[KeyVault] - Migrate KeyVault Certificates, Keys and Secrets to Core V2

sdk/keyvault/keyvault-admin/src/accessControlClient.ts

@@ -18,13 +18,13 @@ import {
   ListRoleDefinitionsPageSettings,
   SetRoleDefinitionOptions,
 } from "./accessControlModels";
-import { LATEST_API_VERSION, authenticationScopes } from "./constants";
 import { KeyVaultClient } from "./generated/keyVaultClient";
+import { LATEST_API_VERSION } from "./constants";
 import { PagedAsyncIterableIterator } from "@azure/core-paging";
 import { RoleAssignmentsListForScopeOptionalParams } from "./generated/models";
 import { TokenCredential } from "@azure/core-auth";
 import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
-import { createChallengeCallbacks } from "./challengeAuthenticationCallbacks";
+import { createChallengeCallbacks } from "../../keyvault-common/src/";
 import { logger } from "./log";
 import { mappings } from "./mappings";
 import { tracingClient } from "./tracing";
@@ -89,7 +89,7 @@ export class KeyVaultAccessControlClient {
     this.client.pipeline.addPolicy(
       bearerTokenAuthenticationPolicy({
         credential,
-        scopes: authenticationScopes,
+        scopes: [],
         challengeCallbacks: createChallengeCallbacks(),
       })
     );

sdk/keyvault/keyvault-admin/src/backupClient.ts

@@ -10,7 +10,6 @@ import {
   KeyVaultRestoreResult,
   KeyVaultSelectiveKeyRestoreResult,
 } from "./backupClientModels";
-import { LATEST_API_VERSION, authenticationScopes } from "./constants";
 import { KeyVaultAdminPollOperationState } from "./lro/keyVaultAdminPoller";
 import { KeyVaultBackupOperationState } from "./lro/backup/operation";
 import { KeyVaultBackupPoller } from "./lro/backup/poller";
@@ -19,10 +18,11 @@ import { KeyVaultRestoreOperationState } from "./lro/restore/operation";
 import { KeyVaultRestorePoller } from "./lro/restore/poller";
 import { KeyVaultSelectiveKeyRestoreOperationState } from "./lro/selectiveKeyRestore/operation";
 import { KeyVaultSelectiveKeyRestorePoller } from "./lro/selectiveKeyRestore/poller";
+import { LATEST_API_VERSION } from "./constants";
 import { PollerLike } from "@azure/core-lro";
 import { TokenCredential } from "@azure/core-auth";
 import { bearerTokenAuthenticationPolicy } from "@azure/core-rest-pipeline";
-import { createChallengeCallbacks } from "./challengeAuthenticationCallbacks";
+import { createChallengeCallbacks } from "../../keyvault-common/src/";
 import { logger } from "./log";
 import { mappings } from "./mappings";
 
@@ -92,7 +92,7 @@ export class KeyVaultBackupClient {
     this.client.pipeline.addPolicy(
       bearerTokenAuthenticationPolicy({
         credential,
-        scopes: authenticationScopes,
+        scopes: [],
         challengeCallbacks: createChallengeCallbacks(),
       })
     );

sdk/keyvault/keyvault-admin/src/constants.ts

@@ -15,8 +15,3 @@ export const LATEST_API_VERSION = "7.3";
  * Supported API versions
  */
 export type SUPPORTED_API_VERSIONS = "7.2" | "7.3";
-
-/**
- * Authentication scopes
- */
-export const authenticationScopes = ["https://managedhsm.azure.net/.default"];

sdk/keyvault/keyvault-admin/test/internal/challengeAuthenticationCallbacks.spec.ts

@@ -2,7 +2,7 @@
 // Licensed under the MIT license.
 
 import { assert } from "@azure/test-utils";
-import { createChallengeCallbacks } from "../../src/challengeAuthenticationCallbacks";
+import { createChallengeCallbacks } from "../../../keyvault-common/src/";
 import {
   AuthorizeRequestOptions,
   ChallengeCallbacks,
@@ -118,15 +118,15 @@ describe("Challenge based authentication tests", function () {
         request,
         response: {
           headers: createHttpHeaders({
-            "WWW-Authenticate": `Bearer scope="cae_scope"`,
+            "WWW-Authenticate": `Bearer resource="cae_scope"`,
           }),
           request,
           status: 200,
         },
         scopes: [],
       });
 
-      assert.sameMembers(getAccessTokenScopes, ["cae_scope"]);
+      assert.sameMembers(getAccessTokenScopes, ["cae_scope/.default"]);
     });
 
     it("passes the tenantId if provided", async () => {

sdk/keyvault/keyvault-certificates/package.json

@@ -106,9 +106,13 @@
   },
   "dependencies": {
     "@azure/abort-controller": "^1.0.0",
-    "@azure/core-http": "^2.0.0",
+    "@azure/core-client": "^1.5.0",
+    "@azure/core-http-compat": "^1.3.0",
+    "@azure/core-rest-pipeline": "^1.8.0",
+    "@azure/core-auth": "^1.3.0",
     "@azure/core-lro": "^2.2.0",
     "@azure/core-paging": "^1.1.1",
+    "@azure/core-util": "^1.0.0-beta.1",
     "@azure/core-tracing": "^1.0.0",
     "@azure/logger": "^1.0.0",
     "tslib": "^2.2.0"
@@ -119,8 +123,9 @@
     "@azure/identity": "^2.1.0-beta.2",
     "@azure/keyvault-secrets": "^4.2.0",
     "@azure/test-utils": "^1.0.0",
+    "@azure-tools/test-credential": "^1.0.0",
     "@azure-tools/test-recorder": "^1.0.0",
-    "@microsoft/api-extractor": "7.18.11",
+    "@microsoft/api-extractor": "^7.18.11",
     "@types/mocha": "^7.0.2",
     "@types/node": "^12.0.0",
     "@types/sinon": "^9.0.4",