Skip to content

[Keyvault] az keyvault key: sign and verify#29476

Closed
freedge wants to merge 1 commit intoAzure:devfrom
freedge:fixkv
Closed

[Keyvault] az keyvault key: sign and verify#29476
freedge wants to merge 1 commit intoAzure:devfrom
freedge:fixkv

Conversation

@freedge
Copy link
Contributor

@freedge freedge commented Jul 25, 2024

It's not possible to provide data to az keyvault key sign and verify as found in #27631, #28027

We now allow for valid base64 data to be given as digest.

$ az keyvault key sign -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35
Algorithm    KeyId                                                                          Signature
-----------  -----------------------------------------------------------------------------  --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RS256        https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35  e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A==

$ az keyvault key verify -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 --signature e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE
9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A==
Algorithm    IsValid    KeyId
-----------  ---------  -----------------------------------------------------------------------------
RS256        True       https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35

$ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35  -f rsa.pub
$ openssl dgst -verify rsa.pub -sha256 -signature <(echo e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A== | base64 -d) ./bar
Verified OK

This also works for EC keys, however openssl is not able to verify these keys so there is some other bug.

$ az keyvault key sign -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414
Algorithm    KeyId                                                                         Signature
-----------  ----------------------------------------------------------------------------  ----------------------------------------------------------------------------------------
ES256        https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414  pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA==
$ az keyvault key verify -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 --signature pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA==
Algorithm    IsValid    KeyId
-----------  ---------  ----------------------------------------------------------------------------
ES256        True       https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414

$ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 -f ec.pub
$ openssl ec -pubin -in ec.pub  -text -noout
read EC key
Public-Key: (256 bit)
pub:
    04:83:8f:93:9a:74:c3:0a:39:9d:f4:e5:27:f9:19:
    cd:42:71:1a:5e:c4:87:76:8b:6a:06:19:d3:60:73:
    9f:66:8c:28:1c:ea:d1:1e:f4:c2:c9:90:48:79:85:
    a7:27:c6:ff:46:df:36:01:ce:3b:2e:db:1a:c1:a2:
    68:3e:5e:d8:c5
ASN1 OID: prime256v1
NIST CURVE: P-256
$ openssl dgst -verify ec.pub -sha256 -signature <(echo pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA== | base64 -d) ./bar
Error verifying data

Related command

az keyvault key sign, verify}

Description

az keyvault key sign, verify, are unusable today as described in multiple bugs

Testing Guide

see commit message

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

This checklist is used to make sure that common guidelines for a pull request are followed.

@freedge
[Keyvault] az keyvault key: sign and verify
94179de 
It's not possible to provide data to az keyvault key sign and verify as
found in Azure#27631,
Azure#28027

We now allow for valid base64 data to be given as digest.

```
$ az keyvault key sign -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35
Algorithm    KeyId                                                                          Signature
-----------  -----------------------------------------------------------------------------  --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RS256        https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35  e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A==

$ az keyvault key verify -a RS256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35 --signature e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE
9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A==
Algorithm    IsValid    KeyId
-----------  ---------  -----------------------------------------------------------------------------
RS256        True       https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35

$ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/rsaex/0f322aba7573435a96acfba86b521c35  -f rsa.pub
$ openssl dgst -verify rsa.pub -sha256 -signature <(echo e7Wi7PCouEo8ZNlY1dL3IgDm8E63bc8ZE9VW0GQHglHPJjKGHpi9D0MfRFHZXCOHrRAas6JBz0iO5yJBuH+cczMpl+9+lFWNSi7I1efIrPS2NOlrtdhOCI5qLT/nWh++CvRh1+R2iCpVD1uxCkL9sjDwi6k5B+7ySkk9ikUGHG463TFq8/Oftk+mSlNBCd5j3wsva1BOTT1h9qY9eyHZCY319oVRM0jD92jtF2DNu0HF92uhUC8PT/6gjPd6vQtAWxF1LR7KLMx2zCxN9e7aV3bQXtKA4/KMYekE143IY2nMft+XNZ+DT7OIi0TT1ufwdNNjpUk/9LovN+XwYz1p+A== | base64 -d) ./bar
Verified OK
```

This also works for EC keys, however openssl is not able to verify these
keys so there is some other bug.
```
$ az keyvault key sign -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414
Algorithm    KeyId                                                                         Signature
-----------  ----------------------------------------------------------------------------  ----------------------------------------------------------------------------------------
ES256        https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414  pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA==
$ az keyvault key verify -a ES256 --digest @<(openssl dgst -binary -sha256 bar | base64) --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 --signature pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA==
Algorithm    IsValid    KeyId
-----------  ---------  ----------------------------------------------------------------------------
ES256        True       https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414

$ az keyvault key download --id https://kvfrigo.vault.azure.net/keys/ecex/68ab9b9141524362bf10fb96e0158414 -f ec.pub
$ openssl ec -pubin -in ec.pub  -text -noout
read EC key
Public-Key: (256 bit)
pub:
    04:83:8f:93:9a:74:c3:0a:39:9d:f4:e5:27:f9:19:
    cd:42:71:1a:5e:c4:87:76:8b:6a:06:19:d3:60:73:
    9f:66:8c:28:1c:ea:d1:1e:f4:c2:c9:90:48:79:85:
    a7:27:c6:ff:46:df:36:01:ce:3b:2e:db:1a:c1:a2:
    68:3e:5e:d8:c5
ASN1 OID: prime256v1
NIST CURVE: P-256
$ openssl dgst -verify ec.pub -sha256 -signature <(echo pj9a96b0En6/NbHSeRupa0cz26NicpgiUYRCQYXYikU5bPmaloJhDddkjFqxXUI9DaBLCZRI954UP1i9fGN8kA== | base64 -d) ./bar
Error verifying data

```
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 25, 2024
edited
Loading

❌AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.11
️✔️3.9
️✔️ams
️✔️latest
️✔️3.11
️✔️3.9
️✔️apim
️✔️latest
️✔️3.11
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.11
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.11
️✔️3.9
️✔️aro
️✔️latest
️✔️3.11
️✔️3.9
️✔️backup
️✔️latest
️✔️3.11
️✔️3.9
️✔️batch
️✔️latest
️✔️3.11
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.11
️✔️3.9
️✔️billing
️✔️latest
️✔️3.11
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.11
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.11
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.11
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.11
️✔️3.9
️✔️compute_recommender
️✔️latest
️✔️3.11
️✔️3.9
️✔️config
️✔️latest
️✔️3.11
️✔️3.9
️✔️configure
️✔️latest
️✔️3.11
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.11
️✔️3.9
️✔️container
️✔️latest
️✔️3.11
️✔️3.9
️✔️containerapp
️✔️latest
️✔️3.11
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.11
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️dla
️✔️latest
️✔️3.11
️✔️3.9
️✔️dls
️✔️latest
️✔️3.11
️✔️3.9
️✔️dms
️✔️latest
️✔️3.11
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.11
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.11
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.11
️✔️3.9
️✔️find
️✔️latest
️✔️3.11
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.11
️✔️3.9
️✔️identity
️✔️latest
️✔️3.11
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
❌keyvault
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
❌latest
❌3.11
Type Test Case Error Message Line
Failed test_keyvault_key self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f38c7957510>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f38c2dd5110>
command = 'keyvault key verify -n key1-000004 --vault-name cli-test-kv-key-000002 -a RS256 --digest 1234567890123456789012345678.../+C8Vp16HSs/shdAUJx6hBmY1JZtqgo5+1ybYMpUmf6BcTt2Vn6pkDe7XD2w/O8anze/E7prqZPqF2jE1E74y7aO9ufM5R66nwlgumB5mZ6JsjJT+kw=="'
expect_failure = False

    def in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException
    
        if command.startswith('az '):
            command = command[3:]
    
        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
>           self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0

src/azure-cli-testsdk/azure/cli/testsdk/base.py:302: 
                                        
env/lib/python3.11/site-packages/knack/cli.py:245: in invoke
    exit_code = self.exception_handler(ex)
src/azure-cli-core/azure/cli/core/init.py:127: in exception_handler
    return handle_exception(ex)
                                        

ex = CLIError(CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/work/1/s/src/azure-cl...ed :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n"))
args = (), kwargs = {}

    def handle_main_exception(ex, *args, **kwargs):  # pylint: disable=unused-argument
        if isinstance(ex, CannotOverwriteExistingCassetteException):
            # This exception usually caused by a no match HTTP request. This is a product error
            # that is caused by change of SDK invocation.
            raise ex
    
>       raise CliExecutionError(ex)
E       azure.cli.testsdk.exceptions.CliExecutionError: The CLI throws exception CLIError during execution and fails the command.

src/azure-cli-testsdk/azure/cli/testsdk/patches.py:35: CliExecutionError

During handling of the above exception, another exception occurred:

self = <azure.cli.command_modules.keyvault.tests.latest.test_keyvault_commands.KeyVaultKeyScenarioTest testMethod=test_keyvault_key>
resource_group = 'cli_test_keyvault_key000001'
key_vault = 'cli-test-kv-key-000002', key_vault2 = 'cli-test-kv-key-000003'

    @ResourceGroupPreparer(name_prefix='cli_test_keyvault_key')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2', sku='premium',
                      parameter_name='key_vault2', key='kv2')
    def test_keyvault_key(self, resource_group, key_vault, key_vault2):
        self.kwargs.update({
            'loc': 'eastus2',
            'key': self.create_random_name('key1-', 24),
            'key2': self.create_random_name('key2-', 24)
        })
        keyvault = self.cmd('keyvault show -n {kv} -g {rg}').get_output_in_json()
        self.kwargs['obj_id'] = keyvault['properties']['accessPolicies'][0]['objectId']
        key_perms = keyvault['properties']['accessPolicies'][0]['permissions']['keys']
        key_perms.extend(['encrypt', 'decrypt', 'purge'])
        self.kwargs['key_perms'] = ' '.join(key_perms)
    
        # create a key
        key = self.cmd('keyvault key create --vault-name {kv} -n {key} -p software',
                       checks=self.check('attributes.enabled', True)).get_output_in_json()
        first_kid = key['key']['kid']
        first_version = first_kid.rsplit('/', 1)[1]
        self.cmd('keyvault key create --vault-name {kv} -n {key2}')
    
        # encrypt/decrypt
        self.cmd('keyvault set-policy -n {kv} --object-id {obj_id} --key-permissions {key_perms}')
        self.kwargs['plaintext_value'] = 'abcdef'
        self.kwargs['base64_value'] = 'YWJjZGVm'
        self.kwargs['encryption_result1'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{plaintext_value}" --data-type plaintext').get_output_in_json()['result']
        self.kwargs['encryption_result2'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{base64_value}" --data-type base64').get_output_in_json()['result']
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result1}" --data-type plaintext',
                 checks=self.check('result', '{plaintext_value}'))
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result2}" --data-type base64',
                 checks=self.check('result', '{base64_value}'))
    
        # sign/verify
        self.kwargs['digest'] = '12345678901234567890123456789012'
        self.kwargs['sign_result'] = self.cmd('keyvault key sign -n {key} --vault-name {kv} -a RS256 --digest {digest}').get_output_in_json()['signature']
>       self.cmd('keyvault key verify -n {key} --vault-name {kv} -a RS256 --digest {digest} --signature "{sign_result}"',
                 checks=self.check('isValid', True))

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1043: 
                                        
src/azure-cli-testsdk/azure/cli/testsdk/base.py:176: in cmd
    return execute(self.cli_ctx, command, expect_failure=expect_failure).assert_with_checks(checks)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:251: in init
    self.in_process_execute(cli_ctx, command, expect_failure=expect_failure)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:314: in in_process_execute
    raise ex.exception
env/lib/python3.11/site-packages/knack/cli.py:233: in invoke
    cmd_result = self.invocation.execute(args)
src/azure-cli-core/azure/cli/core/commands/init.py:664: in execute
    raise ex
src/azure-cli-core/azure/cli/core/commands/init.py:731: in run_jobs_serially
    results.append(self.run_job(expanded_arg, cmd_copy))
src/azure-cli-core/azure/cli/core/commands/init.py:701: in run_job
    result = cmd_copy(params)
src/azure-cli-core/azure/cli/core/commands/init.py:334: in call
    return self.handler(*args, **kwargs)
src/azure-cli/azure/cli/command_modules/keyvault/command_type.py:135: in keyvault_command_handler
    return keyvault_exception_handler(ex)
                                       _ 

ex = CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/c...led :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n")

    def keyvault_exception_handler(ex):
        from msrest.exceptions import ValidationError, ClientRequestError
        if isinstance(ex, ValidationError):
            try:
                raise CLIError(ex.inner_exception.error.message)
            except AttributeError:
                raise CLIError(ex)
        elif isinstance(ex, ClientRequestError):
            if 'Failed to establish a new connection' in str(ex.inner_exception):
                instance_type = 'Vault'
                if 'managedhsm' in str(ex.inner_exception):
                    instance_type = 'HSM'
                raise CLIError('Max retries exceeded attempting to connect to {instance_type}. '
                               'The {instance_type} may not exist or you may need to flush your DNS cache '
                               'and try again later.'.format(instance_type=instance_type))
            raise CLIError(ex)
        else:
>           raise CLIError(ex)
E           knack.util.CLIError: Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/recordings/test_keyvault_key.yaml') in your current record mode ('once').
E           No match for the request (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify?api-version=7.5-preview.1>)&nbsp;was&nbsp;found.
E           Found 11 similar requests with 1 different matcher(s) :
E           
E           1 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E           
E           2 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E           
E           3 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key2-000005/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key2-000005/create
E           
E           4 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E           
E           5 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E           
E           6 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign
E           
E           7 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E           
E           8 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/backup?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/backup
E           
E           9 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/restore?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/restore
E           
E           10 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create
E           
E           11 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create

src/azure-cli/azure/cli/command_modules/keyvault/_command_type.py:49: CLIError		 azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1005
❌3.9
Type Test Case Error Message Line
Failed test_keyvault_key self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f3ceaa188e0>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f3ceca674f0>
command = 'keyvault key verify -n key1-000004 --vault-name cli-test-kv-key-000002 -a RS256 --digest 1234567890123456789012345678.../+C8Vp16HSs/shdAUJx6hBmY1JZtqgo5+1ybYMpUmf6BcTt2Vn6pkDe7XD2w/O8anze/E7prqZPqF2jE1E74y7aO9ufM5R66nwlgumB5mZ6JsjJT+kw=="'
expect_failure = False

    def in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException
    
        if command.startswith('az '):
            command = command[3:]
    
        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
>           self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0

src/azure-cli-testsdk/azure/cli/testsdk/base.py:302: 
                                        
env/lib/python3.9/site-packages/knack/cli.py:245: in invoke
    exit_code = self.exception_handler(ex)
src/azure-cli-core/azure/cli/core/init.py:127: in exception_handler
    return handle_exception(ex)
                                        

ex = CLIError(CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/work/1/s/src/azure-cl...ed :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n"))
args = (), kwargs = {}

    def handle_main_exception(ex, *args, **kwargs):  # pylint: disable=unused-argument
        if isinstance(ex, CannotOverwriteExistingCassetteException):
            # This exception usually caused by a no match HTTP request. This is a product error
            # that is caused by change of SDK invocation.
            raise ex
    
>       raise CliExecutionError(ex)
E       azure.cli.testsdk.exceptions.CliExecutionError: The CLI throws exception CLIError during execution and fails the command.

src/azure-cli-testsdk/azure/cli/testsdk/patches.py:35: CliExecutionError

During handling of the above exception, another exception occurred:

self = <azure.cli.command_modules.keyvault.tests.latest.test_keyvault_commands.KeyVaultKeyScenarioTest testMethod=test_keyvault_key>
resource_group = 'cli_test_keyvault_key000001'
key_vault = 'cli-test-kv-key-000002', key_vault2 = 'cli-test-kv-key-000003'

    @ResourceGroupPreparer(name_prefix='cli_test_keyvault_key')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2')
    @KeyVaultPreparer(name_prefix='cli-test-kv-key-', location='eastus2', sku='premium',
                      parameter_name='key_vault2', key='kv2')
    def test_keyvault_key(self, resource_group, key_vault, key_vault2):
        self.kwargs.update({
            'loc': 'eastus2',
            'key': self.create_random_name('key1-', 24),
            'key2': self.create_random_name('key2-', 24)
        })
        keyvault = self.cmd('keyvault show -n {kv} -g {rg}').get_output_in_json()
        self.kwargs['obj_id'] = keyvault['properties']['accessPolicies'][0]['objectId']
        key_perms = keyvault['properties']['accessPolicies'][0]['permissions']['keys']
        key_perms.extend(['encrypt', 'decrypt', 'purge'])
        self.kwargs['key_perms'] = ' '.join(key_perms)
    
        # create a key
        key = self.cmd('keyvault key create --vault-name {kv} -n {key} -p software',
                       checks=self.check('attributes.enabled', True)).get_output_in_json()
        first_kid = key['key']['kid']
        first_version = first_kid.rsplit('/', 1)[1]
        self.cmd('keyvault key create --vault-name {kv} -n {key2}')
    
        # encrypt/decrypt
        self.cmd('keyvault set-policy -n {kv} --object-id {obj_id} --key-permissions {key_perms}')
        self.kwargs['plaintext_value'] = 'abcdef'
        self.kwargs['base64_value'] = 'YWJjZGVm'
        self.kwargs['encryption_result1'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{plaintext_value}" --data-type plaintext').get_output_in_json()['result']
        self.kwargs['encryption_result2'] = self.cmd('keyvault key encrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{base64_value}" --data-type base64').get_output_in_json()['result']
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result1}" --data-type plaintext',
                 checks=self.check('result', '{plaintext_value}'))
        self.cmd('keyvault key decrypt -n {key} --vault-name {kv} -a RSA-OAEP --value "{encryption_result2}" --data-type base64',
                 checks=self.check('result', '{base64_value}'))
    
        # sign/verify
        self.kwargs['digest'] = '12345678901234567890123456789012'
        self.kwargs['sign_result'] = self.cmd('keyvault key sign -n {key} --vault-name {kv} -a RS256 --digest {digest}').get_output_in_json()['signature']
>       self.cmd('keyvault key verify -n {key} --vault-name {kv} -a RS256 --digest {digest} --signature "{sign_result}"',
                 checks=self.check('isValid', True))

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1043: 
                                        
src/azure-cli-testsdk/azure/cli/testsdk/base.py:176: in cmd
    return execute(self.cli_ctx, command, expect_failure=expect_failure).assert_with_checks(checks)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:251: in init
    self.in_process_execute(cli_ctx, command, expect_failure=expect_failure)
src/azure-cli-testsdk/azure/cli/testsdk/base.py:314: in in_process_execute
    raise ex.exception
env/lib/python3.9/site-packages/knack/cli.py:233: in invoke
    cmd_result = self.invocation.execute(args)
src/azure-cli-core/azure/cli/core/commands/init.py:664: in execute
    raise ex
src/azure-cli-core/azure/cli/core/commands/init.py:731: in run_jobs_serially
    results.append(self.run_job(expanded_arg, cmd_copy))
src/azure-cli-core/azure/cli/core/commands/init.py:701: in run_job
    result = cmd_copy(params)
src/azure-cli-core/azure/cli/core/commands/init.py:334: in call
    return self.handler(*args, **kwargs)
src/azure-cli/azure/cli/command_modules/keyvault/command_type.py:135: in keyvault_command_handler
    return keyvault_exception_handler(ex)
                                       _ 

ex = CannotOverwriteExistingCassetteException("Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/c...led :\npath - assertion failure :\n/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create\n")

    def keyvault_exception_handler(ex):
        from msrest.exceptions import ValidationError, ClientRequestError
        if isinstance(ex, ValidationError):
            try:
                raise CLIError(ex.inner_exception.error.message)
            except AttributeError:
                raise CLIError(ex)
        elif isinstance(ex, ClientRequestError):
            if 'Failed to establish a new connection' in str(ex.inner_exception):
                instance_type = 'Vault'
                if 'managedhsm' in str(ex.inner_exception):
                    instance_type = 'HSM'
                raise CLIError('Max retries exceeded attempting to connect to {instance_type}. '
                               'The {instance_type} may not exist or you may need to flush your DNS cache '
                               'and try again later.'.format(instance_type=instance_type))
            raise CLIError(ex)
        else:
>           raise CLIError(ex)
E           knack.util.CLIError: Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/recordings/test_keyvault_key.yaml') in your current record mode ('once').
E           No match for the request (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify?api-version=7.5-preview.1>)&nbsp;was&nbsp;found.
E           Found 11 similar requests with 1 different matcher(s) :
E           
E           1 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E           
E           2 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E           
E           3 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key2-000005/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key2-000005/create
E           
E           4 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E           
E           5 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/decrypt
E           
E           6 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/sign
E           
E           7 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/create
E           
E           8 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/key1-000004/backup?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/key1-000004/backup
E           
E           9 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/restore?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/restore
E           
E           10 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create
E           
E           11 - (<Request (POST) https://cli-test-kv-key-000002.vault.azure.net/keys/eckey1/create?api-version=7.5-preview.1>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /keys/key1-000004/c80bd7e4188b4b5ba13d0768be7b8352/verify != /keys/eckey1/create

src/azure-cli/azure/cli/command_modules/keyvault/_command_type.py:49: CLIError		 azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py:1005
️✔️kusto
️✔️latest
️✔️3.11
️✔️3.9
️✔️lab
️✔️latest
️✔️3.11
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.11
️✔️3.9
️✔️maps
️✔️latest
️✔️3.11
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.11
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.11
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.11
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.11
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.11
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.11
️✔️3.9
️✔️profile
️✔️latest
️✔️3.11
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.11
️✔️3.9
️✔️redis
️✔️latest
️✔️3.11
️✔️3.9
️✔️relay
️✔️latest
️✔️3.11
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️role
️✔️latest
️✔️3.11
️✔️3.9
️✔️search
️✔️latest
️✔️3.11
️✔️3.9
️✔️security
️✔️latest
️✔️3.11
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.11
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.11
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.11
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.11
️✔️3.9
️✔️sql
️✔️latest
️✔️3.11
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.11
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.11
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️util
️✔️latest
️✔️3.11
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 25, 2024

Hi @freedge,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 25, 2024
edited
Loading

️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

@yonzhan
Copy link
Collaborator

yonzhan commented Jul 25, 2024

Keyvault

@microsoft-github-policy-service microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Jul 25, 2024
@microsoft-github-policy-service
Copy link
Contributor

microsoft-github-policy-service bot commented Jul 25, 2024

Thank you for your contribution freedge! We will review the pull request and get back to you soon.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Auto-Assign Auto assign by bot label Jul 25, 2024
@freedge
Copy link
Contributor Author

freedge commented Jul 26, 2024

(for the ecdsa verification this is due to https://github.com/Azure/azure-sdk-for-python/blob/c20cdc581cfb16052ebfec8a233b3fd4b73e4542/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/_internal.py#L104-L116 , openssl just uses a different format to encode the signature and we need a few lines of python to convert it)

@evelyn-ys
Copy link
Member

evelyn-ys commented Dec 16, 2024

@freedge Thanks for contribution! Refined code in #30521. Can you help verify?

@evelyn-ys evelyn-ys closed this Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evelyn-ys evelyn-ys Awaiting requested review from evelyn-ys

@jiasli jiasli Awaiting requested review from jiasli jiasli is a code owner

@calvinhzy calvinhzy Awaiting requested review from calvinhzy calvinhzy is a code owner

@yonzhan yonzhan Awaiting requested review from yonzhan

Assignees

@evelyn-ys evelyn-ys

Labels

Auto-Assign Auto assign by bot customer-reported Issues that are reported by GitHub users external to the Azure organization. KeyVault az keyvault

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

3 participants

@freedge @yonzhan @evelyn-ys

Comments