Enhanced Key Vault Certificate Download and AAD SP Integration #3003

devigned · 2017-04-26T15:38:35Z

Quick update to the docs for --cert
Change az keyvault certificate download to better reflect the encoding options (PEM and DER).

$ az keyvault certificate download -h

Command
    az keyvault certificate download: Download a certificate from a KeyVault.

Arguments
    --file -f    [Required]: File to receive the binary certificate contents.
    --name -n    [Required]: Name of the certificate.
    --vault-name [Required]: Name of the key vault.
    --encoding -e          : Encoding of the certificate. DER will create a binary DER formatted
                             x509 certificate, and PEM will create a base64 PEM x509 certificate.
                             Allowed values: DER, PEM.  Default: PEM.
    --version -v           : The certificate version. If omitted, uses the latest version.

Global Arguments
    --debug                : Increase logging verbosity to show all debug logs.
    --help -h              : Show this help message and exit.
    --output -o            : Output format.  Allowed values: json, jsonc, table, tsv.  Default:
                             json.
    --query                : JMESPath query string. See http://jmespath.org/ for more information
                             and examples.
    --verbose              : Increase logging verbosity. Use --debug for full debug logs.

Usage:

$ az keyvault certificate download --vault-name level1osip9 -n sp-cert-level1 -f cert.crt -e DER
$ openssl x509 -in cert.crt -inform DER  -noout -sha1 -fingerprint
SHA1 Fingerprint=B6:5E:A6:A3:F7:19:EB:E8:BD:83:45:3D:A7:16:5C:A9:65:3F:51:5E
$ az keyvault certificate download --vault-name level1osip9 -n sp-cert-level1 -f cert.pem
$ openssl x509 -in cert.pem -inform PEM  -noout -sha1 -fingerprint
SHA1 Fingerprint=B6:5E:A6:A3:F7:19:EB:E8:BD:83:45:3D:A7:16:5C:A9:65:3F:51:5E

yugangw-msft

Please fix the style check error and merge

tjprescott

LGTM. A couple very minor changes but otherwise I think it will be a big improvement.

tjprescott · 2017-04-26T23:49:03Z

src/command_modules/azure-cli-keyvault/HISTORY.rst

@@ -6,6 +6,7 @@ Release History
 unreleased
 ++++++++++++++++++++

+* Change `az keyvault certificate download` to better reflect the encoding options (PEM and DER).


Since these options have changed, this is a breaking change, so please label it BC.

tjprescott · 2017-04-26T23:49:47Z

src/command_modules/azure-cli-keyvault/azure/cli/command_modules/keyvault/_params.py

@@ -73,6 +73,7 @@ def completer(prefix, action, parsed_args, **kwargs): # pylint: disable=unused-a
 json_web_key_op_values = ', '.join([x.value for x in JsonWebKeyOperation])
 secret_encoding_values = secret_text_encoding_values + secret_binary_encoding_values
 certificate_file_encoding_values = ['binary', 'string']


You can delete this since it's no longer used.

tjprescott · 2017-04-26T23:53:56Z

src/command_modules/azure-cli-role/azure/cli/command_modules/role/custom.py

@@ -506,7 +513,8 @@ def create_service_principal_for_rbac(
    '''create a service principal and configure its access to Azure resources
    :param str name: a display name or an app id uri. Command will generate one if missing.
    :param str password: the password used to login. If missing, command will generate one.
-    :param str cert: PEM formatted public certificate. Do not include private key info.
+    :param str cert: string or @file_path PEM formatted public certificate. Do not include private


Recommend this for consistency for where this is used elsewhere:

PEM formatted public certificate using JSON string or `@<file path>` to load from a file.

codecov-io · 2017-04-27T16:58:55Z

Codecov Report

Merging #3003 into master will decrease coverage by 0.07%.
The diff coverage is 46%.

@@            Coverage Diff            @@
##           master   #3003      +/-   ##
=========================================
- Coverage   63.17%   63.1%   -0.08%     
=========================================
  Files         484     484              
  Lines       27582   27621      +39     
  Branches     4276    4280       +4     
=========================================
+ Hits        17426   17431       +5     
- Misses       9002    9034      +32     
- Partials     1154    1156       +2

Impacted Files	Coverage Δ
...e-cli-role/azure/cli/command_modules/role/_help.py	`100% <ø> (ø)`	⬆️
...cli-role/azure/cli/command_modules/role/_params.py	`100% <100%> (ø)`	⬆️
...ault/azure/cli/command_modules/keyvault/_params.py	`86.15% <100%> (ø)`	⬆️
...yvault/azure/cli/command_modules/keyvault/_help.py	`100% <100%> (ø)`	⬆️
src/azure-cli-core/azure/cli/core/util.py	`67.16% <33.33%> (-0.27%)`	⬇️
...-cli-role/azure/cli/command_modules/role/custom.py	`35.74% <34.28%> (-0.8%)`	⬇️
...vault/azure/cli/command_modules/keyvault/custom.py	`67.55% <71.42%> (-0.19%)`	⬇️
...li-core/azure/cli/core/test_utils/vcr_test_base.py	`69.18% <0%> (-1.41%)`	⬇️
...torage/azure/cli/command_modules/storage/custom.py	`82.2% <0%> (-1.28%)`	⬇️
...e/azure/cli/command_modules/storage/_validators.py	`54.4% <0%> (-1.13%)`	⬇️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d1aafb2...00a4f2d. Read the comment docs.

tjprescott · 2017-04-27T17:24:37Z

Still LGTM. Feel free to merge when you are happy 😁

devigned requested a review from yugangw-msft April 26, 2017 15:38

msftclas added the cla-not-required label Apr 26, 2017

devigned changed the title ~~provide better cert docs~~ Enhanced --cert docs for az ad sp create-for-rbac Apr 26, 2017

yugangw-msft approved these changes Apr 26, 2017

View reviewed changes

devigned changed the title ~~Enhanced --cert docs for az ad sp create-for-rbac~~ Enhanced Key Vault Certificate Download and AAD SP Integration Apr 26, 2017

devigned requested a review from tjprescott April 26, 2017 23:06

tjprescott suggested changes Apr 26, 2017

View reviewed changes

devigned added 2 commits April 27, 2017 08:44

provide better cert docs

7ee49ba

improve keyvault certificate download

0392afe

devigned force-pushed the ad-sp-doc branch from 27c2bf7 to 0392afe Compare April 27, 2017 15:54

incorporate pr feedback

1ed7836

tjprescott approved these changes Apr 27, 2017

View reviewed changes

devigned added 3 commits April 27, 2017 09:36

added examples and long summary to cert dl

07c41cc

fix rbac mock test with x509 cert

33301ec

add example of using key vault with create-for-rbac

0ed027a

forgot an @symbol for the file path

00a4f2d

devigned merged commit 0184a16 into Azure:master Apr 27, 2017

devigned deleted the ad-sp-doc branch April 27, 2017 18:25

haroldrandom added the cla-not-required label Oct 25, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhanced Key Vault Certificate Download and AAD SP Integration #3003

Enhanced Key Vault Certificate Download and AAD SP Integration #3003

devigned commented Apr 26, 2017 •

edited

yugangw-msft left a comment

tjprescott left a comment

tjprescott Apr 26, 2017

tjprescott Apr 26, 2017

tjprescott Apr 26, 2017

codecov-io commented Apr 27, 2017 •

edited

tjprescott commented Apr 27, 2017

Enhanced Key Vault Certificate Download and AAD SP Integration #3003

Enhanced Key Vault Certificate Download and AAD SP Integration #3003

Conversation

devigned commented Apr 26, 2017 • edited

yugangw-msft left a comment

Choose a reason for hiding this comment

tjprescott left a comment

Choose a reason for hiding this comment

tjprescott Apr 26, 2017

Choose a reason for hiding this comment

tjprescott Apr 26, 2017

Choose a reason for hiding this comment

tjprescott Apr 26, 2017

Choose a reason for hiding this comment

codecov-io commented Apr 27, 2017 • edited

Codecov Report

tjprescott commented Apr 27, 2017

devigned commented Apr 26, 2017 •

edited

codecov-io commented Apr 27, 2017 •

edited