hello world sample works

sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_client.py

@@ -139,7 +139,9 @@ def create_certificate(self, name, policy, enabled=None, not_before=None, expire
 
         if enabled is not None or not_before is not None or expires is not None:
             attributes = self._client.models.CertificateAttributes(
-                enabled=enabled, not_before=not_before, expires=expires
+                enabled=enabled,
+                not_before=not_before,
+                expires=expires
             )
         else:
             attributes = None

sdk/keyvault/azure-keyvault-certificates/samples/hello_world.py

@@ -1,7 +1,8 @@
 import datetime
 import os
-from azure.keyvault import SecretClient
 from azure.identity import DefaultAzureCredential
+from azure.keyvault.certificates import CertificateClient, CertificatePolicy
+from azure.keyvault.certificates._models import KeyProperties
 from azure.core.exceptions import HttpResponseError
 
 # ----------------------------------------------------------------------------------------------------------
@@ -11,7 +12,7 @@
 #    https://docs.microsoft.com/en-us/azure/key-vault/quick-create-cli
 #
 #  2. Microsoft Azure Key Vault PyPI package -
-#    https://pypi.python.org/pypi/azure-keyvault-secrets/
+#    https://pypi.python.org/pypi/azure-keyvault-certificates/
 #
 # 3. Microsoft Azure Identity package -
 #    https://pypi.python.org/pypi/azure-identity/
@@ -20,59 +21,69 @@
 # How to do this - https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/keyvault/azure-keyvault-secrets#createget-credentials)
 #
 # ----------------------------------------------------------------------------------------------------------
-# Sample - demonstrates the basic CRUD operations on a vault(secret) resource for Azure Key Vault
+# Sample - demonstrates the basic CRUD operations on a vault(certificate) resource for Azure Key Vault
 #
-# 1. Create a new Secret (set_secret)
+# 1. Create a new certificate (create_certificate)
 #
-# 2. Get an existing secret (get_secret)
+# 2. Get an existing certificate (get_certificate)
 #
-# 3. Update an existing secret (set_secret)
+# 3. Update an existing certificate (update_certificate)
 #
-# 4. Delete a secret (delete_secret)
+# 4. Delete a certificate (delete_certificate)
 #
 # ----------------------------------------------------------------------------------------------------------
+
 def run_sample():
-    # Instantiate a secret client that will be used to call the service.
+    # Instantiate a certificate client that will be used to call the service.
     # Notice that the client is using default Azure credentials.
     # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
     # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials.
     VAULT_URL = os.environ["VAULT_URL"]
     credential = DefaultAzureCredential()
-    client = SecretClient(vault_url=VAULT_URL, credential=credential)
+    client = CertificateClient(vault_url=VAULT_URL, credential=credential)
     try:
-        # Let's create a secret holding bank account credentials valid for 1 year.
-        # if the secret already exists in the Key Vault, then a new version of the secret is created.
-        print("\n1. Create Secret")
-        expires = datetime.datetime.utcnow() + datetime.timedelta(days=365)
-        secret = client.set_secret("secretName", "secretValue", expires=expires)
-        print("Secret with name '{0}' created with value '{1}'".format(secret.name, secret.value))
-        print("Secret with name '{0}' expires on '{1}'".format(secret.name, secret.expires))
+        # Let's create a certificate for holding bank account credentials valid for 1 year.
+        # if the certificate already exists in the Key Vault, then a new version of the certificate is created.
+        print("\n1. Create Certificate")
 
-        # Let's get the bank secret using its name
-        print("\n2. Get a Secret by name")
-        bank_secret = client.get_secret(secret.name)
-        print("Secret with name '{0}' was found with value '{1}'.".format(bank_secret.name, bank_secret.value))
+        # Before creating your certificate, let's create the management policy for your certificate.
+        # Here you specify the properties of the key, secret, and issuer backing your certificate,
+        # the X509 component of your certificate, and any lifetime actions you would like to be taken
+        # on your certificate
+        cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True,
+                                                                     key_type='RSA',
+                                                                     key_size=2048,
+                                                                     reuse_key=False),
+                                        content_type='application/x-pkcs12',
+                                        issuer_name='Self',
+                                        subject_name='CN=*.microsoft.com',
+                                        san_dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com'],
+                                        validity_in_months=24
+                                        )
+        cert_name="BankCertificate"
+        expires = datetime.datetime.utcnow() + datetime.timedelta(days=365)
+        print("right before create")
+        certificate_operation = client.create_certificate(name=cert_name, policy=cert_policy, expires=expires)
+        print("Certificate with name '{0}' created".format(certificate_operation.name))
 
-        # After one year, the bank account is still active, we need to update the expiry time of the secret.
-        # The update method can be used to update the expiry attribute of the secret. It cannot be used to update
-        # the value of the secret.
-        print("\n3. Update a Secret by name")
-        expires = bank_secret.expires + datetime.timedelta(days=365)
-        updated_secret = client.update_secret(secret.name, expires=expires)
-        print("Secret with name '{0}' was updated on date '{1}'".format(secret.name, updated_secret.updated))
-        print("Secret with name '{0}' was updated to expire on '{1}'".format(secret.name, updated_secret.expires))
+        # Let's get the bank certificate using its name
+        print("\n2. Get a Certificate by name")
+        bank_certificate = client.get_certificate(name=certificate_operation.name)
+        print("Certificate with name '{0}' was found with expiration date '{1}'.".format(bank_certificate.name, bank_certificate.expires))
 
-        # Bank forced a password update for security purposes. Let's change the value of the secret in the Key Vault.
-        # To achieve this, we need to create a new version of the secret in the Key Vault. The update operation cannot
-        # change the value of the secret.
-        secret = client.set_secret(secret.name, "newSecretValue")
-        print("Secret with name '{0}' created with value '{1}'".format(secret.name, secret.value))
+        # After one year, the bank account is still active, we need to update the expiry time of the certificate.
+        # The update method can be used to update the expiry attribute of the certificate.
+        print("\n3. Update a Certificate by name")
+        expires = bank_certificate.expires + datetime.timedelta(days=365)
+        updated_certificate = client.update_certificate(name=bank_certificate.name, expires=expires)
+        print("Certificate with name '{0}' was updated on date '{1}'".format(bank_certificate.name, updated_certificate.updated))
+        print("Certificate with name '{0}' was updated to expire on '{1}'".format(bank_certificate.name, updated_certificate.expires))
 
         # The bank account was closed, need to delete its credentials from the Key Vault.
-        print("\n4. Delete Secret")
-        deleted_secret = client.delete_secret(secret.name)
-        print("Deleting Secret..")
-        print("Secret with name '{0}' was deleted.".format(deleted_secret.name))
+        print("\n4. Delete Certificate")
+        deleted_certificate = client.delete_certificate(name=bank_certificate.name)
+        print("Deleting Certificate..")
+        print("Certificate with name '{0}' was deleted.".format(bank_certificate.name))
 
     except HttpResponseError as e:
         print("\nrun_sample has caught an error. {0}".format(e.message))