Python KeyReleasePolicy示例

示例#1

文件： test_key_client.py 项目： tasherif-msft/azure-sdk-for-python

    def test_immutable_release_policy(self, client, **kwargs):
        attestation_uri = self._get_attestation_uri()
        release_policy = get_release_policy(attestation_uri, immutable=True)
        key_name = self.get_resource_name("key-name")
        key = self._create_rsa_key(client,
                                   key_name,
                                   hardware_protected=True,
                                   exportable=True,
                                   release_policy=release_policy)
        assert key.properties.release_policy.encoded_policy
        assert key.properties.release_policy.immutable

        new_release_policy_json = {
            "anyOf": [{
                "anyOf": [{
                    "claim": "sdk-test",
                    "equals": False
                }],
                "authority": attestation_uri.rstrip("/") + "/"
            }],
            "version":
            "1.0.0"
        }
        policy_string = json.dumps(new_release_policy_json).encode()
        new_release_policy = KeyReleasePolicy(policy_string, immutable=True)

        with pytest.raises(HttpResponseError):
            self._update_key_properties(client, key, new_release_policy)

示例#2

def get_release_policy(attestation_uri):
    release_policy_json = {
        "anyOf": [{
            "anyOf": [{
                "claim": "sdk-test",
                "equals": True
            }],
            "authority": attestation_uri.rstrip("/") + "/"
        }],
        "version":
        "1.0.0"
    }
    policy_string = json.dumps(release_policy_json).encode()
    return KeyReleasePolicy(policy_string)

示例#3

文件： test_key_client.py 项目： tasherif-msft/azure-sdk-for-python

    def test_update_release_policy(self, client, **kwargs):
        attestation_uri = self._get_attestation_uri()
        release_policy = get_release_policy(attestation_uri)
        key_name = self.get_resource_name("key-name")
        key = self._create_rsa_key(client,
                                   key_name,
                                   hardware_protected=True,
                                   exportable=True,
                                   release_policy=release_policy)

        policy = json.loads(
            key.properties.release_policy.encoded_policy.decode())
        claim_condition = policy["anyOf"][0]["anyOf"][0]["equals"]
        # for some reason, claim_condition may be 'true' here for KV, but should be True here for MHSM
        claim_condition = claim_condition if isinstance(
            claim_condition, bool) else json.loads(claim_condition)
        assert claim_condition is True

        new_release_policy_json = {
            "anyOf": [{
                "anyOf": [{
                    "claim": "sdk-test",
                    "equals": False
                }],
                "authority": attestation_uri.rstrip("/") + "/"
            }],
            "version":
            "1.0.0"
        }
        policy_string = json.dumps(new_release_policy_json).encode()
        new_release_policy = KeyReleasePolicy(policy_string)

        updated_key = self._update_key_properties(client, key,
                                                  new_release_policy)
        updated_policy = json.loads(
            updated_key.properties.release_policy.encoded_policy.decode())
        claim_condition = updated_policy["anyOf"][0]["anyOf"][0]["equals"]
        claim_condition = claim_condition if isinstance(
            claim_condition, bool) else json.loads(claim_condition)
        assert claim_condition is False