Update base client, dependency, changelog

sdk/keyvault/azure-keyvault-secrets/CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 4.8.0b3 (Unreleased)
 
 ### Features Added
+- Added support for service API version `7.5`
 
 ### Breaking Changes
 
@@ -12,6 +13,7 @@
 - Python 3.7 is no longer supported. Please use Python version 3.8 or later.
 - `asyncio` is no longer directly referenced by the library
   ([#33819](https://github.com/Azure/azure-sdk-for-python/pull/33819))
+- Updated minimum `azure-core` version to 1.29.5
 
 ## 4.8.0b2 (2023-11-03)
 

sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/async_challenge_auth_policy.py

@@ -14,6 +14,7 @@
 protocol again.
 """
 
+from copy import deepcopy
 import time
 from typing import Any, Optional
 from urllib.parse import urlparse
@@ -22,6 +23,7 @@
 from azure.core.credentials_async import AsyncTokenCredential
 from azure.core.pipeline import PipelineRequest, PipelineResponse
 from azure.core.pipeline.policies import AsyncBearerTokenCredentialPolicy
+from azure.core.rest import HttpRequest
 
 from . import http_challenge_cache as ChallengeCache
 from .challenge_auth_policy import _enforce_tls, _update_challenge
@@ -39,6 +41,7 @@ def __init__(self, credential: AsyncTokenCredential, *scopes: str, **kwargs: Any
         self._credential = credential
         self._token: Optional[AccessToken] = None
         self._verify_challenge_resource = kwargs.pop("verify_challenge_resource", True)
+        self._request_copy: Optional[HttpRequest] = None
 
     async def on_request(self, request: PipelineRequest) -> None:
         _enforce_tls(request)
@@ -60,12 +63,17 @@ async def on_request(self, request: PipelineRequest) -> None:
 
         # else: discover authentication information by eliciting a challenge from Key Vault. Remove any request data,
         # saving it for later. Key Vault will reject the request as unauthorized and respond with a challenge.
-        # on_challenge will parse that challenge, reattach any body removed here, authorize the request, and tell
-        # super to send it again.
-        if request.http_request.body:
-            request.context["key_vault_request_data"] = request.http_request.body
-            request.http_request.set_json_body(None)
-            request.http_request.headers["Content-Length"] = "0"
+        # on_challenge will parse that challenge, use the original request including the body, authorize the
+        # request, and tell super to send it again.
+        if request.http_request.content:
+            self._request_copy = request.http_request
+            bodiless_request = HttpRequest(
+                method=request.http_request.method,
+                url=request.http_request.url,
+                headers=deepcopy(request.http_request.headers),
+            )
+            bodiless_request.headers["Content-Length"] = "0"
+            request.http_request = bodiless_request
 
 
     async def on_challenge(self, request: PipelineRequest, response: PipelineResponse) -> bool:
@@ -89,8 +97,9 @@ async def on_challenge(self, request: PipelineRequest, response: PipelineRespons
                     "See https://aka.ms/azsdk/blog/vault-uri for more information."
                 )
 
-        body = request.context.pop("key_vault_request_data", None)
-        request.http_request.set_text_body(body)  # no-op when text is None
+        # If we had created a request copy in on_request, use it now to send along the original body content
+        if self._request_copy:
+            request.http_request = self._request_copy
 
         # The tenant parsed from AD FS challenges is "adfs"; we don't actually need a tenant for AD FS authentication
         # For AD FS we skip cross-tenant authentication per https://github.com/Azure/azure-sdk-for-python/issues/28648

sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/challenge_auth_policy.py

@@ -14,6 +14,7 @@
 protocol again.
 """
 
+from copy import deepcopy
 import time
 from typing import Any, Optional
 from urllib.parse import urlparse
@@ -22,6 +23,7 @@
 from azure.core.exceptions import ServiceRequestError
 from azure.core.pipeline import PipelineRequest, PipelineResponse
 from azure.core.pipeline.policies import BearerTokenCredentialPolicy
+from azure.core.rest import HttpRequest
 
 from .http_challenge import HttpChallenge
 from . import http_challenge_cache as ChallengeCache
@@ -68,6 +70,7 @@ def __init__(self, credential: TokenCredential, *scopes: str, **kwargs: Any) ->
         self._credential = credential
         self._token: Optional[AccessToken] = None
         self._verify_challenge_resource = kwargs.pop("verify_challenge_resource", True)
+        self._request_copy: Optional[HttpRequest] = None
 
     def on_request(self, request: PipelineRequest) -> None:
         _enforce_tls(request)
@@ -89,12 +92,17 @@ def on_request(self, request: PipelineRequest) -> None:
 
         # else: discover authentication information by eliciting a challenge from Key Vault. Remove any request data,
         # saving it for later. Key Vault will reject the request as unauthorized and respond with a challenge.
-        # on_challenge will parse that challenge, reattach any body removed here, authorize the request, and tell
-        # super to send it again.
-        if request.http_request.body:
-            request.context["key_vault_request_data"] = request.http_request.body
-            request.http_request.set_json_body(None)
-            request.http_request.headers["Content-Length"] = "0"
+        # on_challenge will parse that challenge, use the original request including the body, authorize the
+        # request, and tell super to send it again.
+        if request.http_request.content:
+            self._request_copy = request.http_request
+            bodiless_request = HttpRequest(
+                method=request.http_request.method,
+                url=request.http_request.url,
+                headers=deepcopy(request.http_request.headers),
+            )
+            bodiless_request.headers["Content-Length"] = "0"
+            request.http_request = bodiless_request
 
     def on_challenge(self, request: PipelineRequest, response: PipelineResponse) -> bool:
         try:
@@ -117,8 +125,9 @@ def on_challenge(self, request: PipelineRequest, response: PipelineResponse) ->
                     "See https://aka.ms/azsdk/blog/vault-uri for more information."
                 )
 
-        body = request.context.pop("key_vault_request_data", None)
-        request.http_request.set_text_body(body)  # no-op when text is None
+        # If we had created a request copy in on_request, use it now to send along the original body content
+        if self._request_copy:
+            request.http_request = self._request_copy
 
         # The tenant parsed from AD FS challenges is "adfs"; we don't actually need a tenant for AD FS authentication
         # For AD FS we skip cross-tenant authentication per https://github.com/Azure/azure-sdk-for-python/issues/28648

sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/client_base.py

@@ -24,7 +24,7 @@ class ApiVersion(str, Enum, metaclass=CaseInsensitiveEnumMeta):
     """Key Vault API versions supported by this package"""
 
     #: this is the default version
-    V7_5_PREVIEW_1 = "7.5-preview.1"
+    V7_5 = "7.5"
     V7_4 = "7.4"
     V7_3 = "7.3"
     V7_2 = "7.2"
@@ -33,7 +33,7 @@ class ApiVersion(str, Enum, metaclass=CaseInsensitiveEnumMeta):
     V2016_10_01 = "2016-10-01"
 
 
-DEFAULT_VERSION = ApiVersion.V7_5_PREVIEW_1
+DEFAULT_VERSION = ApiVersion.V7_5
 
 _SERIALIZER = Serializer()
 _SERIALIZER.client_side_validation = False

sdk/keyvault/azure-keyvault-secrets/setup.py

@@ -69,7 +69,7 @@
     python_requires=">=3.8",
     install_requires=[
         "azure-common~=1.1",
-        "azure-core<2.0.0,>=1.24.0",
+        "azure-core<2.0.0,>=1.29.5",
         "isodate>=0.6.1",
         "typing-extensions>=4.0.1",
     ],