-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for encryption algorithms for symmetric keys #17209
Conversation
…pulated before attempting to perform any local cryptography operations on symmetric keys.
...ecurity-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
Outdated
Show resolved
Hide resolved
...lt-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
Outdated
Show resolved
Hide resolved
* authenticated crypto algorithms. | ||
* @param tag The tag to authenticate when performing decryption with an authenticated algorithm. | ||
*/ | ||
public CryptographyOptions(byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] tag) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it always the case that the user must create an instance of this type by providing all three of these byte arrays? Is it not possible to provide just one or two of these? If so, having setters is more appropriate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, see https://github.com/Azure/azure-sdk-for-net/blob/a42b92d26e9359a485fb6ec234b93146e9ff5b30/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/CryptographyClient.cs#L189 for what we did for .NET after some discussion with Scott and Krzysztof.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
// Create the cipher using the Provider if specified | ||
if (provider == null) { | ||
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); | ||
cipher = Cipher.getInstance("AES/CBC/NoPadding"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lusitanian should this be zero-padding? When we spoke about .NET, you said zero-padding was what the service was using.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...if this is right, I'll have to change .NET's implementation to NoPadding as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Going from the name only it made sense to me that we should not use padding for AES-CBC and use padding for AES-CBC-PAD. Is that not the case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I asked MHSM about it, the reply was that zero-padding seems to be closer. I'm honestly not sure. If you're writing tests, maybe try it against the service and see what it does with CBC vs CBCPAD.
...curity-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
Outdated
Show resolved
Hide resolved
|
||
// Create the cipher using the Provider if specified | ||
if (provider == null) { | ||
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be PKCS7 padding, though for 8-byte block sizes this should be equivalent. If PKCS7 is supported, it may be safer for future proofing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The javax.crypto.Cipher
class only provides support for PKCS5 :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that case, it shouldn't matter. /cc @schaabs to confirm my understanding.
...curity-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
Outdated
Show resolved
Hide resolved
...eys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
Outdated
Show resolved
Hide resolved
...keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
Outdated
Show resolved
Hide resolved
...keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
Outdated
Show resolved
Hide resolved
...t-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
Outdated
Show resolved
Hide resolved
@@ -27,21 +27,22 @@ | |||
this.serviceClient = serviceClient; | |||
} | |||
|
|||
abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context, JsonWebKey jsonWebKey); | |||
abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments about using the EncryptOptions
and similar should apply to the LocalCryptographyClient
. In fact, I'm just noticing this says "LocalKeyCryptographyClient". It should be "LocalCryptographyClient" (that's what we shipped for betas for .NET and JS).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, I see this isn't exposed. But I'll leave the comment here in case it still applies.
*/ | ||
public static final EncryptionAlgorithm A256CBC = fromString("A256CBC"); | ||
|
||
public static final EncryptionAlgorithm A256CBC_HS512 = fromString("A256CBC-HS512"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These aren't in the list to implement. Just AES-CBC, AES-CBCPAD, AES-KW, and AES-GCM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those were already made public in a previous release to provide feature-parity with the Track 1 SDK, I don't think we should remove them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood (.NET track 1 did too), but they aren't in the swagger. My understanding was that they were proposed and may indeed be implemented, but never made it into the public swaggers. @AlexGhiondea, @schaabs what do you think here? If we're going with parity with track 1, adding support for AES-HMAC using SHA2 makes sense, but are we doing that now?
* | ||
* @param iv Initialization vector for the decryption operation. | ||
*/ | ||
public AesCbcDecryptOptions(byte[] iv) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think these will be discoverable? In .NET, we waffled on classes like this vs. factories and opted for the latter for discoverability. Would htat work better here. You could, for example, mix that and builders by having a factory returning the right class that you can then set options, e.t.:
EncryptOptions
.createA128GcmOptions(iv, key)
.setAdditionalAuthenticationData(data);
I'm also wondering how they specify the key size with this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Key size is specified in the clients. For example:
CryptographyClient.encrypt(EncryptionAlgorithm algorithm, String plaintext, EncryptOptions options)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any thoughts on this @srnagar, @JonathanGiles?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since these are inputs to the API, how does the user know what are the available subtypes of EncryptOptions/DecryptOptions. In other places, we have used a type flag to switch between strongly typed sub-classes.
See example here:
https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/formrecognizer/azure-ai-formrecognizer/src/main/java/com/azure/ai/formrecognizer/models/FieldValue.java
@@ -357,15 +357,15 @@ private void initializeCryptoClients() { | |||
* @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}. | |||
*/ | |||
@ServiceMethod(returns = ReturnType.SINGLE) | |||
public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options) { | |||
public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EncryptOptions and DecryptOptions should be the only parameter. See https://apiview.dev/Assemblies/Review/d74052731cb94759804beaa492b7a17a#Azure.Security.KeyVault.Keys.Cryptography.LocalCryptographyClient for an example. This requires them passing the right pairs of arguments, where as what we did in .NET leads them to the right answer by design.
* authenticated crypto algorithms. | ||
* @param authenticationTag The tag to authenticate when performing decryption with an authenticated algorithm. | ||
*/ | ||
public DecryptOptions(byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This requires them knowing what to pass for which algorithms. This is not a good customer UX. Please see https://apiview.dev/Assemblies/Review/d74052731cb94759804beaa492b7a17a#Azure.Security.KeyVault.Keys.Cryptography.DecryptOptions. Perhaps a builder would be more idiomatic, but the overall concept is to make sure they can only provide relevant arguments that also dictates the algorithm, rather than pairing them together correctly. We can make crypto easier in our limited APIs (compared to general crypto provided in our respective frameworks).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will evaluate a different approach. Probably what you suggested here.
*/ | ||
public EncryptOptions(byte[] iv, byte[] additionalAuthenticatedData) { | ||
if (iv == null) { | ||
this.iv = null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See https://apiview.dev/Assemblies/Review/d74052731cb94759804beaa492b7a17a#Azure.Security.KeyVault.Keys.Cryptography.EncryptOptions. Where iv
is optional (default parameter value of null
), we should generate an appropriately long one. See https://github.com/Azure/azure-sdk-for-net/blob/275bad601e72a8e308a73aed621e838d1ae20e9b/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/EncryptOptions.cs#L171-L179 for how/when I did this (I call Initialize
from local and remote providers and let this class handle if and when it should generate an IV/nonce).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...generation of an IV could probably wait closer to GA, but I'd open a bug on that if you punt it for tracking.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do generate a random iv
of appropriate size depending on the EncryptionAlgorithm
, here's an example. Although, if the options types are going to also take the algorithm and plaintext/ciphertext we could move that here as well.
…e, as well as their children's, and made them have factory methods for creating the former to help with discoverability.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few changes required yet, but I'm signing off to unblock. Also, LocalKeyCryptographyClient
->LocalCryptographyClient
if you haven't GA'd it yet.
...eys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
Outdated
Show resolved
Hide resolved
Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) { | ||
Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null."); | ||
Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null."); | ||
Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: it's actually "plaintext" in crypto-speak.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After talking to @JonathanGiles, in this case he thinks is it's better we remain consistent with what's already been GA'd, given that the difference in capitalization does not make it confusing to understand what the terms refer to.
KeyOperationParameters parameters = new KeyOperationParameters() | ||
.setAlgorithm(algorithm) | ||
.setValue(plaintext) | ||
.setValue(encryptOptions.getPlainText()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On that note, I guess I missed this before, but just getPlaintext
(it's one word).
Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) { | ||
Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null."); | ||
Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null."); | ||
Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getCiphertext
(one word)
* @param iv Initialization vector for the decryption operation. | ||
* @return The updated {@link AesCbcDecryptOptions} object. | ||
*/ | ||
public AesCbcDecryptOptions setIv(byte[] iv) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
iv
in all cases should be generated with a cryptographically random generator. See https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/keyvault/Azure.Security.KeyVault.Keys/src/Cryptography/EncryptOptions.cs. If necessary, you could open an issue and do this for GA.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If not provided, it gets generated here.
*/ | ||
public AesGcmDecryptOptions setAuthenticationTag(byte[] authenticationTag) { | ||
if (authenticationTag == null) { | ||
this.authenticationTag = null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is required for GCM. Shouldn't this throw?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apparently the local Java implementation doesn't care about the contents but the size of the tag :S
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can still throw if it's null
.
* | ||
* @return The content to be encrypted. | ||
*/ | ||
public byte[] getCipherText() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned elsewhere, "Ciphertext" and "Plaintext".
if (iv == null) { | ||
return null; | ||
} else { | ||
return iv.clone(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You cloned to set this. Do you need to clone again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since array contents are not immutable we do not want to provide access to the original array.
if (iv == null) { | ||
return null; | ||
} else { | ||
return iv.clone(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clone again? Also, this needs to be generated at the proper size with a proper RNG if null.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If not provided, it gets generated here.
We have already GA'd a public |
Applied suggestions where possible. Some questions no longer apply.
* Added support for encryption AES encryption algorithms. * Added CryptographyOptions and ensured the initialization vector is populated before attempting to perform any local cryptography operations on symmetric keys. * Added APIs that accept CryptographyOptions to CryptographyClient. * Fixed Javadoc issues. * Fixed checkstyle issues. Added samples. * Added checkstyle exceptions. * Fixed test and spotbugs issues. * Applied PR feedback and added local tests. * Made the EncryptOptions and DecryptOptions constructor package-private, as well as their children's, and made them have factory methods for creating the former to help with discoverability. * Fixed build issues. * Changed EncryptOptions and DecryptOptions to use a factory model. * Added iv, additionalAuthenticatedDate and authenticationTag to EncryptResult. * Made `plainText` and `cipherText` all lowercase. * Reverted capitalization change. * Added null check for `iv` in local decryption.
* Added support for key export. (#17183) * Added support for exporting keys from an Azure Key Vault. * Removed ExportKeyOptions. * Fixed build error. * Added samples. * Fixed test issues. * Fixed samples issues. * Fixed checkstyle issues. * Fixed spotbugs issues. * Applied PR feedback: renamed KeyReleasePolicy to ReleasePolicy and removed it from KeyVaultKey. * Fixed spotbugs issues. * Added unit tests. * Renamed ReleasePolicy to KeyReleasePolicy. Added tests for creating an RSA key with publicExponent. * Added date for internal avro CHANGELOG (#17483) * Sync eng/common directory with azure-sdk-tools for PR 1188 (#17488) * Add debug flag to arm deployment command * Only set debug preference when $CI is true Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com> * Remove invalid characters in basename sourced from username (#17489) Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com> * FixOfConnectionStateListenerTest (#17481) * fix flakyness of connectionStateListener test Co-authored-by: Annie Liang <xinlian@microsoft.com> * Applied arch board feedback for Key Vault Administration (#17284) * Removed exposure of implementation package and any usage of KeyVaultErrorException from public APIs. * Renamed KeyVaultRoleAssignmentScope to KeyVaultRoleScope. Changed the name type from UUID to String in role assignment APIs. * Renamed APIs for re-hydrating LROs. * Added ServiceVersion support in the clients and their builders. Internally this will not be used until some changes in the code generation tool are applied. * Annotated read-only classes with @immutable. Added the "allowed" prefix to some KeyVaultPermission properties. Change the type of `startTime` and `endTime` in KeyVaultLongRunningOperation from Long to OffsetDateTime. * Changed the KeyVaultRoleScope enum from using URI to URL and added an overload that takes a the string representation of a URL. * Added overloads that allow passing a custom polling interval to LROs. * Removed the use of KeyVaultRoleAssignmentProperties in clients' public APIs in favor of using the `roleDefinitionId` and `servicePrincipalId` values directly. * Fixed Javadoc and test issues. * Fixed checkstyle issues. * Applied arch board meeting and PR feedback: * Renamed parameters containing the 'Uri' suffix to 'Url'. * Changed the type of `startTime` and `endTime` in the constructor of KeyVaultLongRunningOperation and its subtypes from `Long` to `OffsetDateTime`. * Removed unnecessary versions from KeyVaultAdministrationServiceVersion. Additional changes: * Renamed `scope` in KeyVaultRoleAssignment to `roleScope` to align with the access client APIs. * Polished Javadoc * Removed APIs to refresh LROs based on PR feedback. * Removed unused import in KeyVaultBackupAsyncClientTest. * Increment package version after release of com.azure azure-ai-metricsadvisor (#17456) * Sync eng/common directory with azure-sdk-tools for PR 1170 (#17276) * Added the preprocess scripts. * string array to string Co-authored-by: Sima Zhu <sizhu@microsoft.com> * suppress the runtime exception in the KeyVaultClient class (#17401) Co-authored-by: v-gaoh <v-gaoh@Microsoft.com> * End to End TLS SSL step #8 - Add support for PEM based certificates (#17019) * End to End TLS SSL - step #9 - add Azure AD authentication URL (#17074) * Added Azure AD authentication URL * Increment version for storage releases (#17485) * Add Invoke-DevOpsAPI.ps1, Add functions for Canceling and Listing Builds (#17178) Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com> * Change live test resource DeleteAfterHours tag to 8 hours (#17537) Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com> * add clientOptions for EventHubClientBuilder (#17519) - add clientOptions for EventHubClientBuilder * Increment Form Recognizer version post patch release 3.0.3 (#17540) * Prepare tables for October release (#17541) * store authorzied clients into http session (#17528) * Increment package version after release of com.azure azure-data-tables (#17545) * [TA] Merge Novermber patch to master branch (#17544) * cherry-pick 16c8d5d and dfdc8c6 * Added collapsible GA and Preview in each artifact. (#17041) * Added support for encryption algorithms for symmetric keys (#17209) * Added support for encryption AES encryption algorithms. * Added CryptographyOptions and ensured the initialization vector is populated before attempting to perform any local cryptography operations on symmetric keys. * Added APIs that accept CryptographyOptions to CryptographyClient. * Fixed Javadoc issues. * Fixed checkstyle issues. Added samples. * Added checkstyle exceptions. * Fixed test and spotbugs issues. * Applied PR feedback and added local tests. * Made the EncryptOptions and DecryptOptions constructor package-private, as well as their children's, and made them have factory methods for creating the former to help with discoverability. * Fixed build issues. * Changed EncryptOptions and DecryptOptions to use a factory model. * Added iv, additionalAuthenticatedDate and authenticationTag to EncryptResult. * Made `plainText` and `cipherText` all lowercase. * Sync eng/common directory with azure-sdk-tools for PR 1202 (#17547) * Add debugging link on resource deployment failures to log output * Update aka link for live test help docs. Use here string and empty throw. Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com> * Added small changes that missed PR #17209 (#17552) * Added support for encryption AES encryption algorithms. * Added CryptographyOptions and ensured the initialization vector is populated before attempting to perform any local cryptography operations on symmetric keys. * Added APIs that accept CryptographyOptions to CryptographyClient. * Fixed Javadoc issues. * Fixed checkstyle issues. Added samples. * Added checkstyle exceptions. * Fixed test and spotbugs issues. * Applied PR feedback and added local tests. * Made the EncryptOptions and DecryptOptions constructor package-private, as well as their children's, and made them have factory methods for creating the former to help with discoverability. * Fixed build issues. * Changed EncryptOptions and DecryptOptions to use a factory model. * Added iv, additionalAuthenticatedDate and authenticationTag to EncryptResult. * Made `plainText` and `cipherText` all lowercase. * Reverted capitalization change. * Added null check for `iv` in local decryption. * Key Vault Beta release CHANGELOG and README updates - November 2020 (#17553) * Updated CHANGELOGs for Beta releases of Key Vault Keys and Key Vault Administration. * Updated READMEs. * Updated the KV Administration CHANGELOG to abide by the guidelines. * [AppConfig] App config apply released v1.1.7 patch to master (#17548) * [AppConfig] Prepare for v1.1.7 patch release (#17534) * upgrade release version to 1.1.7 * Change the method of obtaining tokens from implicit flow to pkce (#17530) * Upgrade msal.js to a higher version to use PKCE. * [Communication] -Administration- Renaming the model from PhoneNumberSearch to PhoneNumberReservation (#17253) * Renaming from PhoneNumberSearch to PhoneNumberReservation * Renaming from PhoneNumberSearch to PhoneNumberReservation * Renaming from PhoneNumberSearch to PhoneNumberReservation * upadating readme samples * Renaming the model CreateSearchReponse and CreateSearchOptions * Fixing tests * Fixing tests * fixing typo un reservations * Add AppConfig and Event Hubs samples for using Monitor exporter (#17565) * Add AppConfig and Event Hubs samples for using exporters * Fix compiler warnings * Update sdk/monitor/microsoft-opentelemetry-exporter-azuremonitor/pom.xml * Update method names * Update amqp version post-1.7.0-beta.2 release (#17577) * Sync eng/common directory with azure-sdk-tools for PR 1153 (#17578) * Improve Update-ChangeLog Logic * Updates to ChangeLog-Operations.ps1, copy-docs-to-blobstorage.ps1, Invoke-GitHubAPI.ps1 and Package-Properties.ps1 * More changeLog Logic Improvements * Update date parsing Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com> * [Communication] -Administration- changing some createReservation from public to private (#17576) * changing some public methods * updating Reade file * Fixing Readme * November release changelog (#17571) * [Service Bus] Remove viaPartitionKey (#17501) * [Service Bus] Remove viaPartitionKey * Remove unused imports * Enable the del/rename files link check. (#17574) * update readme for sample and fix some question (#17587) * Add user name information when modifying todolist * Modify the configuration information in the readme * mgmt, improve readme in packages (#17251) * add sample name with "resource-server" (#17589) * change artifactId and module * Update LanguageSetting.ps1 (#17583) * Use BuildID to fix race ondition (#17459) * Sync eng/common directory with azure-sdk-tools for PR 1210 (#17579) * Cache created service principal for iteration Useful when testing changes over and over again without passing your own -TestApplicationId and -TestApplicationSecret. * Restore initial AzContext for New-TestResources * Make sure PSBoundParameters is correct Fixes #1177 Co-authored-by: Heath Stewart <heaths@microsoft.com> * [Communication] - Administration - Disable Jacoco Coverage Check (#17596) * Disable Adminiministrationg SDK coverage check * Adjusting min coverage checks * Adjusting min coverage checks * Adjusting min coverage checks Co-authored-by: Minnie Liu <peiliu@microsoft.com> * Fixed large file live test to add policy per call instead of per retry (#17593) Co-authored-by: gapra <gapra@microsoft.com> * fixes #17567 (#17588) Add new configuration item: azure.activedirectory.jwk-set-cache-refresh-time * [Communication] - SMS - Enabling SMS Live tests using Static Resources (#17599) * Enabling SMS Live tests * Clean up * Adding more variables * Fix SMS live test * Clean up unneeded module from SMS pom Co-authored-by: Minnie Liu <peiliu@microsoft.com> * Increment package version after release of com.azure azure-security-keyvault-administration (#17600) * User Oauth2 WebClient instead of msal to get groups from graph. (#17529) * User Oauth2 WebClient instead of msal to get groups from graph. * Increment key vault stable versions november 2020 (#17609) * Updated the latest KV stable versions * Corrected Key Vault Keys README version to the latest beta released. * Mgmt: generate attestation.v2020_10_01 (#17611) * add attestation/resource-manager * generate attestation/resource-manager 2020 10 * add ci and pom * remove unused configuration item (#17618) * remove unused properties * Fixed resource address in CosmosException. (#17279) * Fixed resource address in CosmosException. Added new API to expose regions contacted on CosmosDiagnostics * Fixed resource address in GATEWAY mode to have full physical address * Setting physical resource address in tests * [service bus] Use ServiceBusException rather than AmqpException and rename ReceiveMode to ServiceBusReceiveMode (#17601) ServiceBusException is basically a friendly envelope around an AmqpException. It's primary purpose is to give the user something simple they can try/catch that has a 'reason' code so they can programatically react to certain kinds of failures. Also, renaming ReceiveMode to ServiceBusReceiveMode. Fixes #17500 (exception type), #17555 (receive mode) * update CHANGELOG (#17620) - update Release history * update CHANGELOG (#17634) - update Release history * Mgmt: GA all resourcemanager packages (#17619) * Revert "Mgmt: GA azure, remove non-GA packages (#16499)" This reverts commit 2756f50. * fix spring cloud * fix compile error * update version * fix spotbugs * session record * update readme version * update Release history (#17646) - update release history * Increment package version after release of com.azure azure-security-keyvault-jca (#17644) * Adding basic FeedRanges API (#17570) * Initial draft of FeedRange artifacts * Iterating on FeedRange Apis * Adding public surface area * Adding FeedRange unit tests * Adding test FeedRangePKRangeId_GetEffectiveRangesAsync_Refresh * Adding test FeedRangePKRangeId_GetEffectiveRangesAsync_Null * Adding test feedRangeEPK_getPartitionKeyRangesAsync * Adding test feedRangePK_getPartitionKeyRangesAsync * Adding test feedRangePKRangeId_getPartitionKeyRangesAsync * Adding request visitor unit tests * Finishing FeedRange tests * Cleanup and prettifying * Prettifying feed range tests * Fixes and new test for Conatiner.getFeedRanges() * Addressing some SpotBug violations * Reacting to code review feedback * Update sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/feedranges/FeedRangeInternal.java Co-authored-by: Mohammad Derakhshani <moderakh@users.noreply.github.com> Co-authored-by: Mohammad Derakhshani <moderakh@users.noreply.github.com> * [BlobStorage] Reuse the http client configured in the provided HttpPipeline during BlobBatch construction. (#17627) * Reuse the http client configured in the provided HttpPipeline during BlobBatch construction. * Include change log notes. * Added ability to specify timeout unit in RequestRetryOptions (#17628) * Add Update-java-CIConfig (#17631) * Add Update-java-CIConfig * Switch from BuildNumber to BuildID for test release versions * Update EH versions to beta 2 (#17654) `5.4.0-beta.1` and `1.4.0-beta.1` versions were released for EH and checkpointstore earlier this week from a release branch. So, the auto version increment PR was not created against `master` branch. This PR is to update the versions in `master` branch. * Increment version for communication releases (#17608) * Increment package version after release of com.azure azure-communication-sms * Increment package version after release of com.azure azure-communication-administration * Increment package version after release of com.azure azure-communication-common * Increment package version after release of com.azure azure-communication-chat * [service bus] Update ServiceBusProcessor sample to demo how to write a long-running processor. (#17633) As part of the work to add in a ServiceBusErrorContext we also want to showcase how users can tease out the various errors that are reported. This PR updates the current processor sample to angle more towards how to keep a ServiceBusProcessor running long-term, including handling certain errors that _might_ be fatal (it's always up to the user to choose to terminate the processor). Fix for #17490 * [service bus] Migration guide changes for errors, api changes, etc... (#17656) Fixing some small stuff in the migration guide: - processor error handler has a different signature, need to use the session builder, etc.. - some syntax errors (variable called client, usage uses 'sender') - inconsistencies in some samples if they're pasted as is * Replace the invalid open source link with working one. (#17602) * Fixed bug where query params were being parsed incorrectly if an encoded comma was the query value (#17655) * [service bus] Updating connection strings in migration guide to be consistent with readme (#17662) Updating to the same string constant we use elsewhere in the SDK for samples. Completes #17656 * Sync eng/common directory with azure-sdk-tools for PR 1203 (#17674) * Refactoring artifact-metadata-parsing.ps1, update-docs-metadata.ps1, and create-tags-and-git-release.ps1 * Clean up common imports * Refactor Update-docs-ci.ps1 Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com> * Keep aad legacy code (#17664) * checkout jialin's commit and make build pass. * Change new property prefix from 'azure.activedirectory' to 'azure.active.directory'. * Add resource searching sample description (#17615) * Add resource searching sample description * Add From Source Test Run to Live Tests (#17584) * Add From Source test run to live tests * Add From Source to matrix * Amqp Message Update - API Change (#17464) 1. New Type AmqpMessageId ( Based on discussion from Clemens, dotnet had) 2. New Type AmqpAddress ( Based on discussion from Clemens, dotnet had) 3. Return type change in AmqpMessageProperties for above two new types. 3. Following changes are to keep consistency with dotnet and common prefix -> AmqpMessage A. Renamed AmqpDataBody to AmqpMessageBody (to be same name as in dotnet) B. Renamed AmqpBodyType to AmqpMessageBodyType (Same name in dotnet) 4. Added AmqpMessageBody .getFirstData () Based on team review 5. Returning IterableStream in AmqpMessageBody .getData () Based on team review 6. Removed Copy constructor AmqpAnnotatedMessage (matching with dotnet) and because it is servicebus specific . So moving this logic into servicebus * [Communication] - Chat - Replaced ChatUserCredentialPolicy with BearerTokenAuthenticationPolicy (#17452) * Replaced ChatUserCredentialPolicy with BearerTokenAuthenticationPolicy * Removed ChatUserCredentialPolicy * Added tests for CommunicationTokenCredential * [TA] Healthcare recognition and Analyze LRO (#17687) * [TA] CodeGen based on 3.1-preview.3 (#17182) - only codegen and fixes after codegen, there is no new implementation added. * [TA] Healthcare Analyze feature (#17234) * Added support for Healthcare Analyze and Cancellation endpoints * [TA] Regenerate the swagger v3.1-Preview.3 with latest autorest version (#17358) * regenerate with latest autorest and swagger, use 4.0.4 autorest to codegen instead of v4.0.2 * [TA] Add analyze tasks feature support (#17267) * Add analyze multiple tasks and update healthcare features. * Update test resource region to Central US for FormRecognizer (#17693) * Vijay receive message ttl fix (#17678) * Fixing a regresion in message converter. * Changing version number. * [TA] Prepare for November Release. (#17696) * no AAD but add note for what reason AAD is not working for healthcare * [service bus] Terminology clarification and small copy/paste errors in javadocs (#17691) * Add tracing support for Service Bus processor (#17684) * Add tracing support for SB processor * Make addContext packag-private * Resolve merge conflict * Updated the Key Vault CHANGELOGs to include past stable releases. (#17701) * Updated the Key Vault CHANGELOGs to include information about past stable releases. * Updated Keys README. * Increment package version after release of com.azure azure-ai-textanalytics (#17704) * Swtich back to smoke-test before doc publishing error gets fixed. (#17697) Co-authored-by: Sima Zhu <sizhu@microsoft.com> * Increment package version after release of com.azure azure-security-keyvault-keys (#17705) * Update '/eng/common/pipelines/templates/steps/create-pull-request.yml' to close test increment version pullrequests. (#17695) * remove plugins to restore source and javadoc jar (#17680) * Synapse: regenerate package-2019-06-01-preview (#17713) * regenerate synapse package-2019-06-01-preview * update version * fix compile errors * - update release history. (#17675) - update release history * Rename getAmqpAnnotatedMessage to getRawAmqpMessage (#17712) Rename getAmqpAnnotatedMessage to getRawAmqpMessage * Sync eng/common directory with azure-sdk-tools for PR 1219 (#17711) * Move entire docgeneration into common tools * Move docindex to common * Added the package replacement logic * Fixed on parameters * Fixed param * Change function to dash * Added regex on function * Added display name. * Update eng/common/docgeneration/Generate-DocIndex.ps1 Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> * Deal with js * Add no new line args * revert some test changes * Need to default to the double quotes for JS regex * Update Generate-DocIndex.ps1 * Added the appTitle * type Co-authored-by: Sima Zhu <sizhu@microsoft.com> Co-authored-by: Sima Zhu <48036328+sima-zhu@users.noreply.github.com> Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> * [Service Bus] Allow 0 prefetch and dynamically use batch size to request link credits (#17546) * Fix Connection Closing on Timeout (#17690) * Close connection when timeout occurs * Add CHANGELOG entry Co-authored-by: vcolin7 <vicolina@microsoft.com> Co-authored-by: Gauri Prasad <51212198+gapra-msft@users.noreply.github.com> Co-authored-by: Azure SDK Bot <53356347+azure-sdk@users.noreply.github.com> Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com> Co-authored-by: Annie Liang <64233642+xinlian12@users.noreply.github.com> Co-authored-by: Annie Liang <xinlian@microsoft.com> Co-authored-by: Sima Zhu <sizhu@microsoft.com> Co-authored-by: gaohan <1135494872@qq.com> Co-authored-by: v-gaoh <v-gaoh@Microsoft.com> Co-authored-by: Manfred Riem <manfred.riem@microsoft.com> Co-authored-by: Chidozie Ononiwu <chononiw@microsoft.com> Co-authored-by: zhihaoguo <zhihaoguo@microsoft.com> Co-authored-by: Sameeksha Vaity <savaity@microsoft.com> Co-authored-by: Brandon Siegel <96068+bsiegel@users.noreply.github.com> Co-authored-by: Yi Liu <yiliu6@microsoft.com> Co-authored-by: Shawn Fang <45607042+mssfang@users.noreply.github.com> Co-authored-by: Sima Zhu <48036328+sima-zhu@users.noreply.github.com> Co-authored-by: lzc-1997-abel <70368631+lzc-1997-abel@users.noreply.github.com> Co-authored-by: paola Mariana vicencio Hernandez <pvicencio@microsoft.com> Co-authored-by: Srikanta <51379715+srnagar@users.noreply.github.com> Co-authored-by: Jorge Beauregard <69869951+jbeauregardb@users.noreply.github.com> Co-authored-by: Ramya Rao <ramya.rao.a@outlook.com> Co-authored-by: Weidong Xu <weidxu@microsoft.com> Co-authored-by: Chidozie Ononiwu <31145988+chidozieononiwu@users.noreply.github.com> Co-authored-by: Heath Stewart <heaths@microsoft.com> Co-authored-by: minnieliu <minnieliu96@hotmail.com> Co-authored-by: Minnie Liu <peiliu@microsoft.com> Co-authored-by: gapra <gapra@microsoft.com> Co-authored-by: Jack Lu <dbqp99@msn.com> Co-authored-by: Rujun Chen <Rujun.Chen@microsoft.com> Co-authored-by: Tanyi Chen <tanchen@microsoft.com> Co-authored-by: Kushagra Thapar <kuthapar@microsoft.com> Co-authored-by: Richard Park <51494936+richardpark-msft@users.noreply.github.com> Co-authored-by: Fabian Meiswinkel <fabianm@microsoft.com> Co-authored-by: Francisco Fernández Castaño <francisco.fernandez.castano@gmail.com> Co-authored-by: M <v-moaryc@microsoft.com> Co-authored-by: Alan Zimmer <48699787+alzimmermsft@users.noreply.github.com> Co-authored-by: Hemant Tanwar <hemant_tanwar@hotmail.com> Co-authored-by: Vijaya Gopal Yarramneni <viyarr@microsoft.com> Co-authored-by: Chuang <54572251+xccc-msft@users.noreply.github.com> Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> Co-authored-by: Yijun Xie <48257664+YijunXieMS@users.noreply.github.com>
New review request for Microsoft.ContainerService to add version 2022-01-01 (Azure#17814) * Adds base for updating Microsoft.ContainerService from version stable/2021-10-01 to version 2022-01-01 * Updates readme * Updates API version in new specs and examples * Update readme to help generate SDK (Azure#17371) * update readme to help generate SDK * update readme * Support query parameter 'format' in listClusterUserCredential handler (Azure#17209) * Support query parameter 'format' in listClusterUserCredential handler * Add kubelogin to custom words * Fix enum lint * Fix typo * Fix typo * List admin credential should not have format parameter * Add adminUsers in aadprofile (Azure#17402) * Revert "Add adminUsers in aadprofile (Azure#17402)" (Azure#17523) This reverts commit 1d8f262848ad55df67f60321e2ccc1232c7f746b. * fix conflict (Azure#17623) Co-authored-by: Tongyao Si <tosi@microsoft.com>
Fixes #14805.
Tests are pending.