Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
KeyVault library returns less number of fields when compared to PowerShell command
See original GitHub issue- Package Name: azure-mgmt-keyvault
- Package Version: 8.0.0
- Operating System: MacOS Catalina (10.15.6)
- Python Version: 3.8.6
Describe the bug
When querying the API to get the metadata for a KeyVault via python, the access policies does not show the DisplayName which tells what person/AD group has access. While the fields returned by powershell package which shows the identifier(DisplayName) in windows using command - Get-AzKeyVault -VaultName 'abc'
All the other fields are the same but this is a missing field.
To Reproduce Steps to reproduce the behavior:
- Code for python -
from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.identity import UsernamePasswordCredential
from pprint import pprint
credentials = UserPassCredentials(username=os.getenv('AZURE_USERNAME'), password=os.getenv('AZURE_PASSWORD'))
Key_Vault_Management_Client = KeyVaultManagementClient(credential=credentials,
subscription_id="abc")
key_vault_iterator = Key_Vault_Management_Client.vaults.list_by_resource_group(resource_group_name = "r_group_name")
key_vault_list = [key_vault.as_dict() for key_vault in key_vault_iterator]
pprint(key_vault_list[0])
- Code for powershell -
Get-AzKeyVault -VaultName 'abc'
Expected behavior The expected output would be to get the same fields from both the mechanisms, while most of the returned output is same one key difference is the Displayname and Application ID in the access policy (these fields are extra in powershell). Please see the example output(modified to remove some identifiers) Python -
{'id': '/subscriptions/subscription_id/resourceGroups/r_group_name/providers/Microsoft.KeyVault/vaults/abc',
'location': 'eastus2',
'name': 'abc',
'properties': {'access_policies': [{'object_id': 'Object_ID',
'permissions': {'certificates': ['Get',
'List',
'Update',
'Create',
'Import',
'Delete',
'Recover',
'Backup',
'Restore',
'ManageContacts',
'ManageIssuers',
'GetIssuers',
'ListIssuers',
'SetIssuers',
'DeleteIssuers',
'Purge'],
'keys': ['Get',
'List',
'Update',
'Create',
'Import',
'Delete',
'Recover',
'Backup',
'Restore',
'Purge'],
'secrets': ['Get',
'List',
'Set',
'Delete',
'Recover',
'Backup',
'Restore',
'Purge'],
'storage': []},
'tenant_id': 'Tenant_ID'},
{'object_id': 'Object_ID_2',
'permissions': {'certificates': [],
'keys': ['WrapKey',
'UnwrapKey',
'Get'],
'secrets': [],
'storage': []},
'tenant_id': 'Tenant_ID'},
{'object_id': 'Object_ID_3',
'permissions': {'certificates': [],
'keys': ['Get',
'List',
'Update',
'Create',
'Import',
'Delete',
'Recover',
'Backup',
'Restore',
'Decrypt',
'Encrypt',
'UnwrapKey',
'WrapKey',
'Verify',
'Sign'],
'secrets': ['Get',
'List',
'Set',
'Delete',
'Recover',
'Backup',
'Restore'],
'storage': []},
'tenant_id': 'Tenant_ID'}],
'enable_purge_protection': True,
'enable_rbac_authorization': False,
'enable_soft_delete': True,
'enabled_for_deployment': False,
'enabled_for_disk_encryption': False,
'enabled_for_template_deployment': False,
'network_acls': {'bypass': 'AzureServices',
'default_action': 'Deny',
'ip_rules': [{'value': '192.168.236.128/25'},
{'value': '192.168.242.16/28'}],
'virtual_network_rules': [{'id': '/subscriptions/id/resourcegroups/xxx/microsoft.network/virtualnetworks/xxx-vnet/subnets/xxx'}]},
'sku': {'family': 'A', 'name': 'premium'},
'tenant_id': 'Tenant_ID',
'vault_uri': 'https://abc.vault.azure.net/'},
'type': 'Microsoft.KeyVault/vaults'}
Powershell -
Vault Name : abc
Resource Group Name : r_group_name
Location : eastus2
Resource ID : /subscriptions/subscription_id/resourceGroups/r_group_name/providers/Microsoft.KeyVault/vaults/abc
Vault URI : https://abc.vault.azure.net/
Tenant ID : Tenant_ID
SKU : Premium
Enabled For Deployment? : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : Tenant_ID
Object ID : Object_ID
Application ID :
Display Name : Name_of_person
Permissions to Keys : Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, Purge
Permissions to Secrets : Get, List, Set, Delete, Recover, Backup, Restore, Purge
Permissions to Certificates : Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, ManageContacts, ManageIssuers, GetIssuers, ListIssuers, SetIssuers, DeleteIssuers,
Purge
Permissions to (Key Vault Managed) Storage :
Tenant ID : Tenant_ID
Object ID : Object_ID_2
Application ID :
Display Name : Name_of_person
Permissions to Keys : WrapKey, UnwrapKey, Get
Permissions to Secrets :
Permissions to Certificates :
Permissions to (Key Vault Managed) Storage :
Tenant ID : Tenant_ID
Object ID : Object_ID_3
Application ID :
Display Name : AD_Group
Permissions to Keys : Get, List, Update, Create, Import, Delete, Recover, Backup, Restore, Decrypt, Encrypt, UnwrapKey, WrapKey, Verify, Sign
Permissions to Secrets : Get, List, Set, Delete, Recover, Backup, Restore
Permissions to Certificates :
Permissions to (Key Vault Managed) Storage :
Network Rule Set :
Default Action : Deny
Bypass : AzureServices
IP Rules : 192.168.242.16/28, 192.168.236.128/25
Virtual Network Rules : /subscriptions/id/resourcegroups/xxx/microsoft.network/virtualnetworks/xxx-vnet/subnets/xxx
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Configuration as Code for Microsoft Intune
In this blog, we cover step-by-step Configuration as Code procedures for two Intune tenants. There are many ways to implement Configuration as ...
Read more >Set and retrieve a secret from Azure Key Vault using PowerShell
In this quickstart, learn how to create, retrieve, and delete secrets from an Azure Key Vault using Azure PowerShell.
Read more >About Azure Key Vault secrets - Microsoft Learn
Key Vault also supports a contentType field for secrets. Clients may specify the content type of a secret to assist in interpreting the...
Read more >Azure Key Vault for Password Management for SQL Server ...
Learn how to use the Azure Key Vault to manage passwords for SQL Server using PowerShell cmdlets.
Read more >Manage role-based access control for Azure Key Vault keys ...
In this post, we will be looking at the new RBAC model on Azure Key Vaults and how we can manage access with...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
SDK and PowerShell are completely independent. @allenjzhang is that something what can be changed in Track 2. Can you help us assigned it to right engineer?
Hi @reach4bawer, since you haven’t asked that we “
/unresolve” the issue, we’ll close this out. If you believe further discussion is needed, please add a comment “/unresolve” to reopen the issue.