async def test_key_rotation_policy(self, client, **kwargs):
if (not is_public_cloud() and self.is_live):
pytest.skip("This test not supprot in usgov/china region. Follow up with service team.")
key_name = self.get_resource_name("rotation-key")
await self._create_rsa_key(client, key_name)
actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.ROTATE, time_after_create="P2M")]
updated_policy = await client.update_key_rotation_policy(key_name, lifetime_actions=actions)
fetched_policy = await client.get_key_rotation_policy(key_name)
assert updated_policy.expires_in is None
_assert_rotation_policies_equal(updated_policy, fetched_policy)
updated_policy_actions = updated_policy.lifetime_actions[0]
fetched_policy_actions = fetched_policy.lifetime_actions[0]
assert updated_policy_actions.action == KeyRotationPolicyAction.ROTATE
assert updated_policy_actions.time_after_create == "P2M"
assert updated_policy_actions.time_before_expiry is None
_assert_lifetime_actions_equal(updated_policy_actions, fetched_policy_actions)
new_actions = [KeyRotationLifetimeAction(KeyRotationPolicyAction.NOTIFY, time_before_expiry="P30D")]
new_policy = await client.update_key_rotation_policy(key_name, expires_in="P90D", lifetime_actions=new_actions)
new_fetched_policy = await client.get_key_rotation_policy(key_name)
assert new_policy.expires_in == "P90D"
_assert_rotation_policies_equal(new_policy, new_fetched_policy)
new_policy_actions = new_policy.lifetime_actions[0]
new_fetched_policy_actions = new_fetched_policy.lifetime_actions[0]
assert new_policy_actions.action == KeyRotationPolicyAction.NOTIFY
assert new_policy_actions.time_after_create is None
assert new_policy_actions.time_before_expiry == "P30D"
_assert_lifetime_actions_equal(new_policy_actions, new_fetched_policy_actions)
async def test_key_rotation(self, client, **kwargs):
if (not is_public_cloud() and self.is_live):
pytest.skip("This test not supprot in usgov/china region. Follow up with service team.")
key_name = self.get_resource_name("rotation-key")
key = await self._create_rsa_key(client, key_name)
rotated_key = await client.rotate_key(key_name)
# the rotated key should have a new ID, version, and key material (for RSA, n and e fields)
assert key.id != rotated_key.id
assert key.properties.version != rotated_key.properties.version
assert key.key.n != rotated_key.key.n
def test_key_rotation_policy(self, client, **kwargs):
if (not is_public_cloud() and self.is_live):
pytest.skip(
"This test not supprot in usgov/china region. Follow up with service team."
)
key_name = self.get_resource_name("rotation-key")
self._create_rsa_key(client, key_name)
# ensure passing an empty policy with no kwargs doesn't raise an error
client.update_key_rotation_policy(key_name, KeyRotationPolicy())
# updating a rotation policy with an empty policy and override
actions = [
KeyRotationLifetimeAction(KeyRotationPolicyAction.rotate,
time_after_create="P2M")
]
updated_policy = client.update_key_rotation_policy(
key_name, KeyRotationPolicy(), lifetime_actions=actions)
fetched_policy = client.get_key_rotation_policy(key_name)
assert updated_policy.expires_in is None
_assert_rotation_policies_equal(updated_policy, fetched_policy)
updated_policy_actions = None
for i in range(len(updated_policy.lifetime_actions)):
if updated_policy.lifetime_actions[
i].action == KeyRotationPolicyAction.rotate:
updated_policy_actions = updated_policy.lifetime_actions[i]
assert updated_policy_actions, "Specified rotation policy action not found in updated policy"
assert updated_policy_actions.action == KeyRotationPolicyAction.rotate
assert updated_policy_actions.time_after_create == "P2M"
assert updated_policy_actions.time_before_expiry is None
fetched_policy_actions = None
for i in range(len(fetched_policy.lifetime_actions)):
if fetched_policy.lifetime_actions[
i].action == KeyRotationPolicyAction.rotate:
fetched_policy_actions = fetched_policy.lifetime_actions[i]
assert fetched_policy_actions, "Specified rotation policy action not found in fetched policy"
_assert_lifetime_actions_equal(updated_policy_actions,
fetched_policy_actions)
# updating with a round-tripped policy and overriding expires_in
new_policy = client.update_key_rotation_policy(key_name,
policy=updated_policy,
expires_in="P90D")
assert new_policy.expires_in == "P90D"
new_policy_actions = None
for i in range(len(new_policy.lifetime_actions)):
if new_policy.lifetime_actions[
i].action == KeyRotationPolicyAction.rotate:
new_policy_actions = new_policy.lifetime_actions[i]
_assert_lifetime_actions_equal(updated_policy_actions,
new_policy_actions)
# updating with a round-tripped policy and overriding lifetime_actions
newest_actions = [
KeyRotationLifetimeAction(KeyRotationPolicyAction.notify,
time_before_expiry="P60D")
]
newest_policy = client.update_key_rotation_policy(
key_name, policy=new_policy, lifetime_actions=newest_actions)
newest_fetched_policy = client.get_key_rotation_policy(key_name)
assert newest_policy.expires_in == "P90D"
_assert_rotation_policies_equal(newest_policy, newest_fetched_policy)
newest_policy_actions = None
for i in range(len(newest_policy.lifetime_actions)):
if newest_policy.lifetime_actions[
i].action == KeyRotationPolicyAction.notify:
newest_policy_actions = newest_policy.lifetime_actions[i]
assert newest_policy_actions.action == KeyRotationPolicyAction.notify
assert newest_policy_actions.time_after_create is None
assert newest_policy_actions.time_before_expiry == "P60D"
newest_fetched_policy_actions = None
for i in range(len(newest_fetched_policy.lifetime_actions)):
if newest_fetched_policy.lifetime_actions[
i].action == KeyRotationPolicyAction.notify:
newest_fetched_policy_actions = newest_fetched_policy.lifetime_actions[
i]
_assert_lifetime_actions_equal(newest_policy_actions,
newest_fetched_policy_actions)