def test_full_backup_and_restore_rehydration(self, container_uri,
sas_token):
if not self.is_live:
pytest.skip(
"Poller requests are incompatible with vcrpy in playback")
# backup the vault
backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
self.credential)
backup_poller = backup_client.begin_backup(container_uri, sas_token)
# create a new poller from a continuation token
token = backup_poller.continuation_token()
rehydrated = backup_client.begin_backup(container_uri,
sas_token,
continuation_token=token)
rehydrated_operation = rehydrated.result()
assert rehydrated_operation.folder_url
backup_operation = backup_poller.result()
assert backup_operation.folder_url == rehydrated_operation.folder_url
# restore the backup
restore_poller = backup_client.begin_restore(
backup_operation.folder_url, sas_token)
# create a new poller from a continuation token
token = restore_poller.continuation_token()
rehydrated = backup_client.begin_restore(backup_operation.folder_url,
sas_token,
continuation_token=token)
rehydrated.wait()
restore_poller.wait()
def test_full_backup_and_restore(self, container_uri, sas_token):
# backup the vault
backup_client = KeyVaultBackupClient(self.managed_hsm["url"], self.credential)
backup_poller = backup_client.begin_backup(container_uri, sas_token)
# check backup status and result
job_id = backup_poller.polling_method().resource().job_id
backup_status = backup_client.get_backup_status(job_id)
assert_in_progress_operation(backup_status)
backup_operation = backup_poller.result()
assert_successful_operation(backup_operation)
backup_status = backup_client.get_backup_status(job_id)
assert_successful_operation(backup_status)
# restore the backup
restore_poller = backup_client.begin_restore(backup_status.folder_url, sas_token)
# check restore status and result
job_id = restore_poller.polling_method().resource().job_id
restore_status = backup_client.get_restore_status(job_id)
assert_in_progress_operation(restore_status)
restore_operation = restore_poller.result()
assert_successful_operation(restore_operation)
restore_status = backup_client.get_restore_status(job_id)
assert_successful_operation(restore_status)
def test_example_backup_and_restore(self, container_uri, sas_token):
backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
self.credential)
# [START begin_backup]
# begin a vault backup
backup_poller = backup_client.begin_backup(container_uri, sas_token)
# check if the backup completed
done = backup_poller.done()
# block until the backup completes
# result() returns an object with a URL of the backup
backup_operation = backup_poller.result()
# [END begin_backup]
folder_url = backup_operation.folder_url
# [START begin_restore]
# begin a full vault restore
restore_poller = backup_client.begin_restore(folder_url, sas_token)
# check if the restore completed
done = backup_poller.done()
# wait for the restore to complete
restore_poller.wait()
def test_continuation_token():
"""Methods returning pollers should accept continuation tokens"""
expected_token = "token"
mock_generated_client = mock.Mock()
backup_client = KeyVaultBackupClient("vault-url", object())
backup_client._client = mock_generated_client
backup_client.begin_restore("storage uri", "sas", continuation_token=expected_token)
backup_client.begin_backup("storage uri", "sas", continuation_token=expected_token)
backup_client.begin_selective_restore("storage uri", "sas", "key", continuation_token=expected_token)
for method in ("begin_full_backup", "begin_full_restore_operation", "begin_selective_key_restore_operation"):
mock_method = getattr(mock_generated_client, method)
assert mock_method.call_count == 1
_, kwargs = mock_method.call_args
assert kwargs["continuation_token"] == expected_token
def test_full_backup_and_restore(self, container_uri, sas_token):
# backup the vault
backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
self.credential)
backup_poller = backup_client.begin_backup(container_uri, sas_token)
backup_operation = backup_poller.result()
assert backup_operation.folder_url
# restore the backup
restore_poller = backup_client.begin_restore(
backup_operation.folder_url, sas_token)
restore_poller.wait()
def test_selective_key_restore(self, container_uri, sas_token):
# create a key to selectively restore
key_client = KeyClient(self.managed_hsm["url"], self.credential)
key_name = self.get_resource_name("selective-restore-test-key")
key_client.create_rsa_key(key_name)
# backup the vault
backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
self.credential)
backup_poller = backup_client.begin_backup(container_uri, sas_token)
backup_operation = backup_poller.result()
# restore the key
restore_poller = backup_client.begin_restore(
backup_operation.folder_url, sas_token, key_name=key_name)
restore_poller.wait()
# delete the key
delete_function = partial(key_client.begin_delete_key, key_name)
delete_poller = self._poll_until_no_exception(delete_function,
ResourceExistsError)
delete_poller.wait()
key_client.purge_deleted_key(key_name)
def test_example_selective_key_restore(self, container_uri, sas_token):
# create a key to selectively restore
key_client = KeyClient(self.managed_hsm["url"], self.credential)
key_name = self.get_resource_name("selective-restore-test-key")
key_client.create_rsa_key(key_name)
backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
self.credential)
backup_poller = backup_client.begin_backup(container_uri, sas_token)
backup_operation = backup_poller.result()
folder_url = backup_operation.folder_url
# [START begin_selective_restore]
# begin a restore of a single key from a backed up vault
restore_poller = backup_client.begin_restore(folder_url,
sas_token,
key_name=key_name)
# check if the restore completed
done = backup_poller.done()
# wait for the restore to complete
restore_poller.wait()
def test_backup_client_polling(self, container_uri, sas_token):
if not self.is_live:
pytest.skip(
"Poller requests are incompatible with vcrpy in playback")
# backup the vault
backup_client = KeyVaultBackupClient(self.managed_hsm["url"],
self.credential)
backup_poller = backup_client.begin_backup(container_uri, sas_token)
# create a new poller from a continuation token
token = backup_poller.continuation_token()
rehydrated = backup_client.begin_backup(container_uri,
sas_token,
continuation_token=token)
# check that pollers and polling methods behave as expected
assert backup_poller.status() == "InProgress"
assert not backup_poller.done() or backup_poller.polling_method(
).finished()
assert rehydrated.status() == "InProgress"
assert not rehydrated.done() or rehydrated.polling_method().finished()
backup_operation = backup_poller.result()
assert backup_poller.status(
) == "Succeeded" and backup_poller.polling_method().status(
) == "Succeeded"
rehydrated_operation = rehydrated.result()
assert rehydrated.status(
) == "Succeeded" and rehydrated.polling_method().status(
) == "Succeeded"
assert backup_operation.folder_url == rehydrated_operation.folder_url
# rehydrate a poller with a continuation token of a completed operation
late_rehydrated = backup_client.begin_backup(container_uri,
sas_token,
continuation_token=token)
assert late_rehydrated.status() == "Succeeded"
# restore the backup
restore_poller = backup_client.begin_restore(
backup_operation.folder_url, sas_token)
# create a new poller from a continuation token
token = restore_poller.continuation_token()
rehydrated = backup_client.begin_restore(backup_operation.folder_url,
sas_token,
continuation_token=token)
# check that pollers and polling methods behave as expected
assert restore_poller.status() == "InProgress"
assert not restore_poller.done() or restore_poller.polling_method(
).finished()
assert rehydrated.status() == "InProgress"
assert not rehydrated.done() or rehydrated.polling_method().finished()
rehydrated.wait()
assert rehydrated.status(
) == "Succeeded" and rehydrated.polling_method().status(
) == "Succeeded"
restore_poller.wait()
assert restore_poller.status(
) == "Succeeded" and restore_poller.polling_method().status(
) == "Succeeded"
# ----------------------------------------------------------------------------------------------------------
# Sample - demonstrates full backup and restore operations for Managed HSM
#
# 1. Perform a full backup (begin_backup)
#
# 2. Perform a full restore (begin_restore)
# ----------------------------------------------------------------------------------------------------------
MANAGED_HSM_URL = os.environ["MANAGED_HSM_URL"]
CONTAINER_URL = os.environ["CONTAINER_URL"]
SAS_TOKEN = os.environ["SAS_TOKEN"]
# Instantiate a backup client that will be used to call the service.
# Here we use the DefaultAzureCredential, but any azure-identity credential can be used.
credential = DefaultAzureCredential()
client = KeyVaultBackupClient(vault_url=MANAGED_HSM_URL, credential=credential)
# Let's back up the vault with begin_backup, which returns a poller. Calling result() on the poller will return a
# KeyVaultBackupResult that contains the URL of the backup after the operation completes. Calling wait() on the
# poller will wait until the operation is complete.
print("\n.. Back up the vault")
backup_result = client.begin_backup(CONTAINER_URL, SAS_TOKEN).result()
print("Vault backed up successfully.")
# Now let's the vault by calling begin_restore, which also returns a poller. Calling result() on the poller will
# return None after the operation completes. Calling wait() on the poller will wait until the operation is complete.
# To restore a single key from the backed up vault instead, pass the key_name keyword argument.
print("\n.. Restore the full vault")
client.begin_restore(backup_result.folder_url, SAS_TOKEN).wait()
print("Vault restored successfully.")