Key Vault merge-back after releasing from "Release/keyvault verify ch…

…allenge resource" branch (Azure#31058) * Reset changes to the patch version. * Updating the SDK dependencies for azure-security-keyvault-secrets * Reset changes to the patch version. * Updating the SDK dependencies for azure-security-keyvault-keys * Reset changes to the patch version. * Updating the SDK dependencies for azure-security-keyvault-administration * Reset changes to the patch version. * Updating the SDK dependencies for azure-security-keyvault-certificates * Added missing changes for sync stack in KeyVaultCredentialPolicy. * Verify challenge resource matches request domain (Azure#31045) * Updated KeyVaultCredentialPolicy to verify the challenge resource matches the request domain. * Updated JavaDoc. * Updated CHANGELOGs, READMEs and POMs. * Fixed CheckStyle issue. * Removed typo from CHANGELOG. * Added test for when `verifyChallengeResource` is set to `false`. * Added error message. * Changed `verifyChallengeResource()` (defaulted to `true`) to `disableChallengeResourceVerification()` (defaults to `false`) in client builders. Functionality remains unchanged. * Fixed JavaDoc error. * Changed `disableChallengeResourceVerification()` to take no args instead of a `boolean`. * Updated CHANGELOGs. * Updated CHANGELOG dates. * Removed JavaDoc references to KeyVaultCredentialPolicy. * Increment versions for keyvault releases (Azure#31054) Increment package versions for keyvault releases * Grabbed polling changes for KV Secrets from `main`. Co-authored-by: Azure SDK Bot <[email protected]>
moarychan · Sep 20, 2022 · 9998212 · 9998212
1 parent 3b90a81
commit 9998212
Show file tree

Hide file tree

Showing 62 changed files with 697 additions and 365 deletions.
diff --git a/common/smoke-tests/pom.xml b/common/smoke-tests/pom.xml
@@ -130,7 +130,7 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-secrets</artifactId>
-      <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
+      <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
     </dependency>
 
     <dependency>

diff --git a/eng/jacoco-test-coverage/pom.xml b/eng/jacoco-test-coverage/pom.xml
@@ -283,12 +283,12 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-administration</artifactId>
-      <version>4.1.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-administration;current} -->
+      <version>4.3.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-administration;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-certificates</artifactId>
-      <version>4.3.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-certificates;current} -->
+      <version>4.5.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-certificates;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
@@ -298,12 +298,12 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-keys</artifactId>
-      <version>4.4.7</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;current} -->
+      <version>4.6.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-secrets</artifactId>
-      <version>4.4.7</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;current} -->
+      <version>4.6.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>

diff --git a/eng/versioning/version_client.txt b/eng/versioning/version_client.txt
@@ -135,12 +135,12 @@ com.azure:azure-search-documents;11.5.0;11.6.0-beta.2
 com.azure:azure-search-perf;1.0.0-beta.1;1.0.0-beta.1
 com.azure:azure-security-attestation;1.1.6;1.2.0-beta.1
 com.azure:azure-security-confidentialledger;1.0.1;1.1.0-beta.1
-com.azure:azure-security-keyvault-administration;4.1.5;4.1.6
-com.azure:azure-security-keyvault-certificates;4.3.5;4.3.6
+com.azure:azure-security-keyvault-administration;4.2.0;4.3.0-beta.1
+com.azure:azure-security-keyvault-certificates;4.4.0;4.5.0-beta.1
 com.azure:azure-security-keyvault-jca;2.7.0;2.8.0-beta.1
 com.azure:azure-security-test-keyvault-jca;1.0.0;1.0.0
-com.azure:azure-security-keyvault-keys;4.4.6;4.4.7
-com.azure:azure-security-keyvault-secrets;4.4.6;4.4.7
+com.azure:azure-security-keyvault-keys;4.5.0;4.6.0-beta.1
+com.azure:azure-security-keyvault-secrets;4.5.0;4.6.0-beta.1
 com.azure:azure-security-keyvault-perf;1.0.0-beta.1;1.0.0-beta.1
 com.azure:azure-sdk-template;1.1.1234;1.2.2-beta.1
 com.azure:azure-sdk-template-two;1.0.0-beta.1;1.0.0-beta.1

diff --git a/sdk/aot/azure-aot-graalvm-samples/pom.xml b/sdk/aot/azure-aot-graalvm-samples/pom.xml
@@ -71,7 +71,7 @@
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-keyvault-keys</artifactId>
-            <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
+            <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>
@@ -82,12 +82,12 @@
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-keyvault-secrets</artifactId>
-            <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
+            <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-keyvault-certificates</artifactId>
-            <version>4.3.5</version> <!-- {x-version-update;com.azure:azure-security-keyvault-certificates;dependency} -->
+            <version>4.4.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-certificates;dependency} -->
         </dependency>
 
         <dependency>

diff --git a/sdk/appconfiguration/azure-spring-cloud-appconfiguration-config/pom.xml b/sdk/appconfiguration/azure-spring-cloud-appconfiguration-config/pom.xml
@@ -78,7 +78,7 @@
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-keyvault-secrets</artifactId>
-            <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
+            <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>

diff --git a/sdk/core/azure-core-tracing-opentelemetry/pom.xml b/sdk/core/azure-core-tracing-opentelemetry/pom.xml
@@ -125,7 +125,7 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-secrets</artifactId>
-      <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
+      <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;dependency} -->
       <scope>test</scope>
     </dependency>
     <dependency>

diff --git a/sdk/cosmos/azure-cosmos-benchmark/pom.xml b/sdk/cosmos/azure-cosmos-benchmark/pom.xml
@@ -171,7 +171,7 @@ Licensed under the MIT License.
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-keys</artifactId>
-      <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
+      <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
       <scope>compile</scope>
     </dependency>
   </dependencies>

diff --git a/sdk/cosmos/azure-cosmos-encryption/pom.xml b/sdk/cosmos/azure-cosmos-encryption/pom.xml
@@ -62,7 +62,7 @@ Licensed under the MIT License.
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-keys</artifactId>
-      <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
+      <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
       <scope>test</scope>
       <exclusions>
         <exclusion>

diff --git a/sdk/e2e/pom.xml b/sdk/e2e/pom.xml
@@ -44,17 +44,17 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-keys</artifactId>
-      <version>4.4.7</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;current} -->
+      <version>4.6.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-secrets</artifactId>
-      <version>4.4.7</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;current} -->
+      <version>4.6.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-secrets;current} -->
     </dependency>
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-certificates</artifactId>
-      <version>4.3.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-certificates;current} -->
+      <version>4.5.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-certificates;current} -->
     </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>

diff --git a/sdk/keyvault/azure-security-keyvault-administration/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-administration/CHANGELOG.md
@@ -1,12 +1,26 @@
 # Release History
 
-## 4.1.6 (2022-09-08)
+## 4.3.0-beta.1 (Unreleased)
+
+### Features Added
+
+### Breaking Changes
+
+### Bugs Fixed
+
+### Other Changes
+
+## 4.2.0 (2022-09-20)
+
+### Breaking Changes
+- Made it so that we verify that the challenge resource matches the vault domain by default. This should affect few customers who can use the `disableChallengeResourceVerification()` method in client builders to disable this functionality. See https://aka.ms/azsdk/blog/vault-uri for more information.
 
 ### Other Changes
 
 #### Dependency Updates
-- Upgraded `azure-core` dependency to `1.32.0`.
-- Upgraded `azure-core-http-netty` dependency to `1.12.5`.
+
+- Upgraded `azure-core` from `1.31.0` to version `1.32.0`.
+- Upgraded `azure-core-http-netty` from `1.12.4` to version `1.12.5`.
 
 ## 4.1.5 (2022-08-15)
 

diff --git a/sdk/keyvault/azure-security-keyvault-administration/README.md b/sdk/keyvault/azure-security-keyvault-administration/README.md
@@ -43,7 +43,7 @@ If you want to take dependency on a particular version of the library that is no
 <dependency>
     <groupId>com.azure</groupId>
     <artifactId>azure-security-keyvault-administration</artifactId>
-    <version>4.1.6</version>
+    <version>4.2.0</version>
 </dependency>
 ```
 [//]: # ({x-version-update-end})

diff --git a/sdk/keyvault/azure-security-keyvault-administration/pom.xml b/sdk/keyvault/azure-security-keyvault-administration/pom.xml
@@ -13,7 +13,7 @@
 
   <groupId>com.azure</groupId>
   <artifactId>azure-security-keyvault-administration</artifactId>
-  <version>4.1.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-administration;current} -->
+  <version>4.3.0-beta.1</version> <!-- {x-version-update;com.azure:azure-security-keyvault-administration;current} -->
 
   <name>Microsoft Azure client library for KeyVault Administration</name>
   <description>This module contains client library for Microsoft Azure KeyVault Administration.</description>
@@ -98,7 +98,7 @@
     <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-keys</artifactId>
-      <version>4.4.6</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
+      <version>4.5.0</version> <!-- {x-version-update;com.azure:azure-security-keyvault-keys;dependency} -->
       <scope>test</scope>
     </dependency>
     <dependency>

diff --git a/...n/java/com/azure/security/keyvault/administration/KeyVaultAccessControlClientBuilder.java b/...n/java/com/azure/security/keyvault/administration/KeyVaultAccessControlClientBuilder.java
@@ -95,6 +95,7 @@ public final class KeyVaultAccessControlClientBuilder implements
     private Configuration configuration;
     private ClientOptions clientOptions;
     private KeyVaultAdministrationServiceVersion serviceVersion;
+    private boolean disableChallengeResourceVerification = false;
 
     /**
      * Creates a {@link KeyVaultAccessControlClientBuilder} instance that is able to configure and construct
@@ -183,7 +184,7 @@ public KeyVaultAccessControlAsyncClient buildAsyncClient() {
         // Add retry policy.
         policies.add(ClientBuilderUtil.validateAndGetRetryPolicy(retryPolicy, retryOptions));
 
-        policies.add(new KeyVaultCredentialPolicy(credential));
+        policies.add(new KeyVaultCredentialPolicy(credential, disableChallengeResourceVerification));
 
         // Add per retry additional policies.
         policies.addAll(perRetryPolicies);
@@ -200,7 +201,9 @@ public KeyVaultAccessControlAsyncClient buildAsyncClient() {
     }
 
     /**
-     * Sets the URL to the Key Vault on which the client operates. Appears as "DNS Name" in the Azure portal.
+     * Sets the URL to the Key Vault on which the client operates. Appears as "DNS Name" in the Azure portal. You should
+     * validate that this URL references a valid Key Vault or Managed HSM resource.
+     * Refer to the following  <a href=https://aka.ms/azsdk/blog/vault-uri>documentation</a> for details.
      *
      * @param vaultUrl The vault URL is used as destination on Azure to send requests to.
      *
@@ -438,6 +441,18 @@ public KeyVaultAccessControlClientBuilder serviceVersion(KeyVaultAdministrationS
         return this;
     }
 
+    /**
+     * Disables verifying if the authentication challenge resource matches the Key Vault or Managed HSM domain. This
+     * verification is performed by default.
+     *
+     * @return The updated {@link KeyVaultAccessControlClientBuilder} object.
+     */
+    public KeyVaultAccessControlClientBuilder disableChallengeResourceVerification() {
+        this.disableChallengeResourceVerification = true;
+
+        return this;
+    }
+
     private URL getBuildEndpoint(Configuration configuration) {
         if (vaultUrl != null) {
             return vaultUrl;

diff --git a/...src/main/java/com/azure/security/keyvault/administration/KeyVaultBackupClientBuilder.java b/...src/main/java/com/azure/security/keyvault/administration/KeyVaultBackupClientBuilder.java
@@ -94,6 +94,7 @@ public final class KeyVaultBackupClientBuilder implements
     private Configuration configuration;
     private ClientOptions clientOptions;
     private KeyVaultAdministrationServiceVersion serviceVersion;
+    private boolean disableChallengeResourceVerification = false;
 
     /**
      * Creates a {@link KeyVaultBackupClientBuilder} instance that is able to configure and construct instances of
@@ -182,7 +183,7 @@ public KeyVaultBackupAsyncClient buildAsyncClient() {
         // Add retry policy.
         policies.add(ClientBuilderUtil.validateAndGetRetryPolicy(retryPolicy, retryOptions));
 
-        policies.add(new KeyVaultCredentialPolicy(credential));
+        policies.add(new KeyVaultCredentialPolicy(credential, disableChallengeResourceVerification));
 
         // Add per retry additional policies.
         policies.addAll(perRetryPolicies);
@@ -199,7 +200,9 @@ public KeyVaultBackupAsyncClient buildAsyncClient() {
     }
 
     /**
-     * Sets the URL to the Key Vault on which the client operates. Appears as "DNS Name" in the Azure portal.
+     * Sets the URL to the Key Vault on which the client operates. Appears as "DNS Name" in the Azure portal. You should
+     * validate that this URL references a valid Key Vault or Managed HSM resource.
+     * Refer to the following  <a href=https://aka.ms/azsdk/blog/vault-uri>documentation</a> for details.
      *
      * @param vaultUrl The vault URL is used as destination on Azure to send requests to.
      *
@@ -437,6 +440,18 @@ public KeyVaultBackupClientBuilder serviceVersion(KeyVaultAdministrationServiceV
         return this;
     }
 
+    /**
+     * Disables verifying if the authentication challenge resource matches the Key Vault or Managed HSM domain. This
+     * verification is performed by default.
+     *
+     * @return The updated {@link KeyVaultBackupClientBuilder} object.
+     */
+    public KeyVaultBackupClientBuilder disableChallengeResourceVerification() {
+        this.disableChallengeResourceVerification = true;
+
+        return this;
+    }
+
     private URL getBuildEndpoint(Configuration configuration) {
         if (vaultUrl != null) {
             return vaultUrl;