Disable purge protection in examples

[leni-msft]

ARM API Information (Control Plane)

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow. Azure 1st Party Service can try out the Shift Left experience to initiate API design review from ADO code repo. If you are interested, may request engineering support by filling in with the form https://aka.ms/ShiftLeftSupportForm.

Changelog

Add a changelog entry for this PR by answering the following questions:

1. What's the purpose of the update?
   • [ ] new service onboarding
   • [ ] new API version
   • [ ] update existing version for new feature
   • [ ] update existing version to fix swagger quality issue in s360
   • [x] Other, please clarify: This PR is to set enablePurgeProtection to false in swagger examples, to avoid huge billing cost in API/SDK tests due to the irreversible flag
2. When are you targeting to deploy the new service/feature to public regions? Please provide the date or, if the date is not yet available, the month.
3. When do you expect to publish the swagger? Please provide date or, the the date is not yet available, the month.
4. By default, Azure SDKs of all languages (.NET/Python/Java/JavaScript for both management-plane SDK and data-plane SDK, Go for management-plane SDK only ) MUST be refreshed with/after swagger of new version is published. If you prefer NOT to refresh any specific SDK language upon swagger updates in the current PR, please leave details with justification here.

Contribution checklist (MS Employees Only):

• [ ] I commit to follow the Breaking Change Policy of "no breaking changes"
• [ ] I have reviewed the documentation for the workflow.
• [ ] Validation tools were run on swagger spec(s) and errors have all been fixed in this PR. How to fix?

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

Applicability: :warning:

If your changes encompass only the following scenarios, you should SKIP this section, as these scenarios do not require ARM review.

• Change to data plane APIs
• Adding new properties
• All removals

Otherwise your PR may be subject to ARM review requirements. Complete the following:

• [ ] Check this box if any of the following apply to the PR so that the label "ARMReview" and "WaitForARMFeedback" will be added by bot to kick off ARM API Review. Missing to check this box in the following scenario may result in delays to the ARM manifest review and deployment.

  • Adding a new service
  • Adding new API(s)
  • Adding a new API version -[ ] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits. You can use OpenAPIHub to initialize the PR for adding a new version. For more details refer to the wiki.

• [ ] Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.

• [ ] If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If you have any breaking changes as defined in the Breaking Change Policy, request approval from the Breaking Change Review Board.

Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Additional details on the process and office hours are on the Breaking Change Wiki.

NOTE: To update API(s) in public preview for over 1 year (refer to Retirement of Previews)

Please follow the link to find more details on PR review process.

[openapi-workflow-bot[bot]]

Hi, @leni-msft Thanks for your PR. I am workflow bot for review process. Here are some small tips.

Please ensure to do self-check against checklists in first PR comment.

PR assignee is the person auto-assigned and responsible for your current PR reviewing and merging.

For specs comparison cross API versions, Use API Specs Comparison Report Generator

If there is CI failure(s), to fix CI error(s) is mandatory for PR merging; or you need to provide justification in PR comment for explanation. How to fix?

Any feedback about review process or workflow bot, pls contact swagger and tools team. [email protected]

[openapi-pipeline-app[bot]]

Swagger Validation Report

️️✔️BreakingChange succeeded [Detail] [Expand]

There are no breaking changes.

️️✔️Breaking Change(Cross-Version) succeeded [Detail] [Expand]

There are no breaking changes.

️️✔️CredScan succeeded [Detail] [Expand]

There is no credential detected.

️️✔️LintDiff succeeded [Detail] [Expand]

Validation passes for LintDiff.

️️✔️Avocado succeeded [Detail] [Expand]

Validation passes for Avocado.

️️✔️ApiReadinessCheck succeeded [Detail] [Expand]

️️✔️~[Staging] ServiceAPIReadinessTest succeeded [Detail] [Expand]

Validation passes for ServiceAPIReadinessTest.

️️✔️ModelValidation succeeded [Detail] [Expand]

Validation passes for ModelValidation.

️️✔️SemanticValidation succeeded [Detail] [Expand]

Validation passes for SemanticValidation.

️️✔️PoliCheck succeeded [Detail] [Expand]

Validation passed for PoliCheck.

️️✔️PrettierCheck succeeded [Detail] [Expand]

Validation passes for PrettierCheck.

️️✔️SpellCheck succeeded [Detail] [Expand]

Validation passes for SpellCheck.

️️✔️Lint(RPaaS) succeeded [Detail] [Expand]

Validation passes for Lint(RPaaS).

️️✔️CadlValidation succeeded [Detail] [Expand]

Validation passes for CadlValidation.

️️✔️PR Summary succeeded [Detail] [Expand]

Validation passes for Summary.

_{Posted by Swagger Pipeline | How to fix these errors?}

[openapi-pipeline-app[bot]]

Swagger Generation Artifacts

️️✔️ApiDocPreview succeeded [Detail] [Expand]

️❌SDK Breaking Change Tracking failed [Detail]

Breaking Changes Tracking

❌azure-sdk-for-go - sdk/resourcemanager/keyvault/armkeyvault - 2.0.0

+	Struct `CloudErrorBody` has been removed
+	Struct `CloudError` has been removed

❌azure-sdk-for-js - @azure/arm-keyvault - 3.0.0

+	Interface MhsmPrivateEndpointConnectionsDeleteHeaders no longer has parameter retryAfter

️⚠️ azure-sdk-for-net-track2 warning [Detail]

• ⚠️Warning [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. SDK Automation 14.0.0

  command	pwsh ./eng/scripts/Automation-Sdk-Init.ps1 ../azure-sdk-for-net_tmp/initInput.json ../azure-sdk-for-net_tmp/initOutput.json
  warn	File azure-sdk-for-net_tmp/initOutput.json not found to read
  command	pwsh ./eng/scripts/Invoke-GenerateAndBuildV2.ps1 ../azure-sdk-for-net_tmp/generateInput.json ../azure-sdk-for-net_tmp/generateOutput.json
  warn	No file changes detected after generation

• ️✔️Azure.ResourceManager.KeyVault [View full logs] 
  • Azure.ResourceManager.KeyVault.1.1.0-alpha.20221024.1.nupkg

  info	[Changelog]

️⚠️ azure-sdk-for-python-track2 warning [Detail]

• ⚠️Warning [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. SDK Automation 14.0.0

  command	sh scripts/automation_init.sh ../azure-sdk-for-python_tmp/initInput.json ../azure-sdk-for-python_tmp/initOutput.json
  cmderr	[automation_init.sh] WARNING: Skipping azure-nspkg as it is not installed.
  command	sh scripts/automation_generate.sh ../azure-sdk-for-python_tmp/generateInput.json ../azure-sdk-for-python_tmp/generateOutput.json
  cmderr	[automation_generate.sh]
  cmderr	[automation_generate.sh] npm notice New minor version of npm available! 8.15.0 -> 8.19.2
  cmderr	[automation_generate.sh] npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.19.2>
  cmderr	[automation_generate.sh] npm notice Run `npm install -g [email protected]` to update!
  cmderr	[automation_generate.sh] npm notice

• ️✔️track2_azure-mgmt-keyvault [View full logs]  [Release SDK Changes]
  • azure_mgmt_keyvault-10.1.0-py3-none-any.whl
  • azure-mgmt-keyvault-10.1.0.zip

  info	[Changelog] ### Features Added
  info	[Changelog]
  info	[Changelog]   - Added model Enum10
  info	[Changelog]   - Added model Enum11
  info	[Changelog]   - Added model Enum12
  info	[Changelog]   - Added model Enum13
  info	[Changelog]   - Added model Enum16
  info	[Changelog]   - Added model Enum17
  info	[Changelog]   - Added model Enum5
  info	[Changelog]   - Added model Enum6
  info	[Changelog]   - Added model Enum9

️️✔️ azure-sdk-for-java succeeded [Detail] [Expand]

• ️✔️Succeeded [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. SDK Automation 14.0.0

  command	./eng/mgmt/automation/init.sh ../azure-sdk-for-java_tmp/initInput.json ../azure-sdk-for-java_tmp/initOutput.json
  command	./eng/mgmt/automation/generate.py ../azure-sdk-for-java_tmp/generateInput.json ../azure-sdk-for-java_tmp/generateOutput.json

• ️✔️azure-resourcemanager-keyvault-generated [View full logs]  [Release SDK Changes]
  • pom.xml
  • azure-resourcemanager-keyvault-generated-1.0.0-beta.1.jar
  • azure-resourcemanager-keyvault-generated-1.0.0-beta.1-sources.jar

️️✔️ azure-sdk-for-go succeeded [Detail] [Expand]

• ️✔️Succeeded [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. SDK Automation 14.0.0

  command	sh ./eng/scripts/automation_init.sh ../../../../../azure-sdk-for-go_tmp/initInput.json ../../../../../azure-sdk-for-go_tmp/initOutput.json
  command	generator automation-v2 ../../../../../azure-sdk-for-go_tmp/generateInput.json ../../../../../azure-sdk-for-go_tmp/generateOutput.json

• ️✔️sdk/resourcemanager/keyvault/armkeyvault [View full logs]  [Release SDK Changes] Breaking Change Detected

  info	[Changelog] ### Breaking Changes
  info	[Changelog]
  info	[Changelog] - Struct `CloudError` has been removed
  info	[Changelog] - Struct `CloudErrorBody` has been removed
  info	[Changelog]
  info	[Changelog] ### Features Added
  info	[Changelog]
  info	[Changelog] - New const `ActivationStatusNotActivated`
  info	[Changelog] - New const `KeyRotationPolicyActionTypeRotate`
  info	[Changelog] - New const `ActivationStatusActive`
  info	[Changelog] - New const `JSONWebKeyOperationRelease`
  info	[Changelog] - New const `KeyPermissionsSetrotationpolicy`
  info	[Changelog] - New const `ActivationStatusUnknown`
  info	[Changelog] - New const `ActivationStatusFailed`
  info	[Changelog] - New const `KeyRotationPolicyActionTypeNotify`
  info	[Changelog] - New const `KeyPermissionsRotate`
  info	[Changelog] - New const `KeyPermissionsRelease`
  info	[Changelog] - New const `KeyPermissionsGetrotationpolicy`
  info	[Changelog] - New type alias `KeyRotationPolicyActionType`
  info	[Changelog] - New type alias `ActivationStatus`
  info	[Changelog] - New function `*ManagedHsmsClient.CheckMhsmNameAvailability(context.Context, CheckMhsmNameAvailabilityParameters, *ManagedHsmsClientCheckMhsmNameAvailabilityOptions) (ManagedHsmsClientCheckMhsmNameAvailabilityResponse, error)`
  info	[Changelog] - New function `PossibleActivationStatusValues() []ActivationStatus`
  info	[Changelog] - New function `PossibleKeyRotationPolicyActionTypeValues() []KeyRotationPolicyActionType`
  info	[Changelog] - New struct `Action`
  info	[Changelog] - New struct `CheckMhsmNameAvailabilityParameters`
  info	[Changelog] - New struct `CheckMhsmNameAvailabilityResult`
  info	[Changelog] - New struct `KeyReleasePolicy`
  info	[Changelog] - New struct `KeyRotationPolicyAttributes`
  info	[Changelog] - New struct `LifetimeAction`
  info	[Changelog] - New struct `ManagedHSMSecurityDomainProperties`
  info	[Changelog] - New struct `ManagedHsmsClientCheckMhsmNameAvailabilityOptions`
  info	[Changelog] - New struct `ManagedHsmsClientCheckMhsmNameAvailabilityResponse`
  info	[Changelog] - New struct `RotationPolicy`
  info	[Changelog] - New struct `Trigger`
  info	[Changelog] - New field `RotationPolicy` in struct `KeyProperties`
  info	[Changelog] - New field `ReleasePolicy` in struct `KeyProperties`
  info	[Changelog] - New field `Etag` in struct `MHSMPrivateEndpointConnectionItem`
  info	[Changelog] - New field `ID` in struct `MHSMPrivateEndpointConnectionItem`
  info	[Changelog]
  info	[Changelog] Total 4 breaking change(s), 40 additive change(s).

️️✔️ azure-sdk-for-js succeeded [Detail] [Expand]

• ️✔️Succeeded [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. SDK Automation 14.0.0

  command	sh .scripts/automation_init.sh ../azure-sdk-for-js_tmp/initInput.json ../azure-sdk-for-js_tmp/initOutput.json
  warn	File azure-sdk-for-js_tmp/initOutput.json not found to read
  command	sh .scripts/automation_generate.sh ../azure-sdk-for-js_tmp/generateInput.json ../azure-sdk-for-js_tmp/generateOutput.json

• ️✔️@azure/arm-keyvault [View full logs]  [Release SDK Changes] Breaking Change Detected
  • azure-arm-keyvault-3.0.0.tgz

  info	[Changelog] **Features**
  info	[Changelog]
  info	[Changelog]   - Added operation ManagedHsms.checkMhsmNameAvailability
  info	[Changelog]   - Added Interface Action
  info	[Changelog]   - Added Interface CheckMhsmNameAvailabilityParameters
  info	[Changelog]   - Added Interface CheckMhsmNameAvailabilityResult
  info	[Changelog]   - Added Interface Key
  info	[Changelog]   - Added Interface KeyReleasePolicy
  info	[Changelog]   - Added Interface KeyRotationPolicyAttributes
  info	[Changelog]   - Added Interface LifetimeAction
  info	[Changelog]   - Added Interface ManagedHsm
  info	[Changelog]   - Added Interface ManagedHsmsCheckMhsmNameAvailabilityOptionalParams
  info	[Changelog]   - Added Interface ManagedHsmsCreateOrUpdateHeaders
  info	[Changelog]   - Added Interface ManagedHsmsDeleteHeaders
  info	[Changelog]   - Added Interface ManagedHSMSecurityDomainProperties
  info	[Changelog]   - Added Interface ManagedHsmsPurgeDeletedHeaders
  info	[Changelog]   - Added Interface ManagedHsmsUpdateHeaders
  info	[Changelog]   - Added Interface MhsmPrivateEndpointConnection
  info	[Changelog]   - Added Interface MhsmPrivateLinkResource
  info	[Changelog]   - Added Interface PrivateEndpointConnection
  info	[Changelog]   - Added Interface PrivateLinkResource
  info	[Changelog]   - Added Interface RotationPolicy
  info	[Changelog]   - Added Interface Secret
  info	[Changelog]   - Added Interface SecretAttributes
  info	[Changelog]   - Added Interface Trigger
  info	[Changelog]   - Added Type Alias ActivationStatus
  info	[Changelog]   - Added Type Alias KeyRotationPolicyActionType
  info	[Changelog]   - Added Type Alias ManagedHsmsCheckMhsmNameAvailabilityResponse
  info	[Changelog]   - Added Type Alias ManagedHsmsPurgeDeletedResponse
  info	[Changelog]   - Interface KeyProperties has a new optional parameter releasePolicy
  info	[Changelog]   - Interface KeyProperties has a new optional parameter rotationPolicy
  info	[Changelog]   - Interface MhsmPrivateEndpointConnectionItem has a new optional parameter etag
  info	[Changelog]   - Interface MhsmPrivateEndpointConnectionItem has a new optional parameter id
  info	[Changelog]   - Added Enum KnownActivationStatus
  info	[Changelog]   - Enum KnownJsonWebKeyOperation has a new value Release
  info	[Changelog]   - Enum KnownKeyPermissions has a new value Getrotationpolicy
  info	[Changelog]   - Enum KnownKeyPermissions has a new value Release
  info	[Changelog]   - Enum KnownKeyPermissions has a new value Rotate
  info	[Changelog]   - Enum KnownKeyPermissions has a new value Setrotationpolicy
  info	[Changelog]
  info	[Changelog] **Breaking Changes**
  info	[Changelog]
  info	[Changelog]   - Interface MhsmPrivateEndpointConnectionsDeleteHeaders no longer has parameter retryAfter

️⚠️ azure-resource-manager-schemas warning [Detail]

• ⚠️Warning [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. Schema Automation 14.0.0

  command	.sdkauto/initScript.sh ../azure-resource-manager-schemas_tmp/initInput.json ../azure-resource-manager-schemas_tmp/initOutput.json
  cmderr	[initScript.sh]  old lockfile
  cmderr	[initScript.sh] npm WARN old lockfile The package-lock.json file was created with an old version of npm,
  cmderr	[initScript.sh] npm WARN old lockfile so supplemental metadata must be fetched from the registry.
  cmderr	[initScript.sh] npm WARN old lockfile
  cmderr	[initScript.sh] npm WARN old lockfile This is a one-time fix-up, please be patient...
  cmderr	[initScript.sh] npm WARN old lockfile
  warn	File azure-resource-manager-schemas_tmp/initOutput.json not found to read
  command	.sdkauto/generateScript.sh ../azure-resource-manager-schemas_tmp/generateInput.json ../azure-resource-manager-schemas_tmp/generateOutput.json
  warn	No file changes detected after generation

• ️✔️keyvault [View full logs] 

️❌ azure-powershell failed [Detail]

• ❌Failed [Logs]Release - Generate from 021e5ab6ec840d651d32a2c6bdf832800cdf8eb6. SDK Automation 14.0.0

  command	sh ./tools/SwaggerCI/init.sh ../azure-powershell_tmp/initInput.json ../azure-powershell_tmp/initOutput.json
  command	pwsh ./tools/SwaggerCI/psci.ps1 ../azure-powershell_tmp/generateInput.json ../azure-powershell_tmp/generateOutput.json

• ❌Az.keyvault [View full logs]  [Release SDK Changes]

_{Posted by Swagger Pipeline | How to fix these errors?}

[openapi-pipeline-app[bot]]

Generated ApiView

Language	Package Name	ApiView Link
Go	sdk/resourcemanager/keyvault/armkeyvault	Create ApiView failed. Please ensure your github account in Azure/Microsoft is public and add a comment "/azp run" to re-trigger the CI.
Python	track2_azure-mgmt-keyvault	Create ApiView failed. Please ensure your github account in Azure/Microsoft is public and add a comment "/azp run" to re-trigger the CI.
.Net	Azure.ResourceManager.KeyVault	Create ApiView failed. Please ensure your github account in Azure/Microsoft is public and add a comment "/azp run" to re-trigger the CI.
Java	azure-resourcemanager-keyvault-generated	Create ApiView failed. Please ensure your github account in Azure/Microsoft is public and add a comment "/azp run" to re-trigger the CI.
JavaScript	@azure/arm-keyvault	Create ApiView failed. Please ensure your github account in Azure/Microsoft is public and add a comment "/azp run" to re-trigger the CI.

[jlichwa]

Not that I see anything in particular wrong with this PR, but why? Isn't purge protection - especially on MHSMs - a good thing?

Purge protection is part of the best practices for both Key Vault and Managed HSM, it will help customers to follow good practices and avoid data loss.

[leni-msft]

@heaths @jlichwa When people are unfamiliar with the API and just use example values(maybe just for a try), then they won't be able to purge the resource until the retention period ends. So I'd recommend to set it to false in examples and leave it an option for users.

[jlichwa]

@heaths @jlichwa When people are unfamiliar with the API and just use example values(maybe just for a try), then they won't be able to purge the resource until the retention period ends. So I'd recommend to set it to false in examples and leave it an option for users.

In general customers will try either with Portal UX or CLI/PSH. REST API is rather used in development for production code. It is ok to not have it in examples, but just out of curiosity, was there customer complaint about it?

[leni-msft]

@heaths @jlichwa When people are unfamiliar with the API and just use example values(maybe just for a try), then they won't be able to purge the resource until the retention period ends. So I'd recommend to set it to false in examples and leave it an option for users.

In general customers will try either with Portal UX or CLI/PSH. REST API is rather used in development for production code. It is ok to not have it in examples, but just out of curiosity, was there customer complaint about it?

@jlichwa Thanks for approval. You're right, we met this trouble when doing API/SDK tests for KeyVault, where example values are used directly. Will share you more details via email.

[leni-msft]

/azp run

[azure-pipelines[bot]]

Azure Pipelines successfully started running 1 pipeline(s).