search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.95k forks source link

[KeyVault] Get-default-policy returns gibberish in Python2 #3171

Closed tjprescott closed 7 years ago

tjprescott commented 7 years ago

When I run get-default-policy on Python 2 many of the fields are filled with gibberish such that I can't immediately turn around and use it to get a self-signed cert:

{
  "issuerParameters": {
    "name": "U2VsZg=="
  },
  "keyProperties": {
    "exportable": true,
    "keySize": 2048,
    "keyType": "UlNB",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90
      }
    }
  ],
  "secretProperties": {
    "contentType": "YXBwbGljYXRpb24veC1wa2NzMTI="
  },
  "x509CertificateProperties": {
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "Qz1VUywgU1Q9V0EsIEw9UmVkbW9uZCwgTz1Db250b3NvLCBPVT1Db250b3NvIEhSLCBDTj13d3cuY29udG9zby5jb20=",
    "validityInMonths": 12
  }
}

When I run on Python3:

{
  "issuerParameters": {
    "name": "Self"
  },
  "keyProperties": {
    "exportable": true,
    "keySize": 2048,
    "keyType": "RSA",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90
      }
    }
  ],
  "secretProperties": {
    "contentType": "application/x-pkcs12"
  },
  "x509CertificateProperties": {
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com",
    "validityInMonths": 12
  }
}

(env) C:\Users\trpresco\Documents\github\azure-cli>az keyvault certificate get-default-policy
{
  "issuerParameters": {
    "name": "Self"
  },
  "keyProperties": {
    "exportable": true,
    "keySize": 2048,
    "keyType": "RSA",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90
      }
    }
  ],
  "secretProperties": {
    "contentType": "application/x-pkcs12"
  },
  "x509CertificateProperties": {
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com",
    "validityInMonths": 12
  }
}

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Answer here: dev_setup.py

CLI Version: What version of the CLI and modules are installed? (Use az --version)
Answer here: azure-cli (2.0.4+dev)

acr (2.0.2+dev) acs (2.0.4+dev) appservice (0.1.4+dev) batch (2.0.2+dev) cloud (2.0.2+dev) component (2.0.2+dev) configure (2.0.4+dev) container (0.1.4+dev) core (2.0.4+dev) dla (0.0.4+dev) dls (0.0.4+dev) documentdb (0.1.4+dev) feedback (2.0.2+dev) find (0.2.1+dev) iot (0.1.4+dev) keyvault (2.0.2+dev) lab (0.0.3+dev) monitor (0.0.3+dev) network (2.0.4+dev) nspkg (3.0.0+dev) profile (2.0.4+dev) redis (0.2.1+dev) resource (2.0.4+dev) role (2.0.3+dev) shell (0.2.3+dev) sql (2.0.2+dev) storage (2.0.4+dev) taskhelp (0.1.2+dev) testsdk (0.1.0+dev) utility-automation (0.1.1) vm (2.0.4+dev)

OS Version: What OS and version are you using?
Answer here: Windows 10 CU

Shell Type: What shell are you using? (e.g. bash, cmd.exe, Bash on Windows)
Answer here: cmd.exe

devigned commented 7 years ago

Well... this is dumb. I'm simply returning an instance of a model class and the serializer is returning what looks to be base64 encoded strings.

devigned commented 7 years ago

@tjprescott we should have a label of python 2 vs 3 silliness.

tjprescott commented 7 years ago

I fixed it in my current PR by converting strings from: 'my merry string' to u'my merry string'. This causes the desired behavior on Python 2 and 3 (and I agree, it is dumb.)

devigned commented 7 years ago

Wanna add this too?

    def _test_keyvault_certificate_get_default_policy(self):
        result = self.cmd('keyvault certificate get-default-policy')
        self.assertEqual(result['issuerParameters']['name'], 'Self')
        self.assertEqual(result['secretProperties']['contentType'], 'application/x-pkcs12')
        subject = 'C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com'
        self.assertEqual(result['x509CertificateProperties']['subject'], subject)
tjprescott commented 7 years ago

Yup. Also added similar checks for --scaffold since it is a different code path.