbf,omitempty"` + + // READ-ONLY; Creation time in UTC. + Created *time.Time `json:"created,omitempty" azure:"ro"` + + // READ-ONLY; softDelete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0. + RecoverableDays *int32 `json:"recoverableDays,omitempty" azure:"ro"` + + // READ-ONLY; Reflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', + // the secret can be permanently deleted by a privileged user; otherwise, only the + // system can purge the secret, at the end of the retention interval. + RecoveryLevel *DeletionRecoveryLevel `json:"recoveryLevel,omitempty" azure:"ro"` + + // READ-ONLY; Last updated time in UTC. + Updated *time.Time `json:"updated,omitempty" azure:"ro"` } -// SecretItem contains secret metadata. -type SecretItem struct { +// SecretBundle - A secret consisting of a value, id and its attributes. +type SecretBundle struct { // The secret management attributes. - Properties *Properties `json:"attributes,omitempty"` + Attributes *SecretAttributes `json:"attributes,omitempty"` - // Type of the secret value such as a password. + // The content type of the secret. ContentType *string `json:"contentType,omitempty"` - // Secret identifier. - ID *string `json:"id,omitempty"` - - // Name of the secret - Name *string + // The secret id. + ID *ID `json:"id,omitempty"` // Application specific metadata in the form of key-value pairs. - Tags map[string]string `json:"tags,omitempty"` + Tags map[string]*string `json:"tags,omitempty"` - // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a key backing a certificate, then managed will be true. - IsManaged *bool `json:"managed,omitempty" azure:"ro"` -} + // The secret value. + Value *string `json:"value,omitempty"` + + // READ-ONLY; If this is a secret backing a KV certificate, then this field specifies the corresponding key backing the KV + // certificate. + Kid *string `json:"kid,omitempty" azure:"ro"` -// create a SecretItem from the internal.SecretItem model -func secretItemFromGenerated(i *internal.SecretItem) SecretItem { - if i == nil { - return SecretItem{} - } - - _, name, _ := shared.ParseID(i.ID) - return SecretItem{ - Properties: secretPropertiesFromGenerated(i.Attributes), - ContentType: i.ContentType, - ID: i.ID, - Name: name, - Tags: convertPtrMap(i.Tags), - IsManaged: i.Managed, - } + // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a secret backing a certificate, then managed + // will be true. + Managed *bool `json:"managed,omitempty" azure:"ro"` } -// DeletedSecretItem - The deleted secret item containing metadata about the deleted secret. -type DeletedSecretItem struct { +// SecretItem - The secret item containing secret metadata. +type SecretItem struct { // The secret management attributes. - Properties *Properties `json:"attributes,omitempty"` + Attributes *SecretAttributes `json:"attributes,omitempty"` // Type of the secret value such as a password. ContentType *string `json:"contentType,omitempty"` // Secret identifier. - ID *string `json:"id,omitempty"` - - // The name of the deleted secret - Name *string - - // The url of the recovery object, used to identify and recover the deleted secret. - RecoveryID *string `json:"recoveryId,omitempty"` + ID *ID `json:"id,omitempty"` // Application specific metadata in the form of key-value pairs. - Tags map[string]string `json:"tags,omitempty"` - - // READ-ONLY; The time when the secret was deleted, in UTC - DeletedOn *time.Time `json:"deletedDate,omitempty" azure:"ro"` + Tags map[string]*string `json:"tags,omitempty"` // READ-ONLY; True if the secret's lifetime is managed by key vault. If this is a key backing a certificate, then managed // will be true. - IsManaged *bool `json:"managed,omitempty" azure:"ro"` - - // READ-ONLY; The time when the secret is scheduled to be purged, in UTC - ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"` + Managed *bool `json:"managed,omitempty" azure:"ro"` } -func deletedSecretItemFromGenerated(i *internal.DeletedSecretItem) DeletedSecretItem { - if i == nil { - return DeletedSecretItem{} - } - - _, name, _ := shared.ParseID(i.ID) - return DeletedSecretItem{ - Properties: secretPropertiesFromGenerated(i.Attributes), - ContentType: i.ContentType, - Name: name, - ID: i.ID, - RecoveryID: i.RecoveryID, - Tags: convertPtrMap(i.Tags), - DeletedOn: i.DeletedDate, - IsManaged: i.Managed, - ScheduledPurgeDate: i.ScheduledPurgeDate, - } +// SecretListResult - The secret list result. +type SecretListResult struct { + // READ-ONLY; The URL to get the next set of secrets. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` + + // READ-ONLY; A response message containing a list of secrets in the key vault along with a link to the next page of secrets. + Value []*SecretItem `json:"value,omitempty" azure:"ro"` } -func convertPtrMap(m map[string]*string) map[string]string { - if m == nil { - return nil - } +// SetSecretParameters - The secret set parameters. +type SetSecretParameters struct { + // REQUIRED; The value of the secret. + Value *string `json:"value,omitempty"` + + // Type of the secret value such as a password. + ContentType *string `json:"contentType,omitempty"` - ret := map[string]string{} - for key, val := range m { - ret[key] = *val - } + // The secret management attributes. + SecretAttributes *SecretAttributes `json:"attributes,omitempty"` - return ret + // Application specific metadata in the form of key-value pairs. + Tags map[string]*string `json:"tags,omitempty"` } -func convertToGeneratedMap(m map[string]string) map[string]*string { - if m == nil { - return nil - } +// UpdateSecretParameters - The secret update parameters. +type UpdateSecretParameters struct { + // Type of the secret value such as a password. + ContentType *string `json:"contentType,omitempty"` - ret := map[string]*string{} - for key, val := range m { - ret[key] = &val - } + // The secret management attributes. + SecretAttributes *SecretAttributes `json:"attributes,omitempty"` - return ret + // Application specific metadata in the form of key-value pairs. + Tags map[string]*string `json:"tags,omitempty"` } diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/models_serde.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models_serde.go similarity index 54% rename from vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/models_serde.go rename to vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models_serde.go index f0c23a8558..31f9d5c37c 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/models_serde.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/models_serde.go @@ -1,63 +1,22 @@ -//go:build go1.16 -// +build go1.16 +//go:build go1.18 +// +build go1.18 // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. // Code generated by Microsoft (R) AutoRest Code Generator. // Changes may cause incorrect behavior and will be lost if the code is regenerated. +// DO NOT EDIT. -package internal +package azsecrets import ( "encoding/json" + "fmt" "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "reflect" ) -// MarshalJSON implements the json.Marshaller interface for type Attributes. -func (a Attributes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populateTimeUnix(objectMap, "created", a.Created) - populate(objectMap, "enabled", a.Enabled) - populateTimeUnix(objectMap, "exp", a.Expires) - populateTimeUnix(objectMap, "nbf", a.NotBefore) - populateTimeUnix(objectMap, "updated", a.Updated) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Attributes. -func (a *Attributes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return err - } - for key, val := range rawMsg { - var err error - switch key { - case "created": - err = unpopulateTimeUnix(val, &a.Created) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, &a.Enabled) - delete(rawMsg, key) - case "exp": - err = unpopulateTimeUnix(val, &a.Expires) - delete(rawMsg, key) - case "nbf": - err = unpopulateTimeUnix(val, &a.NotBefore) - delete(rawMsg, key) - case "updated": - err = unpopulateTimeUnix(val, &a.Updated) - delete(rawMsg, key) - } - if err != nil { - return err - } - } - return nil -} - // MarshalJSON implements the json.Marshaller interface for type BackupSecretResult. func (b BackupSecretResult) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -69,7 +28,7 @@ func (b BackupSecretResult) MarshalJSON() ([]byte, error) { func (b *BackupSecretResult) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error @@ -79,7 +38,7 @@ func (b *BackupSecretResult) UnmarshalJSON(data []byte) error { delete(rawMsg, key) } if err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil @@ -105,44 +64,44 @@ func (d DeletedSecretBundle) MarshalJSON() ([]byte, error) { func (d *DeletedSecretBundle) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { case "attributes": - err = unpopulate(val, &d.Attributes) + err = unpopulate(val, "Attributes", &d.Attributes) delete(rawMsg, key) case "contentType": - err = unpopulate(val, &d.ContentType) + err = unpopulate(val, "ContentType", &d.ContentType) delete(rawMsg, key) case "deletedDate": - err = unpopulateTimeUnix(val, &d.DeletedDate) + err = unpopulateTimeUnix(val, "DeletedDate", &d.DeletedDate) delete(rawMsg, key) case "id": - err = unpopulate(val, &d.ID) + err = unpopulate(val, "ID", &d.ID) delete(rawMsg, key) case "kid": - err = unpopulate(val, &d.Kid) + err = unpopulate(val, "Kid", &d.Kid) delete(rawMsg, key) case "managed": - err = unpopulate(val, &d.Managed) + err = unpopulate(val, "Managed", &d.Managed) delete(rawMsg, key) case "recoveryId": - err = unpopulate(val, &d.RecoveryID) + err = unpopulate(val, "RecoveryID", &d.RecoveryID) delete(rawMsg, key) case "scheduledPurgeDate": - err = unpopulateTimeUnix(val, &d.ScheduledPurgeDate) + err = unpopulateTimeUnix(val, "ScheduledPurgeDate", &d.ScheduledPurgeDate) delete(rawMsg, key) case "tags": - err = unpopulate(val, &d.Tags) + err = unpopulate(val, "Tags", &d.Tags) delete(rawMsg, key) case "value": - err = unpopulate(val, &d.Value) + err = unpopulate(val, "Value", &d.Value) delete(rawMsg, key) } if err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil @@ -166,38 +125,38 @@ func (d DeletedSecretItem) MarshalJSON() ([]byte, error) { func (d *DeletedSecretItem) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { case "attributes": - err = unpopulate(val, &d.Attributes) + err = unpopulate(val, "Attributes", &d.Attributes) delete(rawMsg, key) case "contentType": - err = unpopulate(val, &d.ContentType) + err = unpopulate(val, "ContentType", &d.ContentType) delete(rawMsg, key) case "deletedDate": - err = unpopulateTimeUnix(val, &d.DeletedDate) + err = unpopulateTimeUnix(val, "DeletedDate", &d.DeletedDate) delete(rawMsg, key) case "id": - err = unpopulate(val, &d.ID) + err = unpopulate(val, "ID", &d.ID) delete(rawMsg, key) case "managed": - err = unpopulate(val, &d.Managed) + err = unpopulate(val, "Managed", &d.Managed) delete(rawMsg, key) case "recoveryId": - err = unpopulate(val, &d.RecoveryID) + err = unpopulate(val, "RecoveryID", &d.RecoveryID) delete(rawMsg, key) case "scheduledPurgeDate": - err = unpopulateTimeUnix(val, &d.ScheduledPurgeDate) + err = unpopulateTimeUnix(val, "ScheduledPurgeDate", &d.ScheduledPurgeDate) delete(rawMsg, key) case "tags": - err = unpopulate(val, &d.Tags) + err = unpopulate(val, "Tags", &d.Tags) delete(rawMsg, key) } if err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil @@ -211,6 +170,56 @@ func (d DeletedSecretListResult) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// UnmarshalJSON implements the json.Unmarshaller interface for type DeletedSecretListResult. +func (d *DeletedSecretListResult) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &d.NextLink) + delete(rawMsg, key) + case "value": + err = unpopulate(val, "Value", &d.Value) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type RestoreSecretParameters. +func (r RestoreSecretParameters) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populateByteArray(objectMap, "value", r.SecretBundleBackup, runtime.Base64URLFormat) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type RestoreSecretParameters. +func (r *RestoreSecretParameters) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", r, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "value": + err = runtime.DecodeByteArray(string(val), &r.SecretBundleBackup, runtime.Base64URLFormat) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", r, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type SecretAttributes. func (s SecretAttributes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -228,35 +237,35 @@ func (s SecretAttributes) MarshalJSON() ([]byte, error) { func (s *SecretAttributes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { case "created": - err = unpopulateTimeUnix(val, &s.Created) + err = unpopulateTimeUnix(val, "Created", &s.Created) delete(rawMsg, key) case "enabled": - err = unpopulate(val, &s.Enabled) + err = unpopulate(val, "Enabled", &s.Enabled) delete(rawMsg, key) case "exp": - err = unpopulateTimeUnix(val, &s.Expires) + err = unpopulateTimeUnix(val, "Expires", &s.Expires) delete(rawMsg, key) case "nbf": - err = unpopulateTimeUnix(val, &s.NotBefore) + err = unpopulateTimeUnix(val, "NotBefore", &s.NotBefore) delete(rawMsg, key) case "recoverableDays": - err = unpopulate(val, &s.RecoverableDays) + err = unpopulate(val, "RecoverableDays", &s.RecoverableDays) delete(rawMsg, key) case "recoveryLevel": - err = unpopulate(val, &s.RecoveryLevel) + err = unpopulate(val, "RecoveryLevel", &s.RecoveryLevel) delete(rawMsg, key) case "updated": - err = unpopulateTimeUnix(val, &s.Updated) + err = unpopulateTimeUnix(val, "Updated", &s.Updated) delete(rawMsg, key) } if err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil @@ -275,6 +284,44 @@ func (s SecretBundle) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// UnmarshalJSON implements the json.Unmarshaller interface for type SecretBundle. +func (s *SecretBundle) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "attributes": + err = unpopulate(val, "Attributes", &s.Attributes) + delete(rawMsg, key) + case "contentType": + err = unpopulate(val, "ContentType", &s.ContentType) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &s.ID) + delete(rawMsg, key) + case "kid": + err = unpopulate(val, "Kid", &s.Kid) + delete(rawMsg, key) + case "managed": + err = unpopulate(val, "Managed", &s.Managed) + delete(rawMsg, key) + case "tags": + err = unpopulate(val, "Tags", &s.Tags) + delete(rawMsg, key) + case "value": + err = unpopulate(val, "Value", &s.Value) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type SecretItem. func (s SecretItem) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -286,6 +333,38 @@ func (s SecretItem) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// UnmarshalJSON implements the json.Unmarshaller interface for type SecretItem. +func (s *SecretItem) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "attributes": + err = unpopulate(val, "Attributes", &s.Attributes) + delete(rawMsg, key) + case "contentType": + err = unpopulate(val, "ContentType", &s.ContentType) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &s.ID) + delete(rawMsg, key) + case "managed": + err = unpopulate(val, "Managed", &s.Managed) + delete(rawMsg, key) + case "tags": + err = unpopulate(val, "Tags", &s.Tags) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type SecretListResult. func (s SecretListResult) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -294,35 +373,31 @@ func (s SecretListResult) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type SecretRestoreParameters. -func (s SecretRestoreParameters) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populateByteArray(objectMap, "value", s.SecretBundleBackup, runtime.Base64URLFormat) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type SecretRestoreParameters. -func (s *SecretRestoreParameters) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecretListResult. +func (s *SecretListResult) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &s.NextLink) + delete(rawMsg, key) case "value": - err = runtime.DecodeByteArray(string(val), &s.SecretBundleBackup, runtime.Base64URLFormat) + err = unpopulate(val, "Value", &s.Value) delete(rawMsg, key) } if err != nil { - return err + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecretSetParameters. -func (s SecretSetParameters) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SetSecretParameters. +func (s SetSecretParameters) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "contentType", s.ContentType) populate(objectMap, "attributes", s.SecretAttributes) @@ -331,15 +406,70 @@ func (s SecretSetParameters) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type SecretUpdateParameters. -func (s SecretUpdateParameters) MarshalJSON() ([]byte, error) { +// UnmarshalJSON implements the json.Unmarshaller interface for type SetSecretParameters. +func (s *SetSecretParameters) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "contentType": + err = unpopulate(val, "ContentType", &s.ContentType) + delete(rawMsg, key) + case "attributes": + err = unpopulate(val, "SecretAttributes", &s.SecretAttributes) + delete(rawMsg, key) + case "tags": + err = unpopulate(val, "Tags", &s.Tags) + delete(rawMsg, key) + case "value": + err = unpopulate(val, "Value", &s.Value) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type UpdateSecretParameters. +func (u UpdateSecretParameters) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "contentType", s.ContentType) - populate(objectMap, "attributes", s.SecretAttributes) - populate(objectMap, "tags", s.Tags) + populate(objectMap, "contentType", u.ContentType) + populate(objectMap, "attributes", u.SecretAttributes) + populate(objectMap, "tags", u.Tags) return json.Marshal(objectMap) } +// UnmarshalJSON implements the json.Unmarshaller interface for type UpdateSecretParameters. +func (u *UpdateSecretParameters) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", u, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "contentType": + err = unpopulate(val, "ContentType", &u.ContentType) + delete(rawMsg, key) + case "attributes": + err = unpopulate(val, "SecretAttributes", &u.SecretAttributes) + delete(rawMsg, key) + case "tags": + err = unpopulate(val, "Tags", &u.Tags) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", u, err) + } + } + return nil +} + func populate(m map[string]interface{}, k string, v interface{}) { if v == nil { return @@ -360,9 +490,12 @@ func populateByteArray(m map[string]interface{}, k string, b []byte, f runtime.B } } -func unpopulate(data json.RawMessage, v interface{}) error { +func unpopulate(data json.RawMessage, fn string, v interface{}) error { if data == nil { return nil } - return json.Unmarshal(data, v) + if err := json.Unmarshal(data, v); err != nil { + return fmt.Errorf("struct field %s: %v", fn, err) + } + return nil } diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/response_types.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/response_types.go new file mode 100644 index 0000000000..903002be90 --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/response_types.go @@ -0,0 +1,70 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. +// DO NOT EDIT. + +package azsecrets + +// BackupSecretResponse contains the response from method Client.BackupSecret. +type BackupSecretResponse struct { + BackupSecretResult +} + +// DeleteSecretResponse contains the response from method Client.DeleteSecret. +type DeleteSecretResponse struct { + DeletedSecretBundle +} + +// GetDeletedSecretResponse contains the response from method Client.GetDeletedSecret. +type GetDeletedSecretResponse struct { + DeletedSecretBundle +} + +// GetSecretResponse contains the response from method Client.GetSecret. +type GetSecretResponse struct { + SecretBundle +} + +// ListDeletedSecretsResponse contains the response from method Client.ListDeletedSecrets. +type ListDeletedSecretsResponse struct { + DeletedSecretListResult +} + +// ListSecretVersionsResponse contains the response from method Client.ListSecretVersions. +type ListSecretVersionsResponse struct { + SecretListResult +} + +// ListSecretsResponse contains the response from method Client.ListSecrets. +type ListSecretsResponse struct { + SecretListResult +} + +// PurgeDeletedSecretResponse contains the response from method Client.PurgeDeletedSecret. +type PurgeDeletedSecretResponse struct { + // placeholder for future response values +} + +// RecoverDeletedSecretResponse contains the response from method Client.RecoverDeletedSecret. +type RecoverDeletedSecretResponse struct { + SecretBundle +} + +// RestoreSecretResponse contains the response from method Client.RestoreSecret. +type RestoreSecretResponse struct { + SecretBundle +} + +// SetSecretResponse contains the response from method Client.SetSecret. +type SetSecretResponse struct { + SecretBundle +} + +// UpdateSecretResponse contains the response from method Client.UpdateSecret. +type UpdateSecretResponse struct { + SecretBundle +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/test-resources-post.ps1 b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/test-resources-post.ps1 deleted file mode 100644 index 37de8267f2..0000000000 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/test-resources-post.ps1 +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. - -# IMPORTANT: Do not invoke this file directly. Please instead run eng/New-TestResources.ps1 from the repository root. - -#Requires -Version 6.0 -#Requires -PSEdition Core - -using namespace System.Security.Cryptography -using namespace System.Security.Cryptography.X509Certificates - -# Use same parameter names as declared in eng/New-TestResources.ps1 (assume validation therein). -[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')] -param ( - [Parameter()] - [hashtable] $DeploymentOutputs, - - # Captures any arguments from eng/New-TestResources.ps1 not declared here (no parameter errors). - [Parameter(ValueFromRemainingArguments = $true)] - $RemainingArguments -) - -# By default stop for any error. -if (!$PSBoundParameters.ContainsKey('ErrorAction')) { - $ErrorActionPreference = 'Stop' -} - -function Log($Message) { - Write-Host ('{0} - {1}' -f [DateTime]::Now.ToLongTimeString(), $Message) -} - -function New-X509Certificate2([string] $SubjectName) { - - $rsa = [RSA]::Create(2048) - try { - $req = [CertificateRequest]::new( - [string] $SubjectName, - $rsa, - [HashAlgorithmName]::SHA256, - [RSASignaturePadding]::Pkcs1 - ) - - # TODO: Add any KUs necessary to $req.CertificateExtensions - - $NotBefore = [DateTimeOffset]::Now.AddDays(-1) - $NotAfter = $NotBefore.AddDays(365) - - $req.CreateSelfSigned($NotBefore, $NotAfter) - } - finally { - $rsa.Dispose() - } -} - -function Export-X509Certificate2([string] $Path, [X509Certificate2] $Certificate) { - - $Certificate.Export([X509ContentType]::Pfx) | Set-Content $Path -AsByteStream -} - -function Export-X509Certificate2PEM([string] $Path, [X509Certificate2] $Certificate) { - -@" ------BEGIN CERTIFICATE----- -$([Convert]::ToBase64String($Certificate.RawData, 'InsertLineBreaks')) ------END CERTIFICATE----- -"@ > $Path - -} - -# Make sure we deployed a Managed HSM. -if (!$DeploymentOutputs['AZURE_MANAGEDHSM_URL']) { - Log "Managed HSM not deployed; skipping activation" - exit -} - -[Uri] $hsmUrl = $DeploymentOutputs['AZURE_MANAGEDHSM_URL'] -$hsmName = $hsmUrl.Host.Substring(0, $hsmUrl.Host.IndexOf('.')) - -Log 'Creating 3 X509 certificates to activate security domain' -$wrappingFiles = foreach ($i in 0..2) { - $certificate = New-X509Certificate2 "CN=$($hsmUrl.Host)" - - $baseName = "$PSScriptRoot\$hsmName-certificate$i" - Export-X509Certificate2 "$baseName.pfx" $certificate - Export-X509Certificate2PEM "$baseName.cer" $certificate - - Resolve-Path "$baseName.cer" -} - -Log "Downloading security domain from '$hsmUrl'" - -$sdPath = "$PSScriptRoot\$hsmName-security-domain.key" -if (Test-Path $sdpath) { - Log "Deleting old security domain: $sdPath" - Remove-Item $sdPath -Force -} - -Export-AzKeyVaultSecurityDomain -Name $hsmName -Quorum 2 -Certificates $wrappingFiles -OutputPath $sdPath - -Log "Security domain downloaded to '$sdPath'; Managed HSM is now active at '$hsmUrl'" - -# Force a sleep to wait for Managed HSM activation to propagate through Cosmos replication. Issue tracked in Azure DevOps. -Log 'Sleeping for 30 seconds to allow activation to propagate...' -Start-Sleep -Seconds 30 - -$testApplicationOid = $DeploymentOutputs['CLIENT_OBJECTID'] - -Log "Creating additional required role assignments for '$testApplicationOid'" -$null = New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName 'Managed HSM Crypto Officer' -ObjectID $testApplicationOid -$null = New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName 'Managed HSM Crypto User' -ObjectID $testApplicationOid - -Log "Role assignments created for '$testApplicationOid'" \ No newline at end of file diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/time_unix.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/time_unix.go similarity index 86% rename from vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/time_unix.go rename to vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/time_unix.go index 1259dd37d4..d26fd78454 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal/time_unix.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/time_unix.go @@ -1,12 +1,13 @@ -//go:build go1.16 -// +build go1.16 +//go:build go1.18 +// +build go1.18 // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. // Code generated by Microsoft (R) AutoRest Code Generator. // Changes may cause incorrect behavior and will be lost if the code is regenerated. +// DO NOT EDIT. -package internal +package azsecrets import ( "encoding/json" @@ -48,13 +49,13 @@ func populateTimeUnix(m map[string]interface{}, k string, t *time.Time) { m[k] = (*timeUnix)(t) } -func unpopulateTimeUnix(data json.RawMessage, t **time.Time) error { +func unpopulateTimeUnix(data json.RawMessage, fn string, t **time.Time) error { if data == nil || strings.EqualFold(string(data), "null") { return nil } var aux timeUnix if err := json.Unmarshal(data, &aux); err != nil { - return err + return fmt.Errorf("struct field %s: %v", fn, err) } *t = (*time.Time)(&aux) return nil diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/version.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/version.go new file mode 100644 index 0000000000..4be4e2dbbe --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/version.go @@ -0,0 +1,12 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package azsecrets + +const ( + moduleName = "azsecrets" + version = "v0.11.0" +) diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/CHANGELOG.md index 5e88acbeeb..75df0b7fac 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/CHANGELOG.md +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/CHANGELOG.md @@ -1,5 +1,16 @@ # Release History +## 0.7.0 (2022-09-20) + +### Breaking Changes +* Added `*KeyVaultChallengePolicyOptions` parameter to `NewKeyVaultChallengePolicy` + +## 0.6.0 (2022-09-12) + +### Breaking Changes +* Verify the challenge resource matches the vault domain. See https://aka.ms/azsdk/blog/vault-uri for more information. +* `ParseID()` no longer appends a trailing slash to vault URLs + ## 0.5.0 (2022-05-12) ### Breaking Changes diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/challenge_policy.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/challenge_policy.go index 7fe0d76d66..ae381903f5 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/challenge_policy.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/challenge_policy.go @@ -11,6 +11,7 @@ import ( "errors" "fmt" "net/http" + "net/url" "strings" "time" @@ -23,21 +24,35 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/internal/temporal" ) -const headerAuthorization = "Authorization" -const bearerHeader = "Bearer " +const ( + headerAuthorization = "Authorization" + challengeMatchError = `challenge resource "%s" doesn't match the requested domain. Set DisableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information` + bearerHeader = "Bearer " +) + +type KeyVaultChallengePolicyOptions struct { + // DisableChallengeResourceVerification controls whether the policy requires the + // authentication challenge resource to match the Key Vault or Managed HSM domain + DisableChallengeResourceVerification bool +} type KeyVaultChallengePolicy struct { // mainResource is the resource to be retrieved using the tenant specified in the credential - mainResource *temporal.Resource[azcore.AccessToken, acquiringResourceState] - cred azcore.TokenCredential - scope *string - tenantID *string + mainResource *temporal.Resource[azcore.AccessToken, acquiringResourceState] + cred azcore.TokenCredential + scope *string + tenantID *string + verifyChallengeResource bool } -func NewKeyVaultChallengePolicy(cred azcore.TokenCredential) *KeyVaultChallengePolicy { +func NewKeyVaultChallengePolicy(cred azcore.TokenCredential, opts *KeyVaultChallengePolicyOptions) *KeyVaultChallengePolicy { + if opts == nil { + opts = &KeyVaultChallengePolicyOptions{} + } return &KeyVaultChallengePolicy{ - cred: cred, - mainResource: temporal.NewResource(acquire), + cred: cred, + mainResource: temporal.NewResource(acquire), + verifyChallengeResource: !opts.DisableChallengeResourceVerification, } } @@ -63,7 +78,7 @@ func (k *KeyVaultChallengePolicy) Do(req *policy.Request) (*http.Response, error // the request failed for some other reason, don't try any further return resp, nil } - err = k.findScopeAndTenant(resp) + err = k.findScopeAndTenant(resp, req.Raw()) if err != nil { return nil, err } @@ -92,7 +107,7 @@ func (k *KeyVaultChallengePolicy) Do(req *policy.Request) (*http.Response, error k.mainResource.Expire() // Find the scope and tenant again in case they have changed - err := k.findScopeAndTenant(resp) + err := k.findScopeAndTenant(resp, req.Raw()) if err != nil { // Error parsing challenge, doomed to fail. Return return resp, cloneReqErr @@ -146,7 +161,7 @@ func (c *challengePolicyError) Unwrap() error { var _ errorinfo.NonRetriable = (*challengePolicyError)(nil) // sets the k.scope and k.tenantID from the WWW-Authenticate header -func (k *KeyVaultChallengePolicy) findScopeAndTenant(resp *http.Response) error { +func (k *KeyVaultChallengePolicy) findScopeAndTenant(resp *http.Response, req *http.Request) error { authHeader := resp.Header.Get("WWW-Authenticate") if authHeader == "" { return &challengePolicyError{err: errors.New("response has no WWW-Authenticate header for challenge authentication")} @@ -170,17 +185,29 @@ func (k *KeyVaultChallengePolicy) findScopeAndTenant(resp *http.Response) error } k.tenantID = parseTenant(vals["authorization"]) - if scope, ok := vals["scope"]; ok { - k.scope = &scope - } else if resource, ok := vals["resource"]; ok { - if !strings.HasSuffix(resource, "/.default") { - resource += "/.default" - } - k.scope = &resource - } else { + scope := "" + if v, ok := vals["scope"]; ok { + scope = v + } else if v, ok := vals["resource"]; ok { + scope = v + } + if scope == "" { return &challengePolicyError{err: errors.New("could not find a valid resource in the WWW-Authenticate header")} } - + if k.verifyChallengeResource { + // the challenge resource's host must match the requested vault's host + parsed, err := url.Parse(scope) + if err != nil { + return &challengePolicyError{err: fmt.Errorf(`invalid challenge resource "%s": %v`, scope, err)} + } + if !strings.HasSuffix(req.URL.Host, "."+parsed.Host) { + return &challengePolicyError{err: fmt.Errorf(challengeMatchError, scope)} + } + if !strings.HasSuffix(scope, "/.default") { + scope += "/.default" + } + } + k.scope = &scope return nil } diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/constants.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/constants.go index 1d95d720b0..3221944729 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/constants.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/constants.go @@ -7,5 +7,5 @@ package internal const ( - version = "v0.5.0" //nolint + version = "v0.7.0" //nolint ) diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/parse.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/parse.go index a46b25b7ae..8511832d27 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/parse.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal/parse.go @@ -24,7 +24,7 @@ func ParseID(id *string) (*string, *string, *string) { return nil, nil, nil } - url := fmt.Sprintf("%s://%s/", parsed.Scheme, parsed.Host) + url := fmt.Sprintf("%s://%s", parsed.Scheme, parsed.Host) split := strings.Split(strings.TrimPrefix(parsed.Path, "/"), "/") if len(split) < 3 { if len(split) == 2 { diff --git a/vendor/modules.txt b/vendor/modules.txt index a9d383726a..f2740547cc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -28,11 +28,10 @@ github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo github.com/Azure/azure-sdk-for-go/sdk/internal/log github.com/Azure/azure-sdk-for-go/sdk/internal/temporal github.com/Azure/azure-sdk-for-go/sdk/internal/uuid -# github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1 +# github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0 ## explicit; go 1.18 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets -github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets/internal -# github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 +# github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 ## explicit; go 1.18 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal # github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1