def test_example_backup_and_restore(self, container_uri, sas_token):
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)

        # [START begin_backup]
        # begin a vault backup
        backup_poller = backup_client.begin_backup(container_uri, sas_token)

        # check if the backup completed
        done = backup_poller.done()

        # block until the backup completes
        # result() returns an object with a URL of the backup
        backup_operation = backup_poller.result()
        # [END begin_backup]

        folder_url = backup_operation.folder_url

        # [START begin_restore]
        # begin a full vault restore
        restore_poller = backup_client.begin_restore(folder_url, sas_token)

        # check if the restore completed
        done = backup_poller.done()

        # wait for the restore to complete
        restore_poller.wait()
def test_continuation_token():
    """Methods returning pollers should accept continuation tokens"""

    expected_token = "token"
    mock_generated_client = mock.Mock()

    backup_client = KeyVaultBackupClient("vault-url", object())
    backup_client._client = mock_generated_client
    backup_client.begin_full_restore("storage uri",
                                     "sas",
                                     "folder",
                                     continuation_token=expected_token)
    backup_client.begin_full_backup("storage uri",
                                    "sas",
                                    continuation_token=expected_token)
    backup_client.begin_selective_restore("storage uri",
                                          "sas",
                                          "folder",
                                          "key",
                                          continuation_token=expected_token)

    for method in ("begin_full_backup", "begin_full_restore_operation",
                   "begin_selective_key_restore_operation"):
        mock_method = getattr(mock_generated_client, method)
        assert mock_method.call_count == 1
        _, kwargs = mock_method.call_args
        assert kwargs["continuation_token"] == expected_token
Beispiel #3
0
    def test_full_backup_and_restore(self, container_uri, sas_token):
        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)
        backup_poller = backup_client.begin_backup(container_uri, sas_token)
        backup_operation = backup_poller.result()
        assert backup_operation.folder_url

        # restore the backup
        restore_poller = backup_client.begin_restore(
            backup_operation.folder_url, sas_token)
        restore_poller.wait()
    def test_full_backup_and_restore(self, container_uri, sas_token):
        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential)
        backup_poller = backup_client.begin_full_backup(container_uri, sas_token)
        backup_operation = backup_poller.result()
        assert_successful_operation(backup_operation)

        # restore the backup
        folder_name = backup_operation.azure_storage_blob_container_uri.split("/")[-1]
        restore_poller = backup_client.begin_full_restore(container_uri, sas_token, folder_name)
        restore_operation = restore_poller.result()
        assert_successful_operation(restore_operation)
Beispiel #5
0
    def test_full_backup_and_restore(self, container_uri, sas_token):
        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential)
        backup_poller = backup_client.begin_backup(container_uri, sas_token)

        # check backup status and result
        job_id = backup_poller.polling_method().resource().job_id
        backup_status = backup_client.get_backup_status(job_id)
        assert_in_progress_operation(backup_status)
        backup_operation = backup_poller.result()
        assert_successful_operation(backup_operation)
        backup_status = backup_client.get_backup_status(job_id)
        assert_successful_operation(backup_status)

        # restore the backup
        restore_poller = backup_client.begin_restore(backup_status.folder_url, sas_token)

        # check restore status and result
        job_id = restore_poller.polling_method().resource().job_id
        restore_status = backup_client.get_restore_status(job_id)
        assert_in_progress_operation(restore_status)
        restore_operation = restore_poller.result()
        assert_successful_operation(restore_operation)
        restore_status = backup_client.get_restore_status(job_id)
        assert_successful_operation(restore_status)
Beispiel #6
0
def data_plane_azure_keyvault_administration_backup_client(
        cli_ctx, command_args):
    from azure.keyvault.administration import KeyVaultBackupClient

    vault_url, credential, version = _prepare_data_plane_azure_keyvault_client(
        cli_ctx, command_args,
        ResourceType.DATA_KEYVAULT_ADMINISTRATION_BACKUP)
    return KeyVaultBackupClient(vault_url=vault_url,
                                credential=credential,
                                api_version=version)
    def test_selective_key_restore(self, container_uri, sas_token):
        # create a key to selectively restore
        key_client = KeyClient(self.managed_hsm["url"], self.credential)
        key_name = self.get_resource_name("selective-restore-test-key")
        key_client.create_rsa_key(key_name)

        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential)
        backup_poller = backup_client.begin_full_backup(container_uri, sas_token)
        backup_operation = backup_poller.result()
        assert_successful_operation(backup_operation)

        # restore the key
        folder_name = backup_operation.azure_storage_blob_container_uri.split("/")[-1]
        restore_poller = backup_client.begin_selective_restore(container_uri, sas_token, folder_name, key_name)
        restore_operation = restore_poller.result()
        assert_successful_operation(restore_operation)

        key_client.begin_delete_key(key_name).wait()
        key_client.purge_deleted_key(key_name)
Beispiel #8
0
    def test_full_backup_and_restore_rehydration(self, container_uri,
                                                 sas_token):
        if not self.is_live:
            pytest.skip(
                "Poller requests are incompatible with vcrpy in playback")

        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)
        backup_poller = backup_client.begin_backup(container_uri, sas_token)

        # create a new poller from a continuation token
        token = backup_poller.continuation_token()
        rehydrated = backup_client.begin_backup(container_uri,
                                                sas_token,
                                                continuation_token=token)

        rehydrated_operation = rehydrated.result()
        assert rehydrated_operation.folder_url
        backup_operation = backup_poller.result()
        assert backup_operation.folder_url == rehydrated_operation.folder_url

        # restore the backup
        restore_poller = backup_client.begin_restore(
            backup_operation.folder_url, sas_token)

        # create a new poller from a continuation token
        token = restore_poller.continuation_token()
        rehydrated = backup_client.begin_restore(backup_operation.folder_url,
                                                 sas_token,
                                                 continuation_token=token)

        rehydrated.wait()
        restore_poller.wait()
Beispiel #9
0
    def test_selective_key_restore(self, container_uri, sas_token):
        # create a key to selectively restore
        key_client = KeyClient(self.managed_hsm["url"], self.credential)
        key_name = self.get_resource_name("selective-restore-test-key")
        key_client.create_rsa_key(key_name)

        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)
        backup_poller = backup_client.begin_backup(container_uri, sas_token)
        backup_operation = backup_poller.result()

        # restore the key
        restore_poller = backup_client.begin_restore(
            backup_operation.folder_url, sas_token, key_name=key_name)
        restore_poller.wait()

        # delete the key
        delete_function = partial(key_client.begin_delete_key, key_name)
        delete_poller = self._poll_until_no_exception(delete_function,
                                                      ResourceExistsError)
        delete_poller.wait()
        key_client.purge_deleted_key(key_name)
    def test_example_selective_key_restore(self, container_uri, sas_token):
        # create a key to selectively restore
        key_client = KeyClient(self.managed_hsm["url"], self.credential)
        key_name = self.get_resource_name("selective-restore-test-key")
        key_client.create_rsa_key(key_name)

        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)
        backup_poller = backup_client.begin_backup(container_uri, sas_token)
        backup_operation = backup_poller.result()
        folder_url = backup_operation.folder_url

        # [START begin_selective_restore]
        # begin a restore of a single key from a backed up vault
        restore_poller = backup_client.begin_restore(folder_url,
                                                     sas_token,
                                                     key_name=key_name)

        # check if the restore completed
        done = backup_poller.done()

        # wait for the restore to complete
        restore_poller.wait()
Beispiel #11
0
def data_plane_azure_keyvault_administration_backup_client(
        cli_ctx, command_args):
    from azure.keyvault.administration import KeyVaultBackupClient

    version = str(
        get_api_version(cli_ctx,
                        ResourceType.DATA_KEYVAULT_ADMINISTRATION_BACKUP))
    profile = Profile(cli_ctx=cli_ctx)
    credential, _, _ = profile.get_login_credentials(
        resource='https://managedhsm.azure.net')
    vault_url = command_args['hsm_name']
    if not vault_url:
        vault_url = command_args['vault_base_url']
    return KeyVaultBackupClient(vault_url=vault_url,
                                credential=credential,
                                api_version=version)
    def test_selective_key_restore(self, container_uri, sas_token):
        # create a key to selectively restore
        key_client = KeyClient(self.managed_hsm["url"], self.credential)
        key_name = self.get_resource_name("selective-restore-test-key")
        key_client.create_rsa_key(key_name)

        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)
        backup_poller = backup_client.begin_full_backup(
            container_uri, sas_token)

        # check backup status and result
        job_id = backup_poller.polling_method().resource().id
        backup_status = backup_client.get_backup_status(job_id)
        assert_in_progress_operation(backup_status)
        backup_operation = backup_poller.result()
        assert_successful_operation(backup_operation)
        backup_status = backup_client.get_backup_status(job_id)
        assert_successful_operation(backup_status)

        # restore the key
        folder_name = backup_operation.azure_storage_blob_container_uri.split(
            "/")[-1]
        restore_poller = backup_client.begin_selective_restore(
            container_uri, sas_token, folder_name, key_name)

        # check restore status and result
        job_id = restore_poller.polling_method().resource().id
        restore_status = backup_client.get_restore_status(job_id)
        assert_in_progress_operation(restore_status)
        restore_operation = restore_poller.result()
        assert_successful_operation(restore_operation)
        restore_status = backup_client.get_restore_status(job_id)
        assert_successful_operation(restore_status)

        # delete the key
        delete_function = partial(key_client.begin_delete_key, key_name)
        delete_poller = self._poll_until_no_exception(delete_function,
                                                      ResourceExistsError)
        delete_poller.wait()
        key_client.purge_deleted_key(key_name)
Beispiel #13
0
def data_plane_azure_keyvault_administration_backup_client(
        cli_ctx, command_args):
    from azure.keyvault.administration import KeyVaultBackupClient

    version = str(
        get_api_version(cli_ctx,
                        ResourceType.DATA_KEYVAULT_ADMINISTRATION_BACKUP))
    profile = Profile(cli_ctx=cli_ctx)
    credential, _, _ = profile.get_login_credentials(
        resource='https://managedhsm.azure.net')
    vault_url = \
        command_args.get('hsm_name', None) or \
        command_args.get('vault_base_url', None) or \
        command_args.get('identifier', None)
    if not vault_url:
        raise RequiredArgumentMissingError('Please specify --hsm-name or --id')
    return KeyVaultBackupClient(vault_url=vault_url,
                                credential=credential,
                                api_version=version)
Beispiel #14
0
    def test_backup_client_polling(self, container_uri, sas_token):
        if not self.is_live:
            pytest.skip(
                "Poller requests are incompatible with vcrpy in playback")

        # backup the vault
        backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
                                             self.credential)
        backup_poller = backup_client.begin_backup(container_uri, sas_token)

        # create a new poller from a continuation token
        token = backup_poller.continuation_token()
        rehydrated = backup_client.begin_backup(container_uri,
                                                sas_token,
                                                continuation_token=token)

        # check that pollers and polling methods behave as expected
        assert backup_poller.status() == "InProgress"
        assert not backup_poller.done() or backup_poller.polling_method(
        ).finished()
        assert rehydrated.status() == "InProgress"
        assert not rehydrated.done() or rehydrated.polling_method().finished()

        backup_operation = backup_poller.result()
        assert backup_poller.status(
        ) == "Succeeded" and backup_poller.polling_method().status(
        ) == "Succeeded"
        rehydrated_operation = rehydrated.result()
        assert rehydrated.status(
        ) == "Succeeded" and rehydrated.polling_method().status(
        ) == "Succeeded"
        assert backup_operation.folder_url == rehydrated_operation.folder_url

        # rehydrate a poller with a continuation token of a completed operation
        late_rehydrated = backup_client.begin_backup(container_uri,
                                                     sas_token,
                                                     continuation_token=token)
        assert late_rehydrated.status() == "Succeeded"

        # restore the backup
        restore_poller = backup_client.begin_restore(
            backup_operation.folder_url, sas_token)

        # create a new poller from a continuation token
        token = restore_poller.continuation_token()
        rehydrated = backup_client.begin_restore(backup_operation.folder_url,
                                                 sas_token,
                                                 continuation_token=token)

        # check that pollers and polling methods behave as expected
        assert restore_poller.status() == "InProgress"
        assert not restore_poller.done() or restore_poller.polling_method(
        ).finished()
        assert rehydrated.status() == "InProgress"
        assert not rehydrated.done() or rehydrated.polling_method().finished()

        rehydrated.wait()
        assert rehydrated.status(
        ) == "Succeeded" and rehydrated.polling_method().status(
        ) == "Succeeded"
        restore_poller.wait()
        assert restore_poller.status(
        ) == "Succeeded" and restore_poller.polling_method().status(
        ) == "Succeeded"
# ----------------------------------------------------------------------------------------------------------
# Sample - demonstrates full backup and restore operations for Managed HSM
#
# 1. Perform a full backup (begin_backup)
#
# 2. Perform a full restore (begin_restore)
# ----------------------------------------------------------------------------------------------------------

MANAGED_HSM_URL = os.environ["MANAGED_HSM_URL"]
CONTAINER_URL = os.environ["CONTAINER_URL"]
SAS_TOKEN = os.environ["SAS_TOKEN"]

# Instantiate a backup client that will be used to call the service.
# Here we use the DefaultAzureCredential, but any azure-identity credential can be used.
credential = DefaultAzureCredential()
client = KeyVaultBackupClient(vault_url=MANAGED_HSM_URL, credential=credential)

# Let's back up the vault with begin_backup, which returns a poller. Calling result() on the poller will return a
# KeyVaultBackupResult that contains the URL of the backup after the operation completes. Calling wait() on the
# poller will wait until the operation is complete.
print("\n.. Back up the vault")
backup_result = client.begin_backup(CONTAINER_URL, SAS_TOKEN).result()
print("Vault backed up successfully.")

# Now let's the vault by calling begin_restore, which also returns a poller. Calling result() on the poller will
# return None after the operation completes. Calling wait() on the poller will wait until the operation is complete.
# To restore a single key from the backed up vault instead, pass the key_name keyword argument.
print("\n.. Restore the full vault")
client.begin_restore(backup_result.folder_url, SAS_TOKEN).wait()
print("Vault restored successfully.")