support --id to specify url and fix test

Azure · houk-ms · Mar 18, 2021 · Feb 10, 2021 · Feb 18, 2021 · Feb 19, 2021
commit f186f43aee9fec2791c0a2845b90d1387261f241
@@ -471,6 +471,7 @@ class CLISecurityDomainOperation(str, Enum):
             c.argument('hsm_name', hsm_url_type, required=False,
                        help='Name of the HSM. Can be omitted if --id is specified.')
             c.extra('identifier', options_list=['--id'], validator=validate_vault_or_hsm, help='Id of the HSM.')
+            c.ignore('vault_base_url')
 
     with self.argument_context('keyvault security-domain init-recovery') as c:
         c.argument('sd_exchange_key', help='Local file path to store the exported key.')
@@ -492,7 +493,6 @@ class CLISecurityDomainOperation(str, Enum):
                    help='Path to a file where the JSON blob returned by this command is stored.')
         c.argument('sd_quorum', type=int, help='The minimum number of shares required to decrypt the security domain '
                                                'for recovery.')
-        c.ignore('vault_base_url')
 
     with self.argument_context('keyvault security-domain wait') as c:
         c.argument('hsm_name', hsm_url_type, help='Name of the HSM. Can be omitted if --id is specified.',
@@ -502,6 +502,7 @@ class CLISecurityDomainOperation(str, Enum):
                    help='Proceed only if HSM belongs to the specified resource group.')
         c.argument('target_operation', arg_type=get_enum_type(CLISecurityDomainOperation),
                    help='Target operation that needs waiting.')
+        c.ignore('vault_base_url')
     # endregion
 
     # region keyvault backup/restore

@@ -2173,11 +2173,11 @@ def full_restore(cmd, client, token, folder_to_restore, storage_resource_uri=Non
 
 # region security domain
 def security_domain_init_recovery(client, hsm_name, sd_exchange_key,
-                                  identifier=None):  # pylint: disable=unused-argument
+                                  identifier=None, vault_base_url=None):  # pylint: disable=unused-argument
     if os.path.exists(sd_exchange_key):
         raise CLIError("File named '{}' already exists.".format(sd_exchange_key))
 
-    ret = client.transfer_key(vault_base_url=hsm_name)
+    ret = client.transfer_key(vault_base_url=hsm_name or vault_base_url)
     exchange_key = json.loads(json.loads(ret)['transfer_key'])
 
     def get_x5c_as_pem():
@@ -2204,17 +2204,18 @@ def get_x5c_as_pem():
         raise ex
 
 
-def _wait_security_domain_operation(client, hsm_name, target_operation='upload', identifier=None):  # pylint: disable=unused-argument
+def _wait_security_domain_operation(client, hsm_name, target_operation='upload',
+                                    identifier=None, vault_base_url=None):  # pylint: disable=unused-argument
     retries = 0
     max_retries = 30
     wait_second = 5
     while retries < max_retries:
         try:
             ret = None
             if target_operation == 'upload':
-                ret = client.upload_pending(vault_base_url=hsm_name)
+                ret = client.upload_pending(vault_base_url=hsm_name or vault_base_url)
             elif target_operation == 'download':
-                ret = client.download_pending(vault_base_url=hsm_name)
+                ret = client.download_pending(vault_base_url=hsm_name or vault_base_url)
 
             # v7.2-preview and v7.2 will change the upload operation from Sync to Async
             # due to service defects, it returns 'Succeeded' before the change and 'Success' after the change
@@ -2319,7 +2320,7 @@ def _security_domain_gen_blob(sd_exchange_key, share_arrays, enc_data, required)
 
 
 def security_domain_upload(cmd, client, hsm_name, sd_file, sd_exchange_key, sd_wrapping_keys, passwords=None,
-                           identifier=None, no_wait=False):  # pylint: disable=unused-argument
+                           identifier=None, vault_base_url=None, no_wait=False):  # pylint: disable=unused-argument
     resource_paths = [sd_file, sd_exchange_key]
     for p in resource_paths:
         if not os.path.exists(p):
@@ -2358,12 +2359,12 @@ def security_domain_upload(cmd, client, hsm_name, sd_file, sd_exchange_key, sd_w
     )
     SecurityDomainObject = cmd.get_models('SecurityDomainObject', resource_type=ResourceType.DATA_PRIVATE_KEYVAULT)
     security_domain = SecurityDomainObject(value=restore_blob_value)
-    retval = client.upload(vault_base_url=hsm_name, security_domain=security_domain)
+    retval = client.upload(vault_base_url=hsm_name or vault_base_url, security_domain=security_domain)
 
     if no_wait:
         return retval
 
-    new_retval = _wait_security_domain_operation(client, hsm_name, 'upload')
+    new_retval = _wait_security_domain_operation(client, hsm_name, 'upload', vault_base_url=vault_base_url)
     if new_retval:
         return new_retval
     return retval
@@ -2430,7 +2431,7 @@ def _save_to_local_file(file_path, security_domain):
     )
 
     if not no_wait:
-        polling_ret = _wait_security_domain_operation(client, hsm_name, 'download')
+        polling_ret = _wait_security_domain_operation(client, hsm_name, 'download', vault_base_url=vault_base_url)
         # Due to service defect, status could be 'Success' or 'Succeeded' when it succeeded
         if polling_ret and getattr(polling_ret, 'status', None) != 'Failed':
             _save_to_local_file(security_domain_file, ret)

@@ -371,7 +371,7 @@ def test_keyvault_hsm_security_domain(self):
 
         # download SD
         self.cmd('az keyvault security-domain download --hsm-name {hsm_name} --security-domain-file "{sdfile}" '
-                 '--sd-quorum 2 --sd-wrapping-keys "{cer1_path}" "{cer2_path}" "{cer3_path}"')
+                 '--sd-quorum 2 --sd-wrapping-keys "{cer1_path}" "{cer2_path}" "{cer3_path}" --no-wait')
 
         # delete the HSM
         self.cmd('az keyvault delete --hsm-name {hsm_name}')