Add KeyVaultSettingsClient (Azure#31984)

* Add KeyVaultSettingsClient

* Prototype type-specific getters

Similar to JsonElement's methods.

* Resolve some architect feedback

* Change KeyVaultSetting design to mimic Form Recognizer

* --amend

* More changes to KeyVaultSetting from architects

Also re-recorded all the tests with 7.4-preview.1 and added more tests, completing Azure#31847.

* Update public API and samples

* Use absolute URLs for links

* Regenerate after rebase on main

* Resolve PR feedback

Author: heaths

sdk/keyvault/Azure.Security.KeyVault.Administration/CHANGELOG.md

@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- Added `KeyVaultSettingsClient` to get and update Managed HSM settings.
+
 ### Breaking Changes
 
 ### Bugs Fixed

sdk/keyvault/Azure.Security.KeyVault.Administration/api/Azure.Security.KeyVault.Administration.netstandard2.0.cs

@@ -11,6 +11,11 @@ public CreateOrUpdateRoleDefinitionOptions(Azure.Security.KeyVault.Administratio
         public string RoleName { get { throw null; } set { } }
         public Azure.Security.KeyVault.Administration.KeyVaultRoleScope RoleScope { get { throw null; } }
     }
+    public partial class GetSettingsResult
+    {
+        internal GetSettingsResult() { }
+        public System.Collections.Generic.IReadOnlyList<Azure.Security.KeyVault.Administration.KeyVaultSetting> Settings { get { throw null; } }
+    }
     public partial class KeyVaultAccessControlClient
     {
         protected KeyVaultAccessControlClient() { }
@@ -38,19 +43,21 @@ public KeyVaultAccessControlClient(System.Uri vaultUri, Azure.Core.TokenCredenti
     }
     public partial class KeyVaultAdministrationClientOptions : Azure.Core.ClientOptions
     {
-        public KeyVaultAdministrationClientOptions(Azure.Security.KeyVault.Administration.KeyVaultAdministrationClientOptions.ServiceVersion version = Azure.Security.KeyVault.Administration.KeyVaultAdministrationClientOptions.ServiceVersion.V7_3) { }
+        public KeyVaultAdministrationClientOptions(Azure.Security.KeyVault.Administration.KeyVaultAdministrationClientOptions.ServiceVersion version = Azure.Security.KeyVault.Administration.KeyVaultAdministrationClientOptions.ServiceVersion.V7_4_Preview_1) { }
         public bool DisableChallengeResourceVerification { get { throw null; } set { } }
         public Azure.Security.KeyVault.Administration.KeyVaultAdministrationClientOptions.ServiceVersion Version { get { throw null; } }
         public enum ServiceVersion
         {
             V7_2 = 1,
             V7_3 = 2,
+            V7_4_Preview_1 = 3,
         }
     }
     public static partial class KeyVaultAdministrationModelFactory
     {
         public static Azure.Security.KeyVault.Administration.KeyVaultBackupOperation BackupOperation(Azure.Response response, Azure.Security.KeyVault.Administration.KeyVaultBackupClient client, string id, System.Uri blobContainerUri, System.DateTimeOffset? startTime = default(System.DateTimeOffset?), System.DateTimeOffset? endTime = default(System.DateTimeOffset?), string errorMessage = null) { throw null; }
         public static Azure.Security.KeyVault.Administration.KeyVaultBackupResult BackupResult(System.Uri folderUri, System.DateTimeOffset startTime, System.DateTimeOffset endTime) { throw null; }
+        public static Azure.Security.KeyVault.Administration.GetSettingsResult GetSettingsResult(System.Collections.Generic.IEnumerable<Azure.Security.KeyVault.Administration.KeyVaultSetting> settings = null) { throw null; }
         public static Azure.Security.KeyVault.Administration.KeyVaultRoleAssignment KeyVaultRoleAssignment(string id = null, string name = null, string type = null, Azure.Security.KeyVault.Administration.KeyVaultRoleAssignmentProperties properties = null) { throw null; }
         public static Azure.Security.KeyVault.Administration.KeyVaultRoleAssignmentProperties KeyVaultRoleAssignmentProperties(Azure.Security.KeyVault.Administration.KeyVaultRoleScope? scope = default(Azure.Security.KeyVault.Administration.KeyVaultRoleScope?), string roleDefinitionId = null, string principalId = null) { throw null; }
         public static Azure.Security.KeyVault.Administration.KeyVaultRoleDefinition KeyVaultRoleDefinition(string id = null, string name = null, Azure.Security.KeyVault.Administration.KeyVaultRoleDefinitionType? type = default(Azure.Security.KeyVault.Administration.KeyVaultRoleDefinitionType?), string roleName = null, string description = null, Azure.Security.KeyVault.Administration.KeyVaultRoleType? roleType = default(Azure.Security.KeyVault.Administration.KeyVaultRoleType?), System.Collections.Generic.IEnumerable<Azure.Security.KeyVault.Administration.KeyVaultPermission> permissions = null, System.Collections.Generic.IEnumerable<Azure.Security.KeyVault.Administration.KeyVaultRoleScope> assignableScopes = null) { throw null; }
@@ -281,4 +288,43 @@ internal KeyVaultSelectiveKeyRestoreResult() { }
         public System.DateTimeOffset EndTime { get { throw null; } }
         public System.DateTimeOffset StartTime { get { throw null; } }
     }
+    public partial class KeyVaultSetting
+    {
+        public KeyVaultSetting(string name, bool value) { }
+        public string Name { get { throw null; } }
+        public Azure.Security.KeyVault.Administration.SettingType? Type { get { throw null; } }
+        public bool AsBoolean() { throw null; }
+        public string AsString() { throw null; }
+        public override string ToString() { throw null; }
+    }
+    public partial class KeyVaultSettingsClient
+    {
+        protected KeyVaultSettingsClient() { }
+        public KeyVaultSettingsClient(System.Uri vaultUri, Azure.Core.TokenCredential credential) { }
+        public KeyVaultSettingsClient(System.Uri vaultUri, Azure.Core.TokenCredential credential, Azure.Security.KeyVault.Administration.KeyVaultAdministrationClientOptions options) { }
+        public virtual System.Uri VaultUri { get { throw null; } }
+        public virtual Azure.Response<Azure.Security.KeyVault.Administration.KeyVaultSetting> GetSetting(string name, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.KeyVaultSetting>> GetSettingAsync(string name, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual Azure.Response<Azure.Security.KeyVault.Administration.GetSettingsResult> GetSettings(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.GetSettingsResult>> GetSettingsAsync(System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual Azure.Response<Azure.Security.KeyVault.Administration.KeyVaultSetting> UpdateSetting(Azure.Security.KeyVault.Administration.KeyVaultSetting setting, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual System.Threading.Tasks.Task<Azure.Response<Azure.Security.KeyVault.Administration.KeyVaultSetting>> UpdateSettingAsync(Azure.Security.KeyVault.Administration.KeyVaultSetting setting, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+    }
+    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
+    public readonly partial struct SettingType : System.IEquatable<Azure.Security.KeyVault.Administration.SettingType>
+    {
+        private readonly object _dummy;
+        private readonly int _dummyPrimitive;
+        public SettingType(string value) { throw null; }
+        public static Azure.Security.KeyVault.Administration.SettingType Boolean { get { throw null; } }
+        public bool Equals(Azure.Security.KeyVault.Administration.SettingType other) { throw null; }
+        [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        public override bool Equals(object obj) { throw null; }
+        [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        public override int GetHashCode() { throw null; }
+        public static bool operator ==(Azure.Security.KeyVault.Administration.SettingType left, Azure.Security.KeyVault.Administration.SettingType right) { throw null; }
+        public static implicit operator Azure.Security.KeyVault.Administration.SettingType (string value) { throw null; }
+        public static bool operator !=(Azure.Security.KeyVault.Administration.SettingType left, Azure.Security.KeyVault.Administration.SettingType right) { throw null; }
+        public override string ToString() { throw null; }
+    }
 }

sdk/keyvault/Azure.Security.KeyVault.Administration/samples/Sample1_BackupHelloWorldAsync.md

@@ -1,22 +1,22 @@
 # Performing a full key backup and restore (Async)
 
-This sample demonstrates how to a perform full key backup and restore in Azure Key Vault.
-To get started, you'll need a URI to an Azure Key Vault. See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions.
+This sample demonstrates how to a perform full key backup and restore in Azure Managed HSM.
+To get started, you'll need a URI to an Azure Managed HSM. See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions.
 
 ## Creating a KeyVaultBackupClient
 
-To create a new `KeyVaultBackupClient`, you'll need the endpoint to an Azure Key Vault and credentials.
+To create a new `KeyVaultBackupClient`, you'll need the endpoint to an Azure Managed HSM and credentials.
 You can use the [DefaultAzureCredential][DefaultAzureCredential] to try a number of common authentication methods optimized for both running as a service and development.
 
-In the sample below, you can set `keyVaultUrl` based on an environment variable, configuration setting, or any way that works for your application.
+In the sample below, you can set `managedHsmUrl` based on an environment variable, configuration setting, or any way that works for your application.
 
 ```C# Snippet:HelloCreateKeyVaultBackupClient
 KeyVaultBackupClient client = new KeyVaultBackupClient(new Uri(managedHsmUrl), new DefaultAzureCredential());
 ```
 
 ## Performing a full key backup
 
-Using the `KeyVaultBackupClient`, you can back up your entire collection of keys. The backing store for full key backups is a blob storage container using Shared Access Signature authentication. 
+Using the `KeyVaultBackupClient`, you can back up your entire collection of keys. The backing store for full key backups is a blob storage container using Shared Access Signature authentication.
 For more details on creating a SAS token using the `BlobServiceClient`, see the [Azure Storage Blobs client README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/README.md) and the [authentication samples](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/samples/Sample02_Auth.cs).
 Alternatively, it is possible to [generate a SAS token in Storage Explorer](https://docs.microsoft.com/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows#generate-a-shared-access-signature-in-storage-explorer)
 
@@ -44,7 +44,7 @@ Uri folderUri = backupResult.Value.FolderUri;
 
 ## Performing a full key restore
 
-Using the `KeyVaultBackupClient`, you can restore your entire collection of keys from backup. The data source for full key restore is a storage blob accessed using Shared Access Signature authentication. 
+Using the `KeyVaultBackupClient`, you can restore your entire collection of keys from backup. The data source for full key restore is a storage blob accessed using Shared Access Signature authentication.
 For more details on creating a SAS token using the `BlobServiceClient`, see the [Azure Storage Blobs client README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/README.md) and the [authentication samples](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/samples/Sample02_Auth.cs).
 Alternatively, it is possible to [generate a SAS token in Storage Explorer](https://docs.microsoft.com/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows#generate-a-shared-access-signature-in-storage-explorer)
 

sdk/keyvault/Azure.Security.KeyVault.Administration/samples/Sample1_BackupHelloWorldSync.md

@@ -1,22 +1,22 @@
 # Performing a full key backup and restore (Sync)
 
-This sample demonstrates how to perform a full key backup and restore in Azure Key Vault.
-To get started, you'll need a URI to an Azure Key Vault. See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions.
+This sample demonstrates how to perform a full key backup and restore in Azure Managed HSM.
+To get started, you'll need a URI to an Azure Managed HSM. See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions.
 
 ## Creating a KeyVaultBackupClient
 
-To create a new `KeyVaultBackupClient`, you'll need the endpoint to an Azure Key Vault and credentials.
+To create a new `KeyVaultBackupClient`, you'll need the endpoint to an Azure Managed HSM and credentials.
 You can use the [DefaultAzureCredential][DefaultAzureCredential] to try a number of common authentication methods optimized for both running as a service and development.
 
-In the sample below, you can set `keyVaultUrl` based on an environment variable, configuration setting, or any way that works for your application.
+In the sample below, you can set `managedHsmUrl` based on an environment variable, configuration setting, or any way that works for your application.
 
 ```C# Snippet:HelloCreateKeyVaultBackupClient
 KeyVaultBackupClient client = new KeyVaultBackupClient(new Uri(managedHsmUrl), new DefaultAzureCredential());
 ```
 
 ## Performing a full key backup
 
-Using the `KeyVaultBackupClient`, you can back up your entire collection of keys. The backing store for full key backups is a blob storage container using Shared Access Signature authentication. 
+Using the `KeyVaultBackupClient`, you can back up your entire collection of keys. The backing store for full key backups is a blob storage container using Shared Access Signature authentication.
 For more details on creating a SAS token using the `BlobServiceClient`, see the [Azure Storage Blobs client README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/README.md) and the [authentication samples](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/samples/Sample02_Auth.cs).
 Alternatively, it is possible to [generate a SAS token in Storage Explorer](https://docs.microsoft.com/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows#generate-a-shared-access-signature-in-storage-explorer)
 
@@ -48,7 +48,7 @@ Uri folderUri = backupOperation.Value.FolderUri;
 
 ## Performing a full key restore
 
-Using the `KeyVaultBackupClient`, you can restore your entire collection of keys from backup. The data source for full key restore is a storage blob accessed using Shared Access Signature authentication. 
+Using the `KeyVaultBackupClient`, you can restore your entire collection of keys from backup. The data source for full key restore is a storage blob accessed using Shared Access Signature authentication.
 For more details on creating a SAS token using the `BlobServiceClient`, see the [Azure Storage Blobs client README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/README.md) and the [authentication samples](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/samples/Sample02_Auth.cs).
 Alternatively, it is possible to [generate a SAS token in Storage Explorer](https://docs.microsoft.com/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows#generate-a-shared-access-signature-in-storage-explorer)
 

sdk/keyvault/Azure.Security.KeyVault.Administration/samples/Sample1_RbacHelloWorldAsync.md

@@ -1,14 +1,14 @@
 # Creating, getting, and deleting role assignments (Async)
 
-This sample demonstrates how to create, get, and delete role assignments in Azure Key Vault.
-To get started, you'll need a URI to an Azure Key Vault. See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions.
+This sample demonstrates how to create, get, and delete role assignments in Azure Managed HSM.
+To get started, you'll need a URI to an Azure Managed HSM. See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions.
 
 ## Creating a KeyVaultAccessControlClient
 
-To create a new `KeyVaultAccessControlClient` to create, get, or delete role assignments, you need the endpoint to an Azure Key Vault and credentials.
+To create a new `KeyVaultAccessControlClient` to create, get, or delete role assignments, you need the endpoint to an Azure Managed HSM and credentials.
 You can use the [DefaultAzureCredential][DefaultAzureCredential] to try a number of common authentication methods optimized for both running as a service and development.
 
-In the sample below, you can set `keyVaultUrl` based on an environment variable, configuration setting, or any way that works for your application.
+In the sample below, you can set `managedHsmUrl` based on an environment variable, configuration setting, or any way that works for your application.
 
 ```C# Snippet:HelloCreateKeyVaultAccessControlClient
 KeyVaultAccessControlClient client = new KeyVaultAccessControlClient(new Uri(managedHsmUrl), new DefaultAzureCredential());
@@ -46,7 +46,8 @@ A role definition Id can be obtained from the `Id` property of one of the role d
 
 See the [README](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/keyvault/Azure.Security.KeyVault.Administration/README.md) for links and instructions on how to generate a new service principal and obtain it's object Id.
 You can also get the object Id for your currently signed in account by running the following [Azure CLI][azure_cli] command.
-```
+
+```PowerShell
 az ad signed-in-user show --query objectId
 ```
 
@@ -66,6 +67,7 @@ KeyVaultRoleAssignment fetchedAssignment = await client.GetRoleAssignmentAsync(K
 ```
 
 ## Deleting a Role Assignment
+
 To remove a role assignment from a service principal, the role assignment must be deleted. Let's delete the `createdAssignment` from the previous example.
 
 ```C# Snippet:DeleteRoleAssignmentAsync