Azure-cli: [KeyVault] Get-default-policy returns gibberish in Python2

Created on 5 May 2017  路  5Comments  路  Source: Azure/azure-cli

When I run get-default-policy on Python 2 many of the fields are filled with gibberish such that I can't immediately turn around and use it to get a self-signed cert:

{
  "issuerParameters": {
    "name": "U2VsZg=="
  },
  "keyProperties": {
    "exportable": true,
    "keySize": 2048,
    "keyType": "UlNB",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90
      }
    }
  ],
  "secretProperties": {
    "contentType": "YXBwbGljYXRpb24veC1wa2NzMTI="
  },
  "x509CertificateProperties": {
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "Qz1VUywgU1Q9V0EsIEw9UmVkbW9uZCwgTz1Db250b3NvLCBPVT1Db250b3NvIEhSLCBDTj13d3cuY29udG9zby5jb20=",
    "validityInMonths": 12
  }
}

When I run on Python3:

{
  "issuerParameters": {
    "name": "Self"
  },
  "keyProperties": {
    "exportable": true,
    "keySize": 2048,
    "keyType": "RSA",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90
      }
    }
  ],
  "secretProperties": {
    "contentType": "application/x-pkcs12"
  },
  "x509CertificateProperties": {
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com",
    "validityInMonths": 12
  }
}

(env) C:\Users\trpresco\Documents\github\azure-cli>az keyvault certificate get-default-policy
{
  "issuerParameters": {
    "name": "Self"
  },
  "keyProperties": {
    "exportable": true,
    "keySize": 2048,
    "keyType": "RSA",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90
      }
    }
  ],
  "secretProperties": {
    "contentType": "application/x-pkcs12"
  },
  "x509CertificateProperties": {
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com",
    "validityInMonths": 12
  }
}

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Answer here: dev_setup.py

CLI Version: What version of the CLI and modules are installed? (Use az --version)
Answer here: azure-cli (2.0.4+dev)

acr (2.0.2+dev)
acs (2.0.4+dev)
appservice (0.1.4+dev)
batch (2.0.2+dev)
cloud (2.0.2+dev)
component (2.0.2+dev)
configure (2.0.4+dev)
container (0.1.4+dev)
core (2.0.4+dev)
dla (0.0.4+dev)
dls (0.0.4+dev)
documentdb (0.1.4+dev)
feedback (2.0.2+dev)
find (0.2.1+dev)
iot (0.1.4+dev)
keyvault (2.0.2+dev)
lab (0.0.3+dev)
monitor (0.0.3+dev)
network (2.0.4+dev)
nspkg (3.0.0+dev)
profile (2.0.4+dev)
redis (0.2.1+dev)
resource (2.0.4+dev)
role (2.0.3+dev)
shell (0.2.3+dev)
sql (2.0.2+dev)
storage (2.0.4+dev)
taskhelp (0.1.2+dev)
testsdk (0.1.0+dev)
utility-automation (0.1.1)
vm (2.0.4+dev)

OS Version: What OS and version are you using?
Answer here: Windows 10 CU

Shell Type: What shell are you using? (e.g. bash, cmd.exe, Bash on Windows)
Answer here: cmd.exe

KeyVault Service Attention bug
Source
picture tjprescott

All 5 comments

Well... this is dumb. I'm simply returning an instance of a model class and the serializer is returning what looks to be base64 encoded strings.

devigned picture devigned on 5 May 2017

@tjprescott we should have a label of python 2 vs 3 silliness.

devigned picture devigned on 5 May 2017

I fixed it in my current PR by converting strings from:
'my merry string' to u'my merry string'. This causes the desired behavior on Python 2 and 3 (and I agree, it is dumb.)

tjprescott picture tjprescott on 5 May 2017

Wanna add this too?

    def _test_keyvault_certificate_get_default_policy(self):
        result = self.cmd('keyvault certificate get-default-policy')
        self.assertEqual(result['issuerParameters']['name'], 'Self')
        self.assertEqual(result['secretProperties']['contentType'], 'application/x-pkcs12')
        subject = 'C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com'
        self.assertEqual(result['x509CertificateProperties']['subject'], subject)
devigned picture devigned on 5 May 2017
1

Yup. Also added similar checks for --scaffold since it is a different code path.

tjprescott picture tjprescott on 5 May 2017
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

amarzavery picture amarzavery  路  3Comments
derekperkins picture derekperkins  路  3Comments
ahmetb picture ahmetb  路  3Comments
derekbekoe picture derekbekoe  路  3Comments
williexu picture williexu  路  3Comments