From e2b512900fcc5de6a09e7f5edf327e8ea6f1c21f Mon Sep 17 00:00:00 2001 From: azure-sdk Date: Tue, 10 Mar 2026 03:26:33 +0000 Subject: [PATCH 1/9] Configurations: 'specification/keyvault/Security.KeyVault.Certificates/tspconfig.yaml', API Version: 2025-07-01, SDK Release Type: stable, and CommitSHA: '35275d315efee7fa79b6661c29cb3f1c05e86b76' in SpecRepo: 'https://github.com/Azure/azure-rest-api-specs' Pipeline run: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=5984840 Refer to https://eng.ms/docs/products/azure-developer-experience/develop/sdk-release/sdk-release-prerequisites to prepare for SDK release. --- .../CHANGELOG.md | 13 +- .../implementation/CertificateClientImpl.java | 178 +++++++++++++++++- .../models/SubjectAlternativeNames.java | 65 +++++++ .../tsp-location.yaml | 7 +- 4 files changed, 246 insertions(+), 17 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md index ee77ebe4aed9..75f83a9648af 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md @@ -1,16 +1,15 @@ # Release History -## 4.9.0-beta.1 (Unreleased) +## 4.9.0-beta.1 (2026-03-10) ### Features Added -### Breaking Changes - -### Bugs Fixed +#### `models.SubjectAlternativeNames` was modified -- Fixed an issue where certain `HttpResponseException.getResponse()` calls could cause a `NullPointerException`. ([#47801](https://github.com/Azure/azure-sdk-for-java/issues/47801)) - -### Other Changes +* `setUniformResourceIdentifiers(java.util.List)` was added +* `setIpAddresses(java.util.List)` was added +* `getUniformResourceIdentifiers()` was added +* `getIpAddresses()` was added ## 4.8.5 (2026-01-29) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/CertificateClientImpl.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/CertificateClientImpl.java index a6ac254483a3..6934edb665c8 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/CertificateClientImpl.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/implementation/CertificateClientImpl.java @@ -693,7 +693,7 @@ Response getDeletedCertificateSync(@HostParam("vaultBaseUrl") String @UnexpectedResponseExceptionType(HttpResponseException.class) Mono> purgeDeletedCertificate(@HostParam("vaultBaseUrl") String vaultBaseUrl, @QueryParam("api-version") String apiVersion, @PathParam("certificate-name") String certificateName, - @HeaderParam("Accept") String accept, RequestOptions requestOptions, Context context); + RequestOptions requestOptions, Context context); @Delete("/deletedcertificates/{certificate-name}") @ExpectedResponses({ 204 }) @@ -703,7 +703,7 @@ Mono> purgeDeletedCertificate(@HostParam("vaultBaseUrl") String v @UnexpectedResponseExceptionType(HttpResponseException.class) Response purgeDeletedCertificateSync(@HostParam("vaultBaseUrl") String vaultBaseUrl, @QueryParam("api-version") String apiVersion, @PathParam("certificate-name") String certificateName, - @HeaderParam("Accept") String accept, RequestOptions requestOptions, Context context); + RequestOptions requestOptions, Context context); @Post("/deletedcertificates/{certificate-name}/recover") @ExpectedResponses({ 200 }) @@ -1071,6 +1071,12 @@ public PagedIterable getCertificates(RequestOptions requestOptions) * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -1176,6 +1182,12 @@ public Mono> deleteCertificateWithResponseAsync(String cert * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -2245,6 +2257,12 @@ public Response deleteCertificateIssuerWithResponse(String issuerNam * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -2371,6 +2389,12 @@ public Mono> createCertificateWithResponseAsync(String cert * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -2499,6 +2523,12 @@ public Response createCertificateWithResponse(String certificateName * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -2576,6 +2606,12 @@ public Response createCertificateWithResponse(String certificateName * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -2681,6 +2717,12 @@ public Mono> importCertificateWithResponseAsync(String cert * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -2758,6 +2800,12 @@ public Mono> importCertificateWithResponseAsync(String cert * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3071,6 +3119,12 @@ public PagedIterable getCertificateVersions(String certificateName, * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3158,6 +3212,12 @@ public Mono> getCertificatePolicyWithResponseAsync(String c * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3245,6 +3305,12 @@ public Response getCertificatePolicyWithResponse(String certificateN * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3311,6 +3377,12 @@ public Response getCertificatePolicyWithResponse(String certificateN * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3401,6 +3473,12 @@ public Mono> updateCertificatePolicyWithResponseAsync(Strin * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3467,6 +3545,12 @@ public Mono> updateCertificatePolicyWithResponseAsync(Strin * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3557,6 +3641,12 @@ public Response updateCertificatePolicyWithResponse(String certifica * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3633,6 +3723,12 @@ public Response updateCertificatePolicyWithResponse(String certifica * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3734,6 +3830,12 @@ public Mono> updateCertificateWithResponseAsync(String cert * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3810,6 +3912,12 @@ public Mono> updateCertificateWithResponseAsync(String cert * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -3912,6 +4020,12 @@ public Response updateCertificateWithResponse(String certificateName * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -4017,6 +4131,12 @@ public Mono> getCertificateWithResponseAsync(String certifi * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -4465,6 +4585,12 @@ public Response deleteCertificateOperationWithResponse(String certif * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -4593,6 +4719,12 @@ public Mono> mergeCertificateWithResponseAsync(String certi * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -4767,6 +4899,12 @@ public Response backupCertificateWithResponse(String certificateName * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -4879,6 +5017,12 @@ public Mono> restoreCertificateWithResponseAsync(BinaryData * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -5215,6 +5359,12 @@ public PagedIterable getDeletedCertificates(RequestOptions requestOp * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -5320,6 +5470,12 @@ public Mono> getDeletedCertificateWithResponseAsync(String * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -5401,9 +5557,8 @@ public Response getDeletedCertificateWithResponse(String certificate @ServiceMethod(returns = ReturnType.SINGLE) public Mono> purgeDeletedCertificateWithResponseAsync(String certificateName, RequestOptions requestOptions) { - final String accept = "application/json"; return FluxUtil.withContext(context -> service.purgeDeletedCertificate(this.getVaultBaseUrl(), - this.getServiceVersion().getVersion(), certificateName, accept, requestOptions, context)); + this.getServiceVersion().getVersion(), certificateName, requestOptions, context)); } /** @@ -5423,9 +5578,8 @@ public Mono> purgeDeletedCertificateWithResponseAsync(String cert */ @ServiceMethod(returns = ReturnType.SINGLE) public Response purgeDeletedCertificateWithResponse(String certificateName, RequestOptions requestOptions) { - final String accept = "application/json"; return service.purgeDeletedCertificateSync(this.getVaultBaseUrl(), this.getServiceVersion().getVersion(), - certificateName, accept, requestOptions, Context.NONE); + certificateName, requestOptions, Context.NONE); } /** @@ -5470,6 +5624,12 @@ public Response purgeDeletedCertificateWithResponse(String certificateName * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) @@ -5572,6 +5732,12 @@ public Mono> recoverDeletedCertificateWithResponseAsync(Str * upns (Optional): [ * String (Optional) * ] + * uris (Optional): [ + * String (Optional) + * ] + * ipAddresses (Optional): [ + * String (Optional) + * ] * } * key_usage (Optional): [ * String(digitalSignature/nonRepudiation/keyEncipherment/dataEncipherment/keyAgreement/keyCertSign/cRLSign/encipherOnly/decipherOnly) (Optional) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/models/SubjectAlternativeNames.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/models/SubjectAlternativeNames.java index 659dd3462af7..c8e236f0b497 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/models/SubjectAlternativeNames.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/models/SubjectAlternativeNames.java @@ -36,6 +36,18 @@ public final class SubjectAlternativeNames implements JsonSerializable userPrincipalNames; + /* + * Uniform Resource Identifiers. + */ + @Generated + private List uniformResourceIdentifiers; + + /* + * IP addresses; supports IPv4 and IPv6. + */ + @Generated + private List ipAddresses; + /** * Creates an instance of SubjectAlternativeNames class. */ @@ -109,6 +121,50 @@ public SubjectAlternativeNames setUserPrincipalNames(List userPrincipalN return this; } + /** + * Get the uniformResourceIdentifiers property: Uniform Resource Identifiers. + * + * @return the uniformResourceIdentifiers value. + */ + @Generated + public List getUniformResourceIdentifiers() { + return this.uniformResourceIdentifiers; + } + + /** + * Set the uniformResourceIdentifiers property: Uniform Resource Identifiers. + * + * @param uniformResourceIdentifiers the uniformResourceIdentifiers value to set. + * @return the SubjectAlternativeNames object itself. + */ + @Generated + public SubjectAlternativeNames setUniformResourceIdentifiers(List uniformResourceIdentifiers) { + this.uniformResourceIdentifiers = uniformResourceIdentifiers; + return this; + } + + /** + * Get the ipAddresses property: IP addresses; supports IPv4 and IPv6. + * + * @return the ipAddresses value. + */ + @Generated + public List getIpAddresses() { + return this.ipAddresses; + } + + /** + * Set the ipAddresses property: IP addresses; supports IPv4 and IPv6. + * + * @param ipAddresses the ipAddresses value to set. + * @return the SubjectAlternativeNames object itself. + */ + @Generated + public SubjectAlternativeNames setIpAddresses(List ipAddresses) { + this.ipAddresses = ipAddresses; + return this; + } + /** * {@inheritDoc} */ @@ -119,6 +175,9 @@ public JsonWriter toJson(JsonWriter jsonWriter) throws IOException { jsonWriter.writeArrayField("emails", this.emails, (writer, element) -> writer.writeString(element)); jsonWriter.writeArrayField("dns_names", this.dnsNames, (writer, element) -> writer.writeString(element)); jsonWriter.writeArrayField("upns", this.userPrincipalNames, (writer, element) -> writer.writeString(element)); + jsonWriter.writeArrayField("uris", this.uniformResourceIdentifiers, + (writer, element) -> writer.writeString(element)); + jsonWriter.writeArrayField("ipAddresses", this.ipAddresses, (writer, element) -> writer.writeString(element)); return jsonWriter.writeEndObject(); } @@ -147,6 +206,12 @@ public static SubjectAlternativeNames fromJson(JsonReader jsonReader) throws IOE } else if ("upns".equals(fieldName)) { List userPrincipalNames = reader.readArray(reader1 -> reader1.getString()); deserializedSubjectAlternativeNames.userPrincipalNames = userPrincipalNames; + } else if ("uris".equals(fieldName)) { + List uniformResourceIdentifiers = reader.readArray(reader1 -> reader1.getString()); + deserializedSubjectAlternativeNames.uniformResourceIdentifiers = uniformResourceIdentifiers; + } else if ("ipAddresses".equals(fieldName)) { + List ipAddresses = reader.readArray(reader1 -> reader1.getString()); + deserializedSubjectAlternativeNames.ipAddresses = ipAddresses; } else { reader.skipChildren(); } diff --git a/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml b/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml index 51d3add132dd..3ca4d56dd00c 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml +++ b/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml @@ -1,6 +1,5 @@ directory: specification/keyvault/Security.KeyVault.Certificates -commit: 396ab529763b7195ab089f58e2eefb011e1b290d +commit: 35275d315efee7fa79b6661c29cb3f1c05e86b76 repo: Azure/azure-rest-api-specs -cleanup: true -additionalDirectories: -- specification/keyvault/Security.KeyVault.Common/ +additionalDirectories: +- specification/keyvault/Security.KeyVault.Common From 51ccfdbf39d3d5cfa5c55bd4d16513a09692096b Mon Sep 17 00:00:00 2001 From: Rohit Singhal Date: Fri, 13 Mar 2026 00:11:29 -0700 Subject: [PATCH 2/9] Fix tsp-location.yaml and restore Bugs Fixed in CHANGELOG for keyvault-certificates --- .../azure-security-keyvault-certificates/CHANGELOG.md | 4 ++++ .../azure-security-keyvault-certificates/tsp-location.yaml | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md index 75f83a9648af..ba996e976778 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md @@ -11,6 +11,10 @@ * `getUniformResourceIdentifiers()` was added * `getIpAddresses()` was added +### Bugs Fixed + +- Fixed an issue where certain `HttpResponseException.getResponse()` calls could cause a `NullPointerException`. ([#47801](https://github.com/Azure/azure-sdk-for-java/issues/47801)) + ## 4.8.5 (2026-01-29) ### Other Changes diff --git a/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml b/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml index 3ca4d56dd00c..94a2837d2b59 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml +++ b/sdk/keyvault/azure-security-keyvault-certificates/tsp-location.yaml @@ -1,5 +1,6 @@ directory: specification/keyvault/Security.KeyVault.Certificates commit: 35275d315efee7fa79b6661c29cb3f1c05e86b76 repo: Azure/azure-rest-api-specs -additionalDirectories: -- specification/keyvault/Security.KeyVault.Common +cleanup: true +additionalDirectories: +- specification/keyvault/Security.KeyVault.Common/ From dd1a81f7cb4cb0be03a61d2de3188f00b5c90319 Mon Sep 17 00:00:00 2001 From: Rohit Singhal Date: Fri, 13 Mar 2026 00:51:36 -0700 Subject: [PATCH 3/9] Add 2025-06-01-preview and 2025-07-01 service versions to CertificateServiceVersion --- .../CHANGELOG.md | 5 +++++ .../src/main/java/CertificatesCustomizations.java | 5 +++-- .../certificates/CertificateServiceVersion.java | 12 ++++++++++-- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md index ba996e976778..d2b2409a20d3 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md @@ -11,6 +11,11 @@ * `getUniformResourceIdentifiers()` was added * `getIpAddresses()` was added +#### `CertificateServiceVersion` was modified + +* `V2025_06_01_PREVIEW` was added +* `V2025_07_01` was added + ### Bugs Fixed - Fixed an issue where certain `HttpResponseException.getResponse()` calls could cause a `NullPointerException`. ([#47801](https://github.com/Azure/azure-sdk-for-java/issues/47801)) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java b/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java index 22d052ee4585..a454ae69f7d8 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java @@ -103,7 +103,8 @@ private static void customizeServiceVersion(LibraryCustomization customization) .addImplementedType("ServiceVersion") .setJavadocComment("The versions of Azure Key Vault Certificates supported by this client library."); - for (String version : Arrays.asList("7.0", "7.1", "7.2", "7.3", "7.4", "7.5", "7.6")) { + for (String version : Arrays.asList("7.0", "7.1", "7.2", "7.3", "7.4", "7.5", "7.6", + "2025-06-01-preview", "2025-07-01")) { enumDeclaration.addEnumConstant("V" + version.replace('.', '_').replace('-', '_').toUpperCase()) .setJavadocComment("Service version {@code " + version + "}.") .addArgument(new StringLiteralExpr(version)); @@ -124,7 +125,7 @@ private static void customizeServiceVersion(LibraryCustomization customization) .setType("CertificateServiceVersion") .setJavadocComment(new Javadoc(parseText("Gets the latest service version supported by this client library.")) .addBlockTag("return", "The latest {@link CertificateServiceVersion}.")) - .setBody(StaticJavaParser.parseBlock("{ return V7_6; }")); + .setBody(StaticJavaParser.parseBlock("{ return V2025_07_01; }")); customization.getRawEditor() .addFile("src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java", diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java index 87b7d760bf7c..9f3a7626021d 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java @@ -37,7 +37,15 @@ public enum CertificateServiceVersion implements ServiceVersion { /** * Service version {@code 7.6}. */ - V7_6("7.6"); + V7_6("7.6"), + /** + * Service version {@code 2025-06-01-preview}. + */ + V2025_06_01_PREVIEW("2025-06-01-preview"), + /** + * Service version {@code 2025-07-01}. + */ + V2025_07_01("2025-07-01"); private final String version; @@ -59,6 +67,6 @@ public String getVersion() { * @return The latest {@link CertificateServiceVersion}. */ public static CertificateServiceVersion getLatest() { - return V7_6; + return V2025_07_01; } } From a34a7f1c3b95122a93aabe439c907e24adbc7387 Mon Sep 17 00:00:00 2001 From: Rohit Singhal Date: Fri, 13 Mar 2026 01:55:00 -0700 Subject: [PATCH 4/9] Revert getLatest() to V7_6 to fix playback test failures --- .../src/main/java/CertificatesCustomizations.java | 2 +- .../keyvault/certificates/CertificateServiceVersion.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java b/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java index a454ae69f7d8..b861c4f6d082 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/customizations/src/main/java/CertificatesCustomizations.java @@ -125,7 +125,7 @@ private static void customizeServiceVersion(LibraryCustomization customization) .setType("CertificateServiceVersion") .setJavadocComment(new Javadoc(parseText("Gets the latest service version supported by this client library.")) .addBlockTag("return", "The latest {@link CertificateServiceVersion}.")) - .setBody(StaticJavaParser.parseBlock("{ return V2025_07_01; }")); + .setBody(StaticJavaParser.parseBlock("{ return V7_6; }")); customization.getRawEditor() .addFile("src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java", diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java index 9f3a7626021d..82ad642622e6 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateServiceVersion.java @@ -67,6 +67,6 @@ public String getVersion() { * @return The latest {@link CertificateServiceVersion}. */ public static CertificateServiceVersion getLatest() { - return V2025_07_01; + return V7_6; } } From e68ac1ad262078964906c34e8b0083781e44573c Mon Sep 17 00:00:00 2001 From: Rohit Singhal Date: Fri, 13 Mar 2026 09:29:17 -0700 Subject: [PATCH 5/9] Fix Accept header in purgeDeletedCertificate to match test recordings --- .../security/keyvault/certificates/CertificateAsyncClient.java | 3 ++- .../security/keyvault/certificates/CertificateClient.java | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateAsyncClient.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateAsyncClient.java index da2d5e0dc7f9..e639083437f8 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateAsyncClient.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateAsyncClient.java @@ -963,7 +963,8 @@ public Mono purgeDeletedCertificate(String certificateName) { @ServiceMethod(returns = ReturnType.SINGLE) public Mono> purgeDeletedCertificateWithResponse(String certificateName) { try { - return implClient.purgeDeletedCertificateWithResponseAsync(certificateName, EMPTY_OPTIONS); + return implClient.purgeDeletedCertificateWithResponseAsync(certificateName, + new RequestOptions().addHeader("Accept", "application/json")); } catch (RuntimeException e) { return monoError(LOGGER, e); } diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java index 00e25b18005d..ebc7433b6a44 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java @@ -841,7 +841,7 @@ public void purgeDeletedCertificate(String certificateName) { @ServiceMethod(returns = ReturnType.SINGLE) public Response purgeDeletedCertificateWithResponse(String certificateName, Context context) { return implClient.purgeDeletedCertificateWithResponse(certificateName, - new RequestOptions().setContext(context)); + new RequestOptions().setContext(context).addHeader("Accept", "application/json")); } /** From 973436a0ce473e71f91287c9021559745d795e17 Mon Sep 17 00:00:00 2001 From: Rohit Singhal Date: Fri, 13 Mar 2026 14:19:06 -0700 Subject: [PATCH 6/9] fix: skip stable parent POMs in from-source reactor to avoid unreleased dep failures When generate_from_source_pom.py walks up the parent POM chain in add_source_projects, it was adding all parent POMs to the from-source reactor including stable ones (dep_version == current_version) such as azure-cosmos-spark_3 and azure-cosmos-spark_3-5. Stable parent POMs are already published to the artifact feed. When Maven includes them as reactor modules (packaging=pom), it validates their declared test-scope dependencies. azure-cosmos-spark_3 has a direct test-scope dependency on azure-cosmos-test:1.0.0-beta.18 (unreleased), causing keyvault from-source builds to fail with: 'Could not find artifact com.azure:azure-cosmos-test:jar:1.0.0-beta.18' Maven does not need these parent POMs in the reactor -- it resolves them via relativePath from the local filesystem for configuration inheritance. Only parent POMs that are not yet released (dep != current) OR are in parent_pom_identifiers need to be in the from-source reactor. This fixes the ubuntu2404_125_FromSource_SkipRebuild_Verify CI failure introduced by the spark 4.45.0 release (#48413) which bumped azure-cosmos-test to current version 1.0.0-beta.18 (unreleased). --- eng/scripts/generate_from_source_pom.py | 20 ++++++++++++++----- .../certificates/CertificateClient.java | 4 ++-- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/eng/scripts/generate_from_source_pom.py b/eng/scripts/generate_from_source_pom.py index 89e60945c04c..637d4ae7871c 100644 --- a/eng/scripts/generate_from_source_pom.py +++ b/eng/scripts/generate_from_source_pom.py @@ -97,9 +97,9 @@ def create_from_source_pom(artifacts_list: str, additional_modules_list: str, se source_projects: Set[Project] = set() # Finally map the project identifiers to projects. - add_source_projects(source_projects, artifacts_list_identifiers, projects) - add_source_projects(source_projects, dependent_modules, projects) - add_source_projects(source_projects, dependency_modules, projects) + add_source_projects(source_projects, artifacts_list_identifiers, projects, artifact_identifier_to_version) + add_source_projects(source_projects, dependent_modules, projects, artifact_identifier_to_version) + add_source_projects(source_projects, dependency_modules, projects, artifact_identifier_to_version) modules = sorted(list(set([p.module_path for p in source_projects]))) with open(file=client_from_source_pom_path, mode='w') as fromSourcePom: @@ -328,7 +328,7 @@ def is_spring_child_pom(tree_root: ET.Element): and artifact_id_node.text != 'spring-cloud-azure' \ and artifact_id_node.text != 'spring-cloud-azure-experimental' # Exclude parent pom to fix this error: "Project is duplicated in the reactor" -def add_source_projects(source_projects: Set[Project], project_identifiers: Iterable[str], projects: Dict[str, Project]): +def add_source_projects(source_projects: Set[Project], project_identifiers: Iterable[str], projects: Dict[str, Project], artifact_identifier_to_version: Dict[str, ArtifactVersion]): for project_identifier in project_identifiers: project = projects[project_identifier] source_projects.add(project) @@ -336,7 +336,17 @@ def add_source_projects(source_projects: Set[Project], project_identifiers: Iter while project.parent_pom is not None: project = projects.get(project.parent_pom, default_project) if project.module_path is not None: - source_projects.add(project) + # Only add parent POMs to the reactor if they need to be built from source. + # Parent POMs already released (dependency_version == current_version) and not in + # parent_pom_identifiers can be resolved by Maven via relativePath without being in + # the reactor. Including them in the reactor causes Maven to validate their declared + # (including test-scope unreleased ones), which can fail for PRs in + # unrelated service areas. + artifact_version = artifact_identifier_to_version.get(project.identifier) + if project.identifier in parent_pom_identifiers \ + or artifact_version is None \ + or artifact_version.dependency_version != artifact_version.current_version: + source_projects.add(project) def project_uses_client_parent(project: Project, projects: Dict[str, Project]) -> bool: while project.parent_pom is not None: diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java index ebc7433b6a44..7741f123cbe8 100644 --- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java +++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java @@ -799,7 +799,7 @@ public Response getDeletedCertificateWithResponse(String cer *

Code Samples

*

Purges the deleted certificate from the key vault enabled for soft-delete. Prints out the status code from the * server response when a response has been received.

- + * * 
      * certificateClient.purgeDeletedCertificate("certificateName");
@@ -823,7 +823,7 @@ public void purgeDeletedCertificate(String certificateName) {
      * 
Code Samples

      * 
Purges the deleted certificate from the key vault enabled for soft-delete. Prints out the status code from the
      * server response when a response has been received.

-    
+
      * 
      * 
      * Response<Void> purgeResponse = certificateClient.purgeDeletedCertificateWithResponse("certificateName",

From 2fbb2271c78a9523c098301cc4cfda0e0e19fbd9 Mon Sep 17 00:00:00 2001
From: Rohit Singhal 
Date: Fri, 13 Mar 2026 14:56:49 -0700
Subject: [PATCH 7/9] fix: walk full parent POM chain for inherited dependency
 resolution

The previous fix removed stable parent POMs (azure-cosmos-spark_3,
azure-cosmos-spark_3-5) from the from-source reactor. However, modules
that remain in the reactor (azure-cosmos-spark_3-5_2-12) still inherit
test dependencies from those stable parent POMs via the relativePath
parent chain. Specifically:
  azure-cosmos-spark_3-5_2-12 -> azure-cosmos-spark_3-5 -> azure-cosmos-spark_3
  azure-cosmos-spark_3 declares azure-cosmos-test:1.0.0-beta.18 (unreleased)
  azure-cosmos-spark_3-5_2-12 inherits this as a test-scope dependency

Without azure-cosmos-test in the reactor, Maven fails trying to download
the unreleased artifact from the feed.

Fix resolve_project_dependencies to walk the FULL parent POM chain (not
just one level deep) when collecting dependencies. This ensures that
azure-cosmos-test:1.0.0-beta.18 is discovered as an inherited dependency
of azure-cosmos-spark_3-5_2-12 and added to the from-source reactor,
where it can be built from source instead of downloaded from the feed.
---
 eng/scripts/generate_from_source_pom.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/eng/scripts/generate_from_source_pom.py b/eng/scripts/generate_from_source_pom.py
index 637d4ae7871c..78f6f399e087 100644
--- a/eng/scripts/generate_from_source_pom.py
+++ b/eng/scripts/generate_from_source_pom.py
@@ -307,15 +307,22 @@ def resolve_project_dependencies(pom_identifier: str, dependency_modules: Set[st
                 dependency_modules.add(dependency)
                 dependency_modules = resolve_project_dependencies(dependency, dependency_modules, projects)
 
-        # Add the dependencies of the parent POM.
-        # These are added since From Source the parent POMs are also built.
-        if project.parent_pom is not None and project.parent_pom in projects:
-            parent_project = projects[project.parent_pom]
+        # Add the dependencies of the full parent POM chain.
+        # Modules inherit  from their parent hierarchy, so walking only
+        # one level is insufficient. For example, azure-cosmos-spark_3-5_2-12 inherits
+        # test dependencies (including unreleased ones) from its grandparent
+        # azure-cosmos-spark_3. Without walking the full chain those unreleased
+        # dependencies would not be added to the reactor, causing Maven to fail when
+        # it tries to download them from the artifact feed.
+        parent_id = project.parent_pom
+        while parent_id is not None and parent_id in projects:
+            parent_project = projects[parent_id]
             for dependency in parent_project.dependencies:
                 # Only continue if the parent's dependencies haven't already been resolved.
                 if not dependency in dependency_modules:
                     dependency_modules.add(dependency)
                     dependency_modules = resolve_project_dependencies(dependency, dependency_modules, projects)
+            parent_id = parent_project.parent_pom
 
     return dependency_modules
 

From ebc8cb9dd7810c73b52925f4b4d36d43707abe96 Mon Sep 17 00:00:00 2001
From: Rohit Singhal 
Date: Fri, 13 Mar 2026 15:24:20 -0700
Subject: [PATCH 8/9] fix: restore (Unreleased) date and add missing section
 headers in CHANGELOG

Per Azure SDK conventions, the top CHANGELOG entry should use (Unreleased)
until a release is cut. Also restores the Breaking Changes and Other Changes
section headers that were missing.
---
 .../azure-security-keyvault-certificates/CHANGELOG.md       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md
index d2b2409a20d3..3a849ee63e71 100644
--- a/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md
+++ b/sdk/keyvault/azure-security-keyvault-certificates/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Release History
 
-## 4.9.0-beta.1 (2026-03-10)
+## 4.9.0-beta.1 (Unreleased)
 
 ### Features Added
 
@@ -16,10 +16,14 @@
 * `V2025_06_01_PREVIEW` was added
 * `V2025_07_01` was added
 
+### Breaking Changes
+
 ### Bugs Fixed
 
 - Fixed an issue where certain `HttpResponseException.getResponse()` calls could cause a `NullPointerException`. ([#47801](https://github.com/Azure/azure-sdk-for-java/issues/47801))
 
+### Other Changes
+
 ## 4.8.5 (2026-01-29)
 
 ### Other Changes

From 188f2786a4d859b6720ca701ab7476fa117e212e Mon Sep 17 00:00:00 2001
From: Rohit Singhal 
Date: Sun, 15 Mar 2026 18:49:51 -0700
Subject: [PATCH 9/9] Fix Spotless formatting in CertificateClient.java Javadoc
 comments

---
 .../security/keyvault/certificates/CertificateClient.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java
index 7741f123cbe8..65e571f3d498 100644
--- a/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java
+++ b/sdk/keyvault/azure-security-keyvault-certificates/src/main/java/com/azure/security/keyvault/certificates/CertificateClient.java
@@ -799,7 +799,7 @@ public Response getDeletedCertificateWithResponse(String cer
      * 
Code Samples

      * 
Purges the deleted certificate from the key vault enabled for soft-delete. Prints out the status code from the
      * server response when a response has been received.

-
+     *
      * 
      * 
      * certificateClient.purgeDeletedCertificate("certificateName");
@@ -823,7 +823,7 @@ public void purgeDeletedCertificate(String certificateName) {
      * 
Code Samples

      * 
Purges the deleted certificate from the key vault enabled for soft-delete. Prints out the status code from the
      * server response when a response has been received.

-
+     *
      * 
      * 
      * Response<Void> purgeResponse = certificateClient.purgeDeletedCertificateWithResponse("certificateName",