KeyVault library returns less number of fields when compared to PowerShell command #15008
Description
- Package Name: azure-mgmt-keyvault
- Package Version: 8.0.0
- Operating System: MacOS Catalina (10.15.6)
- Python Version: 3.8.6
Describe the bug
When querying the API to get the metadata for a KeyVault via python, the access policies does not show the DisplayName which tells what person/AD group has access. While the fields returned by powershell package which shows the identifier(DisplayName) in windows using command - Get-AzKeyVault -VaultName 'abc'
All the other fields are the same but this is a missing field.
To Reproduce
Steps to reproduce the behavior:
- Code for python -
from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.identity import UsernamePasswordCredential
from pprint import pprint
credentials = UserPassCredentials(username=os.getenv('AZURE_USERNAME'), password=os.getenv('AZURE_PASSWORD'))
Key_Vault_Management_Client = KeyVaultManagementClient(credential=credentials,
subscription_id="abc")
key_vault_iterator = Key_Vault_Management_Client.vaults.list_by_resource_group(resource_group_name = "r_group_name")
key_vault_list = [key_vault.as_dict() for key_vault in key_vault_iterator]
pprint(key_vault_list[0])
- Code for powershell -
Get-AzKeyVault -VaultName 'abc'
Expected behavior
The expected output would be to get the same fields from both the mechanisms, while most of the returned output is same one key difference is the Displayname and Application ID in the access policy (these fields are extra in powershell). Please see the example output(modified to remove some identifiers)
Python -
{'id': '/subscriptions/subscription_id/resourceGroups/r_group_name/providers/Microsoft.KeyVault/vaults/abc',
'location': 'eastus2',
'name': 'abc',
'properties': {'access_policies': [{'object_id': 'Object_ID',
'permissions': {'certificates': ['Get',
'List',
'Update',
'Create',
'Import',
'Delete',
'Recover',
'Backup',
'Restore',
'ManageContacts',
'ManageIssuers',
'GetIssuers',
'ListIssuers',
'SetIssuers',
'DeleteIssuers',
'Purge'],
'keys': ['Get',
'List',
'Update',
'Create',
'Import',
'Delete',
'Recover',
'Backup',
'Restore',
'Purge'],
'secrets': ['Get',
'List',
'Set',
'Delete',
'Recover',
'Backup',
'Restore',
'Purge'],
'storage': []},
'tenant_id': 'Tenant_ID'},
{'object_id': 'Object_ID_2',
'permissions': {'certificates': [],
'keys': ['WrapKey',
'UnwrapKey',
'Get'],
'secrets': [],
'storage': []},
'tenant_id': 'Tenant_ID'},
{'object_id': 'Object_ID_3',
'permissions': {'certificates': [],
'keys': ['Get',
'List',
'Update',
'Create',
'Import',
'Delete',
'Recover',
'Backup',
'Restore',
'Decrypt',
'Encrypt',
'UnwrapKey',
'WrapKey',
'Verify',
'Sign'],
'secrets': ['Get',
'List',
'Set',
'Delete',
'Recover',
'Backup',
'Restore'],
'storage': []},
'tenant_id': 'Tenant_ID'}],
'enable_purge_protection': True,
'enable_rbac_authorization': False,
'enable_soft_delete': True,
'enabled_for_deployment': False,
'enabled_for_disk_encryption': False,
'enabled_for_template_deployment': False,
'network_acls': {'bypass': 'AzureServices',
'default_action': 'Deny',
'ip_rules': [{'value': '192.168.236.128/25'},
{'value': '192.168.242.16/28'}],
'virtual_network_rules': [{'id': '/subscriptions/id/resourcegroups/xxx/microsoft.network/virtualnetworks/xxx-vnet/subnets/xxx'}]},
'sku': {'family': 'A', 'name': 'premium'},
'tenant_id': 'Tenant_ID',
'vault_uri': 'https://abc.vault.azure.net/'},
'type': 'Microsoft.KeyVault/vaults'}
Powershell -
Vault Name : abc
Resource Group Name : r_group_name
Location : eastus2
Resource ID : /subscriptions/subscription_id/resourceGroups/r_group_name/providers/Microsoft.KeyVault/vaults/abc
Vault URI : https://abc.vault.azure.net/
Tenant ID : Tenant_ID
SKU : Premium
Enabled For Deployment? : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : Tenant_ID
Object ID : Object_ID
Application ID :
Display Name : Name_of_person
Permissions to Keys : Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, Purge
Permissions to Secrets : Get, List, Set, Delete, Recover, Backup, Restore, Purge
Permissions to Certificates : Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, ManageContacts, ManageIssuers, GetIssuers, ListIssuers, SetIssuers, DeleteIssuers,
Purge
Permissions to (Key Vault Managed) Storage :
Tenant ID : Tenant_ID
Object ID : Object_ID_2
Application ID :
Display Name : Name_of_person
Permissions to Keys : WrapKey, UnwrapKey, Get
Permissions to Secrets :
Permissions to Certificates :
Permissions to (Key Vault Managed) Storage :
Tenant ID : Tenant_ID
Object ID : Object_ID_3
Application ID :
Display Name : AD_Group
Permissions to Keys : Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, Decrypt, Encrypt, UnwrapKey, WrapKey, Verify, Sign
Permissions to Secrets : Get, List, Set, Delete, Recover, Backup, Restore
Permissions to Certificates :
Permissions to (Key Vault Managed) Storage :
Network Rule Set :
Default Action : Deny
Bypass : AzureServices
IP Rules : 192.168.242.16/28, 192.168.236.128/25
Virtual Network Rules : /subscriptions/id/resourcegroups/xxx/microsoft.network/virtualnetworks/xxx-vnet/subnets/xxx
Metadata
Metadata
Assignees
Labels
This issue is related to a management-plane library.Issues that are reported by GitHub users external to the Azure organization.Workflow: The Azure SDK team believes it to be addressed and ready to close.The issue doesn't require a change to the product in order to be resolved. Most issues start as that