azure-sdk-for-python icon indicating copy to clipboard operation
azure-sdk-for-python copied to clipboard
verified publisher icon Azure

Add a poller Return Type for purge_deleted_secret Method in SecretClient Class

Open asimarora opened this issue 4 years ago • 13 comments

Is your feature request related to a problem? Please describe. Yes. I was trying to Purge a Secret and then try to recreate it. Since purge_deleted_secret returns immediately without waiting for purge to complete, we are getting this error when we try to recreate it. azure.core.exceptions.ResourceExistsError: is currently being deleted and cannot be re-created; retry later.

We are doing this operation for multiple secrets, Hence we are getting flooded with lot of exceptions.

Describe the solution you'd like Please implement a Poller https://docs.microsoft.com/en-us/python/api/azure-core/azure.core.polling.lropoller?view=azure-python like we have for begin_delete_secret function so that it becomes handy to use/

Describe alternatives you've considered I tried to put wait function to wait for few seconds which works some time . But this is not a great solution for this problem.

Additional context Any other better solution please suggest/implement.

asimarora avatar Jun 15 '21 08:06 asimarora

Thanks for opening this issue. I agree such a poller would be useful. Unfortunately, it's impossible to implement today because there's nothing to poll. Key Vault doesn't have an API for checking purge status, and the APIs it does have don't allow a workaround. For example, GET /deletedsecrets/foo returns 404 before the purge completes. The only way to know a secret is really purged is to create a new one with the same name, which brings you back to where you started 😆

chlowell avatar Jun 16 '21 00:06 chlowell

Thanks for reply. Would that be possible/logical to implement an API in KeyVault for checking purge status ?

asimarora avatar Jun 16 '21 13:06 asimarora

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @RandalliLama, @schaabs, @jlichwa.

Issue Details

Is your feature request related to a problem? Please describe. Yes. I was trying to Purge a Secret and then try to recreate it. Since purge_deleted_secret returns immediately without waiting for purge to complete, we are getting this error when we try to recreate it. azure.core.exceptions.ResourceExistsError: is currently being deleted and cannot be re-created; retry later.

We are doing this operation for multiple secrets, Hence we are getting flooded with lot of exceptions.

Describe the solution you'd like Please implement a Poller https://docs.microsoft.com/en-us/python/api/azure-core/azure.core.polling.lropoller?view=azure-python like we have for begin_delete_secret function so that it becomes handy to use/

Describe alternatives you've considered I tried to put wait function to wait for few seconds which works some time . But this is not a great solution for this problem.

Additional context Any other better solution please suggest/implement.

Author: asimarora
Assignees: mccoyp
Labels:

KeyVault, Service Attention, customer-reported, feature-request, needs-team-attention
Milestone: -

ghost avatar Jun 16 '21 17:06 ghost

I tagged the Key Vault team on this issue. Can you please also describe your scenario for them--why is it important to permanently delete old versions of a secret when changing its value? (I assume you already know you can use set_secret to replace the value of a secret at any time without first purging it)

chlowell avatar Jun 16 '21 17:06 chlowell

Indeed whatever you said is correct. But I will try to describe my scenario.

We have an application which synchronizes keyvault(s) from Internal Applications. In the mean time any human operator can also access keyvault (who has access) and modify some secrets. If he/she deleted secrets but didn't purge it then Sync job will fail with an error that Secret is not yet purged . So every time Our Sync job blindly delete plus purge secrets and then recreate it.

Instead of putting workarounds over this It would be great If we can have a Poller for purge like we have for delete operation Since purge is like a hard delete. Any other better solution please suggest.

asimarora avatar Jun 16 '21 19:06 asimarora

Platform will be addressing this issue in upcoming changes in soft delete scenarios. Internally trackable workitem1424873

sebansal avatar Jun 28 '21 19:06 sebansal

Team is still ongoing making changes on Soft Delete.

sebansal avatar Oct 29 '21 22:10 sebansal

@asimarora Apologies for the late reply. We will update this thread once we have more details on this.

@sebansal Could you please provide an update on this once you get a chance ? Awaiting your reply. cc @RandalliLama, @schaabs, @jlichwa.

navba-MSFT avatar Mar 15 '22 09:03 navba-MSFT

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @RandalliLama, @schaabs, @jlichwa.

Issue Details

Is your feature request related to a problem? Please describe. Yes. I was trying to Purge a Secret and then try to recreate it. Since purge_deleted_secret returns immediately without waiting for purge to complete, we are getting this error when we try to recreate it. azure.core.exceptions.ResourceExistsError: is currently being deleted and cannot be re-created; retry later.

We are doing this operation for multiple secrets, Hence we are getting flooded with lot of exceptions.

Describe the solution you'd like Please implement a Poller https://docs.microsoft.com/en-us/python/api/azure-core/azure.core.polling.lropoller?view=azure-python like we have for begin_delete_secret function so that it becomes handy to use/

Describe alternatives you've considered I tried to put wait function to wait for few seconds which works some time . But this is not a great solution for this problem.

Additional context Any other better solution please suggest/implement.

Author: asimarora
Assignees: mccoyp
Labels:

feature-request, KeyVault, Service Attention, Client, customer-reported, needs-team-attention, needs-team-triage
Milestone: -

ghost avatar Mar 15 '22 09:03 ghost

The work on Soft Delete has been pushed out to next year, you can check back in q1 2023

sebansal avatar Mar 15 '22 16:03 sebansal

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jlichwa @RandalliLama @schaabs.

github-actions[bot] avatar Jan 10 '24 01:01 github-actions[bot]

@sebansal has there been an update on the soft delete work?

mccoyp avatar Jan 10 '24 01:01 mccoyp

There is no plan to implement it.

jlichwa avatar Jan 10 '24 17:01 jlichwa

Hi @asimarora, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.

github-actions[bot] avatar Mar 15 '24 18:03 github-actions[bot]