Revise azkeys API (Azure#18170)

Author: chlowell

sdk/keyvault/azkeys/CHANGELOG.md

@@ -13,6 +13,12 @@
 * Methods `BeginDeleteKey` and `BeginRecoverDeletedKey` now return a `*runtime.Poller[T]` with their respective response types.
 * Option types with a `ResumeToken` field now take the token by value.
 * Renamed `CreateECKeyOptions.CurveName` to `.Curve`
+* Renamed `ReleaseKeyOptions.Enc` to `.Algorithm`
+* Removed redundant fields `DeletedKeyItem.Managed`. and `.Tags`, and `ImportKeyOptions.Tags`.
+  Use the `DeletedKeyItem.Properties` and `ImportKeyOptions.Properties` fields of the same name instead.
+* Changed type of key `Tags` to `map[string]*string`
+* Changed type of `ListPropertiesOfKeyVersionsResponse.Keys` to `[]*KeyItem`
+* Changed type of `JSONWebKey.KeyOps` to `[]*Operation`
 
 ### Bugs Fixed
 

sdk/keyvault/azkeys/client.go

@@ -90,7 +90,7 @@ type CreateKeyOptions struct {
 	PublicExponent *int32 `json:"public_exponent,omitempty"`
 
 	// Tags is application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
+	Tags map[string]*string `json:"tags,omitempty"`
 }
 
 // convert CreateKeyOptions to *generated.KeyVaultClientCreateKeyOptions
@@ -120,7 +120,7 @@ func (c *CreateKeyOptions) toKeyCreateParameters(keyType KeyType) generated.KeyC
 		KeyOps:         ops,
 		KeySize:        c.Size,
 		PublicExponent: c.PublicExponent,
-		Tags:           convertToGeneratedMap(c.Tags),
+		Tags:           c.Tags,
 		ReleasePolicy:  c.ReleasePolicy.toGenerated(),
 	}
 }
@@ -165,7 +165,7 @@ type CreateECKeyOptions struct {
 	Curve *CurveName `json:"crv,omitempty"`
 
 	// Tags is application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
+	Tags map[string]*string `json:"tags,omitempty"`
 
 	// HardwareProtected determines whether the key is is created in a hardware security module (HSM).
 	HardwareProtected *bool
@@ -192,7 +192,7 @@ func (c *CreateECKeyOptions) toKeyCreateParameters(keyType KeyType) generated.Ke
 	return generated.KeyCreateParameters{
 		Kty:           keyType.toGenerated(),
 		Curve:         (*generated.JSONWebKeyCurveName)(c.Curve),
-		Tags:          convertToGeneratedMap(c.Tags),
+		Tags:          c.Tags,
 		KeyOps:        keyOps,
 		ReleasePolicy: c.ReleasePolicy.toGenerated(),
 		KeyAttributes: c.Properties.toGenerated(),
@@ -255,7 +255,7 @@ type CreateOctKeyOptions struct {
 	ReleasePolicy *ReleasePolicy `json:"release_policy,omitempty"`
 
 	// Tags is application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
+	Tags map[string]*string `json:"tags,omitempty"`
 }
 
 // conver the CreateOctKeyOptions to generated.KeyCreateParameters
@@ -270,7 +270,7 @@ func (c *CreateOctKeyOptions) toKeyCreateParameters(keyType KeyType) generated.K
 	return generated.KeyCreateParameters{
 		Kty:           keyType.toGenerated(),
 		KeySize:       c.Size,
-		Tags:          convertToGeneratedMap(c.Tags),
+		Tags:          c.Tags,
 		ReleasePolicy: c.ReleasePolicy.toGenerated(),
 		KeyAttributes: c.Properties.toGenerated(),
 		KeyOps:        keyOps,
@@ -325,7 +325,7 @@ type CreateRSAKeyOptions struct {
 	PublicExponent *int32 `json:"public_exponent,omitempty"`
 
 	// Tags is application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
+	Tags map[string]*string `json:"tags,omitempty"`
 
 	// Properties is the key's management properties.
 	Properties *Properties `json:"attributes,omitempty"`
@@ -350,7 +350,7 @@ func (c CreateRSAKeyOptions) toKeyCreateParameters(k KeyType) generated.KeyCreat
 		Kty:            k.toGenerated(),
 		KeySize:        c.Size,
 		PublicExponent: c.PublicExponent,
-		Tags:           convertToGeneratedMap(c.Tags),
+		Tags:           c.Tags,
 		KeyAttributes:  c.Properties.toGenerated(),
 		KeyOps:         keyOps,
 		ReleasePolicy:  c.ReleasePolicy.toGenerated(),
@@ -850,15 +850,15 @@ type ListPropertiesOfKeyVersionsResponse struct {
 	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
 
 	// Keys is the page's content.
-	Keys []KeyItem `json:"value,omitempty" azure:"ro"`
+	Keys []*KeyItem `json:"value,omitempty" azure:"ro"`
 }
 
 // create ListKeysPage from generated pager
 func listKeyVersionsPageFromGenerated(i generated.KeyVaultClientGetKeyVersionsResponse) ListPropertiesOfKeyVersionsResponse {
-	var keys []KeyItem
+	var keys []*KeyItem
 	for _, s := range i.Value {
 		if s != nil {
-			keys = append(keys, *keyItemFromGenerated(s))
+			keys = append(keys, keyItemFromGenerated(s))
 		}
 	}
 	return ListPropertiesOfKeyVersionsResponse{
@@ -949,9 +949,6 @@ type ImportKeyOptions struct {
 
 	// Properties is the properties of the key.
 	Properties *Properties `json:"attributes,omitempty"`
-
-	// Tags is application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
 }
 
 func (i ImportKeyOptions) toImportKeyParameters(key JSONWebKey) generated.KeyImportParameters {
@@ -963,7 +960,6 @@ func (i ImportKeyOptions) toImportKeyParameters(key JSONWebKey) generated.KeyImp
 		Key:           key.toGenerated(),
 		Hsm:           i.HardwareProtected,
 		KeyAttributes: attribs,
-		Tags:          convertToGeneratedMap(i.Tags),
 	}
 }
 
@@ -1138,8 +1134,8 @@ type ReleaseKeyOptions struct {
 	// Version is the version of the key to release
 	Version string
 
-	// Enc is the encryption algorithm used to protected exported key material.
-	Enc *ExportEncryptionAlg `json:"enc,omitempty"`
+	// Algorithm is the encryption algorithm used to protected exported key material.
+	Algorithm *ExportEncryptionAlg `json:"algorithm,omitempty"`
 
 	// Nonce is client-provided nonce for freshness.
 	Nonce *string `json:"nonce,omitempty"`
@@ -1164,7 +1160,7 @@ func (c *Client) ReleaseKey(ctx context.Context, name string, targetAttestationT
 		options.Version,
 		generated.KeyReleaseParameters{
 			TargetAttestationToken: &targetAttestationToken,
-			Enc:                    (*generated.KeyEncryptionAlgorithm)(options.Enc),
+			Enc:                    (*generated.KeyEncryptionAlgorithm)(options.Algorithm),
 			Nonce:                  options.Nonce,
 		},
 		&generated.KeyVaultClientReleaseOptions{},

sdk/keyvault/azkeys/client_test.go

@@ -76,16 +76,16 @@ func TestCreateKeyRSATags(t *testing.T) {
 	require.NoError(t, err)
 
 	resp, err := client.CreateRSAKey(ctx, key, &CreateRSAKeyOptions{
-		Tags: map[string]string{
-			"Tag1": "Val1",
+		Tags: map[string]*string{
+			"Tag1": to.Ptr("Val1"),
 		},
 	})
 	defer cleanUpKey(t, client, key)
 	require.NoError(t, err)
 	validateKey(t, to.Ptr(resp.Key))
 	require.Equal(t, 1, len(resp.Key.Properties.Tags))
 
-	resp.Key.Properties.Tags = map[string]string{}
+	resp.Key.Properties.Tags = map[string]*string{}
 	// Remove the tag
 	resp2, err := client.UpdateKeyProperties(ctx, resp.Key, nil)
 	require.NoError(t, err)
@@ -442,15 +442,15 @@ func TestUpdateKeyProperties(t *testing.T) {
 			require.NoError(t, err)
 			defer cleanUpKey(t, client, key)
 
-			createResp.Key.Properties.Tags = map[string]string{
-				"Tag1": "Val1",
+			createResp.Key.Properties.Tags = map[string]*string{
+				"Tag1": to.Ptr("Val1"),
 			}
 			createResp.Key.Properties.ExpiresOn = to.Ptr(time.Now().AddDate(1, 0, 0))
 
 			resp, err := client.UpdateKeyProperties(ctx, createResp.Key, nil)
 			require.NoError(t, err)
 			require.NotNil(t, resp.Properties)
-			require.Equal(t, resp.Properties.Tags["Tag1"], "Val1")
+			require.Equal(t, *resp.Properties.Tags["Tag1"], "Val1")
 			require.NotNil(t, resp.Properties.ExpiresOn)
 
 			createResp.Key.Properties.Name = to.Ptr("doesnotexist")
@@ -645,7 +645,7 @@ func TestImportKey(t *testing.T) {
 
 			jwk := JSONWebKey{
 				KeyType: to.Ptr(KeyTypeRSA),
-				KeyOps:  to.SliceOfPtrs("encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"),
+				KeyOps:  to.SliceOfPtrs(OperationEncrypt, OperationDecrypt, OperationSign, OperationVerify, OperationWrapKey, OperationUnwrapKey),
 				N:       toBytes("00a0914d00234ac683b21b4c15d5bed887bdc959c2e57af54ae734e8f00720d775d275e455207e3784ceeb60a50a4655dd72a7a94d271e8ee8f7959a669ca6e775bf0e23badae991b4529d978528b4bd90521d32dd2656796ba82b6bbfc7668c8f5eeb5053747fd199319d29a8440d08f4412d527ff9311eda71825920b47b1c46b11ab3e91d7316407e89c7f340f7b85a34042ce51743b27d4718403d34c7b438af6181be05e4d11eb985d38253d7fe9bf53fc2f1b002d22d2d793fa79a504b6ab42d0492804d7071d727a06cf3a8893aa542b1503f832b296371b6707d4dc6e372f8fe67d8ded1c908fde45ce03bc086a71487fa75e43aa0e0679aa0d20efe35", t),
 				E:       toBytes("10001", t),
 				D:       toBytes("627c7d24668148fe2252c7fa649ea8a5a9ed44d75c766cda42b29b660e99404f0e862d4561a6c95af6a83d213e0a2244b03cd28576473215073785fb067f015da19084ade9f475e08b040a9a2c7ba00253bb8125508c9df140b75161d266be347a5e0f6900fe1d8bbf78ccc25eeb37e0c9d188d6e1fc15169ba4fe12276193d77790d2326928bd60d0d01d6ead8d6ac4861abadceec95358fd6689c50a1671a4a936d2376440a41445501da4e74bfb98f823bd19c45b94eb01d98fc0d2f284507f018ebd929b8180dbe6381fdd434bffb7800aaabdd973d55f9eaf9bb88a6ea7b28c2a80231e72de1ad244826d665582c2362761019de2e9f10cb8bcc2625649", t),

sdk/keyvault/azkeys/example_test.go

@@ -108,14 +108,14 @@ func ExampleClient_UpdateKeyProperties() {
 		panic(err)
 	}
 
-	resp.Key.Properties.Tags = map[string]string{"Tag1": "val1"}
+	resp.Key.Properties.Tags = map[string]*string{"Tag1": to.Ptr("val1")}
 	resp.Key.Properties.Enabled = to.Ptr(true)
 
 	updateResp, err := client.UpdateKeyProperties(context.TODO(), resp.Key, nil)
 	if err != nil {
 		panic(err)
 	}
-	fmt.Printf("Enabled: %v\tTag1: %s\n", *updateResp.Key.Properties.Enabled, updateResp.Key.Properties.Tags["Tag1"])
+	fmt.Printf("Enabled: %v\tTag1: %s\n", *updateResp.Key.Properties.Enabled, *updateResp.Key.Properties.Tags["Tag1"])
 }
 
 func ExampleClient_BeginDeleteKey() {

sdk/keyvault/azkeys/models.go

@@ -49,7 +49,7 @@ type Properties struct {
 	RecoveryLevel *string `json:"recoveryLevel,omitempty" azure:"ro"`
 
 	// Tags contain application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
+	Tags map[string]*string `json:"tags,omitempty"`
 
 	// READ-ONLY; Last updated time in UTC.
 	UpdatedOn *time.Time `json:"updated,omitempty" azure:"ro"`
@@ -86,19 +86,19 @@ func keyPropertiesFromGenerated(i *generated.KeyAttributes, id *string, name *st
 
 	return &Properties{
 		CreatedOn:       i.Created,
-		RecoverableDays: i.RecoverableDays,
-		RecoveryLevel:   to.Ptr(string(*i.RecoveryLevel)),
 		Enabled:         i.Enabled,
 		ExpiresOn:       i.Expires,
-		NotBefore:       i.NotBefore,
-		UpdatedOn:       i.Updated,
 		Exportable:      i.Exportable,
 		ID:              id,
-		Name:            name,
-		Version:         version,
 		Managed:         managed,
-		Tags:            convertGeneratedMap(tags),
+		Name:            name,
+		NotBefore:       i.NotBefore,
+		RecoverableDays: i.RecoverableDays,
+		RecoveryLevel:   to.Ptr(string(*i.RecoveryLevel)),
+		Tags:            tags,
+		UpdatedOn:       i.Updated,
 		VaultURL:        vaultURL,
+		Version:         version,
 	}
 }
 
@@ -129,7 +129,7 @@ func (k Key) toKeyUpdateParameters() generated.KeyUpdateParameters {
 
 	var tags map[string]*string
 	if k.Properties != nil && k.Properties.Tags != nil {
-		tags = convertToGeneratedMap(k.Properties.Tags)
+		tags = k.Properties.Tags
 	}
 
 	return generated.KeyUpdateParameters{
@@ -157,8 +157,8 @@ type JSONWebKey struct {
 	E []byte `json:"e,omitempty"`
 
 	// Symmetric key.
-	K      []byte    `json:"k,omitempty"`
-	KeyOps []*string `json:"key_ops,omitempty"`
+	K      []byte       `json:"k,omitempty"`
+	KeyOps []*Operation `json:"key_ops,omitempty"`
 
 	// ID identifies the key
 	ID *string `json:"kid,omitempty"`
@@ -194,14 +194,19 @@ func jsonWebKeyFromGenerated(i *generated.JSONWebKey) *JSONWebKey {
 		return &JSONWebKey{}
 	}
 
+	ops := make([]*Operation, len(i.KeyOps))
+	for j, op := range i.KeyOps {
+		ops[j] = (*Operation)(op)
+	}
+
 	return &JSONWebKey{
 		Crv:     (*CurveName)(i.Crv),
 		D:       i.D,
 		DP:      i.DP,
 		DQ:      i.DQ,
 		E:       i.E,
 		K:       i.K,
-		KeyOps:  i.KeyOps,
+		KeyOps:  ops,
 		ID:      i.Kid,
 		KeyType: (*KeyType)(i.Kty),
 		N:       i.N,
@@ -216,14 +221,18 @@ func jsonWebKeyFromGenerated(i *generated.JSONWebKey) *JSONWebKey {
 
 // converts JSONWebKey to *generated.JSONWebKey
 func (j JSONWebKey) toGenerated() *generated.JSONWebKey {
+	ops := make([]*string, len(j.KeyOps))
+	for i, op := range j.KeyOps {
+		ops[i] = (*string)(op)
+	}
 	return &generated.JSONWebKey{
 		Crv:    (*generated.JSONWebKeyCurveName)(j.Crv),
 		D:      j.D,
 		DP:     j.DP,
 		DQ:     j.DQ,
 		E:      j.E,
 		K:      j.K,
-		KeyOps: j.KeyOps,
+		KeyOps: ops,
 		Kid:    j.ID,
 		Kty:    (*generated.JSONWebKeyType)(j.KeyType),
 		N:      j.N,
@@ -297,16 +306,9 @@ type DeletedKeyItem struct {
 	// The url of the recovery object, used to identify and recover the deleted key.
 	RecoveryID *string `json:"recoveryId,omitempty"`
 
-	// Tags contain application specific metadata in the form of key-value pairs.
-	Tags map[string]string `json:"tags,omitempty"`
-
 	// READ-ONLY; The time when the key was deleted, in UTC
 	DeletedOn *time.Time `json:"deletedDate,omitempty" azure:"ro"`
 
-	// READ-ONLY; True if the key's lifetime is managed by key vault. If this is a key backing a certificate, then managed will
-	// be true.
-	Managed *bool `json:"managed,omitempty" azure:"ro"`
-
 	// READ-ONLY; The time when the key is scheduled to be purged, in UTC
 	ScheduledPurgeDate *time.Time `json:"scheduledPurgeDate,omitempty" azure:"ro"`
 }
@@ -317,24 +319,14 @@ func deletedKeyItemFromGenerated(i *generated.DeletedKeyItem) *DeletedKeyItem {
 		return nil
 	}
 
-	_, name, _ := shared.ParseID(i.Kid)
+	vaultURL, name, version := shared.ParseID(i.Kid)
 	return &DeletedKeyItem{
 		RecoveryID:         i.RecoveryID,
 		DeletedOn:          i.DeletedDate,
 		ScheduledPurgeDate: i.ScheduledPurgeDate,
-		Properties: &Properties{
-			Enabled:         i.Attributes.Enabled,
-			ExpiresOn:       i.Attributes.Expires,
-			NotBefore:       i.Attributes.NotBefore,
-			CreatedOn:       i.Attributes.Created,
-			UpdatedOn:       i.Attributes.Updated,
-			RecoverableDays: i.Attributes.RecoverableDays,
-			RecoveryLevel:   (*string)(i.Attributes.RecoveryLevel),
-		},
-		ID:      i.Kid,
-		Name:    name,
-		Tags:    convertGeneratedMap(i.Tags),
-		Managed: i.Managed,
+		Properties:         keyPropertiesFromGenerated(i.Attributes, i.Kid, name, version, i.Managed, vaultURL, i.Tags),
+		ID:                 i.Kid,
+		Name:               name,
 	}
 }
 
@@ -483,27 +475,3 @@ type LifetimeActionsTrigger struct {
 	// Time before expiry to attempt to rotate or notify. It will be in ISO 8601 duration format. Example: 90 days : "P90D"
 	TimeBeforeExpiry *string `json:"timeBeforeExpiry,omitempty"`
 }
-
-func convertToGeneratedMap(m map[string]string) map[string]*string {
-	if m == nil {
-		return nil
-	}
-
-	ret := make(map[string]*string)
-	for k, v := range m {
-		ret[k] = &v
-	}
-	return ret
-}
-
-func convertGeneratedMap(m map[string]*string) map[string]string {
-	if m == nil {
-		return nil
-	}
-
-	ret := make(map[string]string)
-	for k, v := range m {
-		ret[k] = *v
-	}
-	return ret
-}