[AutoPR azure-keyvault-secrets]-generated-from-SDK Generation - Python-6050879#45863
Open
[AutoPR azure-keyvault-secrets]-generated-from-SDK Generation - Python-6050879#45863
Conversation
…yaml', API Version: 2025-07-01, SDK Release Type: stable, and CommitSHA: '3d69f01137e1271361cc8003e399475cbfefadec' in SpecRepo: 'https://github.com/Azure/azure-rest-api-specs' Pipeline run: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=6050879 Refer to https://eng.ms/docs/products/azure-developer-experience/develop/sdk-release/sdk-release-prerequisites to prepare for SDK release.
- Restore user-friendly SDK layer deleted by auto-generation - Add out_content_type parameter to get_secret() for PFX->PEM conversion - Add previous_version property to SecretProperties - Add 2025-07-01 and 2025-06-01-preview API versions - Add unit tests for new features (test_new_features.py) - Add live recording tests for previous_version and out_content_type - Update assets.json with new recordings tag - Fix proxy_startup.py to support ARM64 platform
API Change CheckAPIView identified API level changes in this PR and created the following API reviews |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates azure-keyvault-secrets to a newly generated TypeSpec-based data-plane surface targeting Key Vault Secrets API version 2025-07-01, including new request/response fields and updated generation/runtime plumbing.
Changes:
- Add support for
out_content_typeonSecretClient.get_secret(PFX → PEM conversion viaoutContentTypequery param) and introduceContentTypeenum. - Surface
previous_versiononSecretProperties(frompreviousVersionin service responses). - Update default API version to
2025-07-01and refresh generated models/operations, tests, samples, and packaging metadata.
Reviewed changes
Copilot reviewed 55 out of 56 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| sdk/keyvault/azure-keyvault-secrets/tsp-location.yaml | Updates TypeSpec source location/commit for generation. |
| sdk/keyvault/azure-keyvault-secrets/tests/test_secrets_client.py | Adds live tests for previous_version and out_content_type; updates imports. |
| sdk/keyvault/azure-keyvault-secrets/tests/test_secrets_async.py | Minor formatting in async test. |
| sdk/keyvault/azure-keyvault-secrets/tests/test_polling_method.py | Formatting-only change for polling method tests. |
| sdk/keyvault/azure-keyvault-secrets/tests/test_new_features.py | Adds unit tests validating query param + previous_version mapping. |
| sdk/keyvault/azure-keyvault-secrets/tests/conftest.py | Fixes trailing comma formatting in imports. |
| sdk/keyvault/azure-keyvault-secrets/tests/_test_case.py | Adjusts live auth env handling; configures credential for multi-tenant challenge flow. |
| sdk/keyvault/azure-keyvault-secrets/setup.py | Adds generated setup.py for packaging/versioning. |
| sdk/keyvault/azure-keyvault-secrets/sdk_packaging.toml | Removes legacy packaging config file. |
| sdk/keyvault/azure-keyvault-secrets/samples/recover_purge_operations_async.py | Adds pylint suppression header + formatting tweak. |
| sdk/keyvault/azure-keyvault-secrets/samples/recover_purge_operations.py | Adds pylint suppression header. |
| sdk/keyvault/azure-keyvault-secrets/samples/list_operations_async.py | Adds pylint suppression header + minor print formatting. |
| sdk/keyvault/azure-keyvault-secrets/samples/list_operations.py | Adds pylint suppression header + minor print formatting. |
| sdk/keyvault/azure-keyvault-secrets/samples/hello_world_async.py | Adds pylint suppression header + spacing. |
| sdk/keyvault/azure-keyvault-secrets/samples/hello_world.py | Adds pylint suppression header. |
| sdk/keyvault/azure-keyvault-secrets/samples/backup_restore_operations_async.py | Adds pylint suppression header + indentation fix. |
| sdk/keyvault/azure-keyvault-secrets/samples/backup_restore_operations.py | Adds pylint suppression header. |
| sdk/keyvault/azure-keyvault-secrets/pyproject.toml | Reformats TOML, moves packaging flag, keeps dynamic version/readme config. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/aio/_client.py | Adds out_content_type kw-only param and wires it to generated client. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/client_base.py | Adds new API versions and updates default to 2025-07-01. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_models.py | Adds SecretProperties.previous_version and populates it from bundles. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/models/_patch.py | Updates generated customization stub typing/header. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/models/_models.py | Adds previous_version to generated bundles; modernizes typing (dict[str, ...]). |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/models/_enums.py | Adds ContentType enum; docstring punctuation tweaks. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/models/init.py | Exposes ContentType from generated models package. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_vendor.py | Removes internal typing mixin module. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_patch.py | Updates generated customization stub typing/header. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_operations/_patch.py | Updates generated customization stub typing/header. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_operations/_operations.py | Adds out_content_type support + api-version validation; refactors paging types; tweaks streaming behavior. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_operations/init.py | Renames exported operations mixin to internal _KeyVaultClientOperationsMixin. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_configuration.py | Updates default api_version docstring/default to 2025-07-01. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/aio/_client.py | Uses new internal operations mixin and updated api_version docs. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_version.py | Bumps generated version to 4.11.0. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_vendor.py | Removes internal typing mixin module. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_validation.py | Adds api-version validation decorator used by generated operations. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_utils/serialization.py | Removes eval conversions; modernizes typing and serialization logic. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_utils/model_base.py | Significant generated runtime refactor (typing, optional handling, array-encoded formats, failsafe deserialize signature). |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_serialization.py | Removes large legacy generated serialization module. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_patch.py | Updates generated customization stub typing/header. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_operations/_patch.py | Updates generated customization stub typing/header. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_operations/_operations.py | Adds out_content_type query support + api-version validation; refactors paging types; tweaks streaming behavior. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_operations/init.py | Renames exported operations mixin to internal _KeyVaultClientOperationsMixin. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_model_base.py | Removes legacy generated model_base module (replaced by _utils/model_base.py). |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_configuration.py | Updates default api_version docstring/default to 2025-07-01. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_generated/_client.py | Uses new internal operations mixin and updated api_version docs. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_client.py | Adds out_content_type kw-only param and wires it to generated client. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/init.py | Re-exports ContentType from generated models. |
| sdk/keyvault/azure-keyvault-secrets/azure/keyvault/init.py | Removes header comments; keeps namespace package path extension. |
| sdk/keyvault/azure-keyvault-secrets/azure/init.py | Removes header comments; keeps namespace package path extension. |
| sdk/keyvault/azure-keyvault-secrets/assets.json | Updates assets tag for recording/asset synchronization. |
| sdk/keyvault/azure-keyvault-secrets/apiview-properties.json | Adds APIView cross-language mapping metadata. |
| sdk/keyvault/azure-keyvault-secrets/_metadata.json | Adds generation metadata (apiVersion, spec commit, emitter version). |
| sdk/keyvault/azure-keyvault-secrets/MANIFEST.in | Adjusts included files (py.typed path, init.py). |
| sdk/keyvault/azure-keyvault-secrets/CHANGELOG.md | Adds 4.11.0 entry (currently placeholder text). |
| eng/tools/azure-sdk-tools/devtools_testutils/proxy_startup.py | Adds Windows ARM64 platform mapping for test-proxy startup. |
Comment on lines
+54
to
+61
| packages=find_packages( | ||
| exclude=[ | ||
| "tests", | ||
| # Exclude packages that will be covered by PEP420 or nspkg | ||
| "azure", | ||
| "azure.keyvault", | ||
| "azure.keyvault.secrets", | ||
| ] |
There was a problem hiding this comment.
setup.py excludes the public package azure.keyvault.secrets, which would omit SecretClient and other public modules from the built distribution (only _generated would be packaged). Please align package discovery/excludes so the wheel includes the actual azure.keyvault.secrets package (and its subpackages) as shipped to customers.
Comment on lines
+15
to
+24
| PACKAGE_NAME = "azure-keyvault-secrets" | ||
| PACKAGE_PPRINT_NAME = "Key Vault Secrets" | ||
| PACKAGE_NAMESPACE = "azure.keyvault.secrets._generated" | ||
|
|
||
| # a.b.c => a/b/c | ||
| package_folder_path = PACKAGE_NAMESPACE.replace(".", "/") | ||
|
|
||
| # Version extraction inspired from 'requests' | ||
| with open(os.path.join(package_folder_path, "_version.py"), "r") as fd: | ||
| version = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE).group(1) |
There was a problem hiding this comment.
setup.py pulls the package version from azure.keyvault.secrets._generated._version.py, but this repo’s pyproject uses azure.keyvault.secrets._version.VERSION for the published package version. This mismatch can lead to publishing a wheel with a different version depending on build path; align version sourcing between setup.py and pyproject.toml.
| include *.md | ||
| include LICENSE | ||
| include azure/keyvault/secrets/py.typed | ||
| include azure/keyvault/secrets/_generated/py.typed |
There was a problem hiding this comment.
The PEP 561 py.typed marker is only included for the _generated subpackage. Since azure.keyvault.secrets exposes typed public APIs, the type marker should be present/included for the azure/keyvault/secrets/ package itself as well; otherwise type checkers may treat the main package as untyped.
Suggested change
| include azure/keyvault/secrets/_generated/py.typed | |
| include azure/keyvault/secrets/_generated/py.typed | |
| include azure/keyvault/secrets/py.typed |
Comment on lines
+5
to
6
| import base64 | ||
| import functools |
There was a problem hiding this comment.
base64 is imported but never used in this test module. Please remove the unused import to keep linting clean.
Comment on lines
+396
to
+402
| from azure.keyvault.certificates import CertificateClient, CertificatePolicy | ||
|
|
||
| cert_client = self.create_client_from_credential( | ||
| CertificateClient, | ||
| credential=self.get_credential(CertificateClient), | ||
| vault_url=client.vault_url, | ||
| ) |
There was a problem hiding this comment.
These new live tests import azure.keyvault.certificates at runtime. azure-keyvault-certificates is not listed in this package’s dev/test requirements, so running the secrets test suite in isolation will fail with ImportError. Consider using pytest.importorskip("azure.keyvault.certificates") and/or adding the certificates package to the test dependencies for this package.
Comment on lines
+5
to
+6
| skip changelog generation for data-plane package and please add changelog manually. | ||
|
|
There was a problem hiding this comment.
The 4.11.0 changelog entry contains a generation placeholder rather than user-facing release notes. For a stable release, please replace this with a summary of the actual shipped changes (e.g., previous_version support and out_content_type/PFX→PEM retrieval).
Suggested change
| skip changelog generation for data-plane package and please add changelog manually. | |
| ### Features Added | |
| - Added support for a `previous_version` parameter, allowing callers to retrieve or operate on the version of a secret that was active immediately before the current version. | |
| - Added support for specifying an `out_content_type` when retrieving secrets containing certificate material, enabling conversion of PFX-formatted secrets to PEM when requested. | |
| ### Bugs Fixed | |
| - Improved handling of PFX secrets when converting to PEM using `out_content_type`, ensuring the returned content matches the requested output format. | |
| ### Other Changes | |
| - Minor documentation and typing improvements. |
Comment on lines
+12
to
+13
| from azure.core.pipeline.transport import HttpRequest | ||
| from azure.keyvault.secrets import SecretClient, ContentType, SecretProperties |
There was a problem hiding this comment.
HttpRequest is imported but not used in this test file. Please remove the unused import to avoid lint failures.
Comment on lines
35
to
+42
| permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted entity | ||
| during the retention interval (90 days), unless a Purge operation is requested, or the | ||
| subscription is cancelled. System wil permanently delete it after 90 days, if not recovered""" | ||
| subscription is cancelled. System wil permanently delete it after 90 days, if not recovered.""" | ||
| RECOVERABLE = "Recoverable" | ||
| """Denotes a vault state in which deletion is recoverable without the possibility for immediate | ||
| and permanent deletion (i.e. purge). This level guarantees the recoverability of the deleted | ||
| entity during the retention interval (90 days) and while the subscription is still available. | ||
| System wil permanently delete it after 90 days, if not recovered""" | ||
| System wil permanently delete it after 90 days, if not recovered.""" |
There was a problem hiding this comment.
There are spelling errors in these docstrings (e.g., "System wil permanently delete..."). Please correct "wil" to "will" to avoid shipping typos in public API documentation.
Comment on lines
+29
to
+36
| :keyword api_version: The API version to use for this operation. Known values are "2025-07-01" | ||
| and None. Default value is "2025-07-01". Note that overriding this default value may result in | ||
| unsupported behavior. | ||
| :paramtype api_version: str | ||
| """ | ||
|
|
||
| def __init__(self, vault_base_url: str, credential: "TokenCredential", **kwargs: Any) -> None: | ||
| api_version: str = kwargs.pop("api_version", "7.6") | ||
| api_version: str = kwargs.pop("api_version", "2025-07-01") |
There was a problem hiding this comment.
The configuration docstring says the known api_version values are "2025-07-01" and None, but the client supports multiple versions (including preview/legacy versions) and None isn’t a meaningful API version. Please update the docstring to list the actual supported values (or remove the misleading "and None").
Comment on lines
+4
to
+5
| additionalDirectories: | ||
| - specification/keyvault/data-plane/Secrets/common |
There was a problem hiding this comment.
There’s trailing whitespace after additionalDirectories: which can cause noisy diffs and some linters to fail. Please remove the extra space after the colon.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Configurations: 'specification/keyvault/data-plane/Secrets/tspconfig.yaml', API Version: 2025-07-01, SDK Release Type: stable, and CommitSHA: '3d69f01137e1271361cc8003e399475cbfefadec' in SpecRepo: 'https://github.com/Azure/azure-rest-api-specs' Pipeline run: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=6050879 Refer to https://eng.ms/docs/products/azure-developer-experience/develop/sdk-release/sdk-release-prerequisites to prepare for SDK release.