{Keyvault} Bump MHSM api version to 2024-11-01

src/azure-cli-core/azure/cli/core/profiles/_shared.py

@@ -186,9 +186,9 @@ def default_api_version(self):
         ResourceType.MGMT_RESOURCE_MANAGEDAPPLICATIONS: '2019-07-01',
         ResourceType.MGMT_NETWORK_DNS: '2018-05-01',
         ResourceType.MGMT_NETWORK_PRIVATEDNS: None,
-        ResourceType.MGMT_KEYVAULT: SDKProfile('2023-07-01', {
+        ResourceType.MGMT_KEYVAULT: SDKProfile('2024-11-01', {
             'vaults': '2023-02-01',
-            'managed_hsms': '2023-07-01'
+            'managed_hsms': '2024-11-01'
         }),
         ResourceType.MGMT_AUTHORIZATION: SDKProfile('2022-04-01', {
             'classic_administrators': '2015-06-01',

src/azure-cli/azure/cli/command_modules/acr/tests/latest/recordings/test_acr_encryption_with_cmk.yaml

@@ -313,7 +313,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1160'
+      - '1134'
       content-type:
       - application/json; charset=utf-8
       date:

src/azure-cli/azure/cli/command_modules/ams/tests/latest/recordings/test_ams_encryption_set_show.yaml

@@ -285,7 +285,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1161'
+      - '1137'
       content-type:
       - application/json; charset=utf-8
       date:

src/azure-cli/azure/cli/command_modules/backup/tests/latest/recordings/test_backup_encryption.yaml

@@ -1891,7 +1891,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '845'
+      - '819'
       content-type:
       - application/json; charset=utf-8
       date:

src/azure-cli/azure/cli/command_modules/eventhubs/tests/latest/recordings/test_eh_namespace_encryption.yaml

@@ -485,7 +485,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1038'
+      - '1014'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -699,7 +699,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1185'
+      - '1161'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -751,7 +751,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1185'
+      - '1161'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -815,7 +815,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1335'
+      - '1311'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -867,7 +867,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1335'
+      - '1311'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -933,7 +933,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1487'
+      - '1463'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -985,7 +985,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1487'
+      - '1463'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -1053,7 +1053,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1638'
+      - '1614'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -7236,7 +7236,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1638'
+      - '1614'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -7306,7 +7306,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1771'
+      - '1747'
       content-type:
       - application/json; charset=utf-8
       date:

src/azure-cli/azure/cli/command_modules/keyvault/_params.py

@@ -160,7 +160,7 @@ class CLISecurityDomainOperation(str, Enum):
                    help='[HSM Only] Administrator role for data plane operations for Managed HSM. '
                         'It accepts a space separated list of OIDs that will be assigned.')
         c.argument('sku', help='Required. SKU details. Allowed values for Vault: premium, standard. Default: standard.'
-                               ' Allowed values for HSM: Standard_B1, Custom_B32. Default: Standard_B1')
+                               ' Allowed values for HSM: Standard_B1, Custom_B32, Custom_B6, Custom_C42, Custom_C10. Default: Standard_B1')
         c.argument('no_self_perms', arg_type=get_three_state_flag(),
                    help='[Vault Only] Don\'t add permissions for the current user/service principal in the new vault.')
         c.argument('location', validator=get_default_location_from_resource_group)

src/azure-cli/azure/cli/command_modules/keyvault/_validators.py

@@ -708,8 +708,8 @@ def process_certificate_policy(cmd, ns):
         raise CLIError('incorrect usage: policy should be a JSON encoded string '
                        'or can use @{file} to load from a file(e.g.@my_policy.json).')
 
-    secret_properties = policy.get('secret_properties')
-    if secret_properties and not secret_properties.get('content_type') \
+    secret_properties = policy.get('secret_properties') or {}
+    if not secret_properties.get('content_type') \
             and hasattr(ns, 'certificate_bytes') and ns.certificate_bytes:
         from OpenSSL import crypto
         try:
@@ -719,11 +719,13 @@ def process_certificate_policy(cmd, ns):
         except (ValueError, crypto.Error):
             # else it should be a pfx file
             secret_properties['content_type'] = 'application/x-pkcs12'
+        policy['secret_properties'] = secret_properties
 
     if hasattr(ns, 'validity'):
-        x509_certificate_properties = policy.get('x509_certificate_properties')
-        if x509_certificate_properties and ns.validity:
+        x509_certificate_properties = policy.get('x509_certificate_properties') or {}
+        if ns.validity:
             x509_certificate_properties['validity_in_months'] = ns.validity
+            policy['x509_certificate_properties'] = x509_certificate_properties
         del ns.validity
 
     policyObj = build_certificate_policy(cmd.cli_ctx, policy)

src/azure-cli/azure/cli/command_modules/keyvault/custom.py

@@ -555,6 +555,7 @@ def create_hsm(cmd, client,
 
     if not sku:
         sku = 'Standard_B1'
+    sku_family = sku.split('_')[1][0]
 
     ManagedHsm = cmd.get_models('ManagedHsm', resource_type=ResourceType.MGMT_KEYVAULT,
                                 operation_group='managed_hsms')
@@ -574,7 +575,7 @@ def create_hsm(cmd, client,
                                       public_network_access=public_network_access)
     parameters = ManagedHsm(location=location,
                             tags=tags,
-                            sku=ManagedHsmSku(name=sku, family='B'),
+                            sku=ManagedHsmSku(name=sku, family=sku_family),
                             properties=properties)
 
     if user_identities:

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/policy3.json

@@ -1 +1 @@
-{"attributes": {"created": "2023-11-06T12:49:43+00:00", "enabled": true, "expires": null, "notBefore": null, "recoveryLevel": null, "updated": "2023-11-06T12:49:43+00:00"}, "id": "https://cli-test-kv-ct-hgmqnkw4z.vault.azure.net/certificates/cert2/policy", "issuerParameters": {"certificateTransparency": null, "certificateType": null, "name": "Self"}, "keyProperties": {"curve": null, "exportable": true, "keySize": 2048, "keyType": "RSA", "reuseKey": false}, "lifetimeActions": [{"action": {"actionType": "AutoRenew"}, "trigger": {"daysBeforeExpiry": null, "lifetimePercentage": 90}}], "secretProperties": {"contentType": "application/x-pkcs12"}, "x509CertificateProperties": {"ekus": ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], "keyUsage": ["digitalSignature", "keyAgreement", "keyCertSign", "keyEncipherment", "nonRepudiation"], "subject": "C=US, ST=WA, L=Redmon, O=Test Noodle, OU=TestNugget, CN=www.mytestdomain.com", "subjectAlternativeNames": {"dnsNames": ["1", "2"], "emails": null, "upns": null}, "validityInMonths": 60}}
+{"attributes": {"created": "2025-03-13T02:13:37+00:00", "enabled": true, "expires": null, "notBefore": null, "recoveryLevel": null, "updated": "2025-03-13T02:13:37+00:00"}, "id": "https://cli-test-kv-ct-w4r7mwdtm.vault.azure.net/certificates/cert2/policy", "issuerParameters": {"certificateTransparency": null, "certificateType": null, "name": "Self"}, "keyProperties": {"curve": null, "exportable": true, "keySize": 2048, "keyType": "RSA", "reuseKey": false}, "lifetimeActions": [{"action": {"actionType": "AutoRenew"}, "trigger": {"daysBeforeExpiry": null, "lifetimePercentage": 90}}], "secretProperties": {"contentType": "application/x-pkcs12"}, "x509CertificateProperties": {"ekus": ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], "keyUsage": ["digitalSignature", "keyAgreement", "keyCertSign", "keyEncipherment", "nonRepudiation"], "subject": "C=US, ST=WA, L=Redmon, O=Test Noodle, OU=TestNugget, CN=www.mytestdomain.com", "subjectAlternativeNames": {"dnsNames": ["1", "2"], "emails": null, "upns": null}, "validityInMonths": 60}}