Skip to content

Commit 5844c0b

Browse files
viparekviparek
authored
[SQL] az sql server/db: Add support for versionless TDE keys (#32764)
1 parent 8e07add commit 5844c0b

4 files changed

Lines changed: 5047 additions & 824 deletions

File tree

src/azure-cli/azure/cli/command_modules/sql/custom.py

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4809,16 +4809,29 @@ def _get_server_key_name_from_uri(uri):
48094809
'''
48104810
import re
48114811

4812-
match = re.match(r'https://(.)+\.(managedhsm.azure.net|managedhsm-preview.azure.net|vault.azure.net|vault-int.azure-int.net|vault.azure.cn|managedhsm.azure.cn|vault.usgovcloudapi.net|managedhsm.usgovcloudapi.net|vault.microsoftazure.de|managedhsm.microsoftazure.de|vault.cloudapi.eaglex.ic.gov|vault.cloudapi.microsoft.scloud)(:443)?\/keys/[^\/]+\/[0-9a-zA-Z]+$', uri)
4812+
match = re.match(r'^https://(?!.*\.\.)[a-zA-Z0-9][a-zA-Z0-9.-]+[a-zA-Z0-9]\.(managedhsm.azure.net|managedhsm-preview.azure.net|vault.azure.net|vault-int.azure-int.net|vault.azure.cn|managedhsm.azure.cn|vault.usgovcloudapi.net|managedhsm.usgovcloudapi.net|vault.microsoftazure.de|managedhsm.microsoftazure.de|vault.cloudapi.eaglex.ic.gov|vault.cloudapi.microsoft.scloud|mdep.azure.net)(:443)?\/keys/[^\/]+(\/[0-9a-zA-Z]+|\/|)$', uri)
48134813

48144814
if match is None:
48154815
raise CLIError('The provided uri is invalid. Please provide a valid Azure Key Vault key id. For example: '
48164816
'"https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901" '
4817-
'or "https://YourManagedHsmRegion.YourManagedHsmName.managedhsm.azure.net/keys/YourKeyName/01234567890123456789012345678901"')
4817+
'or "https://YourManagedHsmRegion.YourManagedHsmName.managedhsm.azure.net/keys/YourKeyName/01234567890123456789012345678901" '
4818+
'for versioned key or "https://YourVaultName.vault.azure.net/keys/YourKeyName" for a versionless key.')
48184819

48194820
vault = uri.split('.')[0].split('/')[-1]
4820-
key = uri.split('/')[-2]
4821+
4822+
# uri.split('/') returns the output as ['https:', '', 'yourVaultName.vault.azure.net', 'keys', 'yourKey', ''] for versionless key
4823+
# and ['https:', '', 'yourVaultName.vault.azure.net', 'keys', 'yourKey', '01234567890123456789012345678901'] for versioned key
4824+
# In both cases, the value at index 4 is always the key name and index 5 is the key version.
4825+
key = uri.split('/')[4]
48214826
version = uri.split('/')[-1]
4827+
isVersionlessKeyId = False
4828+
4829+
if version is None or version == "" or version == key:
4830+
isVersionlessKeyId = True
4831+
4832+
if isVersionlessKeyId:
4833+
return '{}_{}'.format(vault, key)
4834+
48224835
return '{}_{}_{}'.format(vault, key, version)
48234836

48244837

0 commit comments

Comments
 (0)