Re-record tests and override rand::random

Had to trick cryptographic operations to use a recorded seed.

Author: heaths

Cargo.lock

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "rust",
   "TagPrefix": "rust/keyvault",
-  "Tag": "rust/keyvault_5961c5368d"
+  "Tag": "rust/keyvault_257c804570"
 }

sdk/keyvault/assets.json

@@ -50,6 +50,37 @@ az login
 
 Instantiate a `DeveloperToolsCredential` to pass to the client. The same instance of a token credential can be used with multiple clients if they will be authenticating with the same identity.
 
+### Instantiate a client
+
+```rust no_run
+use azure_core::base64;
+use azure_identity::DeveloperToolsCredential;
+use azure_security_keyvault_certificates::CertificateClient;
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    // Create a new certificate client
+    let credential = DeveloperToolsCredential::new(None)?;
+    let client = CertificateClient::new(
+        "https://your-key-vault-name.vault.azure.net/",
+        credential.clone(),
+        None,
+    )?;
+
+    // Get a certificate using the certificate client.
+    let certificate = client
+        .get_certificate("certificate-name", None)
+        .await?
+        .into_model()?;
+    println!(
+        "Thumbprint: {:?}",
+        certificate.x509_thumbprint.map(base64::encode_url_safe)
+    );
+
+    Ok(())
+}
+```
+
 ## Key concepts
 
 ### Certificate
@@ -204,12 +235,10 @@ use azure_security_keyvault_certificates::{
 };
 use azure_security_keyvault_keys::{
     models::{SignParameters, SignatureAlgorithm},
-    KeyClient,
 };
 use openssl::sha::sha256;
 
-// Use test data to sign.
-let plaintext = "test data to sign";
+let plaintext = "plaintext";
 
 // Create an EC certificate policy for signing.
 let policy = CertificatePolicy {
@@ -244,12 +273,7 @@ client
 // Hash the plaintext to be signed.
 let digest = sha256(plaintext.as_bytes()).to_vec();
 
-// Create a KeyClient using the certificate to sign the digest.
-let key_client = KeyClient::new(
-    client.endpoint().as_str(),
-    recording.credential(),
-    None,
-)?;
+// Use a KeyClient using the certificate to sign the digest.
 let body = SignParameters {
     algorithm: Some(SignatureAlgorithm::Es256),
     value: Some(digest),

sdk/keyvault/azure_security_keyvault_certificates/README.md

@@ -7,13 +7,12 @@ use azure_core::{
     time::Duration,
 };
 use azure_core_test::{recorded, TestContext, TestMode};
-use azure_security_keyvault_certificates::CertificateClient;
+use azure_security_keyvault_certificates::{CertificateClient, CertificateClientOptions};
+use azure_security_keyvault_keys::{KeyClient, KeyClientOptions};
 use include_file::include_markdown;
 
 #[recorded::test]
 async fn readme(ctx: TestContext) -> Result<()> {
-    use azure_security_keyvault_certificates::CertificateClientOptions;
-
     let recording = ctx.recording();
 
     let mut options = CertificateClientOptions::default();
@@ -25,6 +24,15 @@ async fn readme(ctx: TestContext) -> Result<()> {
         Some(options),
     )?;
 
+    let mut key_options = KeyClientOptions::default();
+    recording.instrument(&mut key_options.client_options);
+
+    let key_client = KeyClient::new(
+        client.endpoint().as_str(),
+        recording.credential(),
+        Some(key_options),
+    )?;
+
     // Each macro invocation is in its own block to prevent errors with duplicate imports.
     println!("Create a certificate");
     include_markdown!("README.md", "create_certificate", scope);

sdk/keyvault/azure_security_keyvault_certificates/tests/readme.rs

@@ -32,6 +32,7 @@ azure_security_keyvault_test = { path = "../azure_security_keyvault_test" }
 criterion.workspace = true
 include-file.workspace = true
 rand.workspace = true
+rand_chacha.workspace = true
 reqwest.workspace = true
 sha2.workspace = true
 tokio.workspace = true

sdk/keyvault/azure_security_keyvault_keys/Cargo.toml

@@ -77,6 +77,33 @@ Use the `az keyvault security-domain download` command to download the security
 az keyvault security-domain download --hsm-name <your-key-vault-name> --sd-wrapping-keys ./certs/cert_0.cer ./certs/cert_1.cer ./certs/cert_2.cer --sd-quorum 2 --security-domain-file ContosoHSM-SD.json
 ```
 
+### Instantiate a client
+
+```rust no_run
+use azure_identity::DeveloperToolsCredential;
+use azure_security_keyvault_keys::KeyClient;
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    // Create a new key client
+    let credential = DeveloperToolsCredential::new(None)?;
+    let client = KeyClient::new(
+        "https://your-key-vault-name.vault.azure.net/",
+        credential.clone(),
+        None,
+    )?;
+
+    // Get a key using the key client.
+    let key = client
+        .get_key("key-name", None)
+        .await?
+        .into_model()?;
+    println!("JWT: {:?}", key.key);
+
+    Ok(())
+}
+```
+
 ## Key concepts
 
 ### Key
@@ -93,7 +120,7 @@ We guarantee that all client instance methods are thread-safe and independent of
 
 ## Examples
 
-The following section provides several code snippets using a `KeyClient` like we instantiated above, covering some of the most common Azure Key Vault keys service related tasks:
+The following section provides several code snippets using a `KeyClient` like we [instantiated above](#instantiate-a-client):
 
 * [Create a key](#create-a-key)
 * [Retrieve a key](#retrieve-a-key)

sdk/keyvault/azure_security_keyvault_keys/README.md

@@ -7,13 +7,11 @@ use azure_core::{
     time::Duration,
 };
 use azure_core_test::{recorded, TestContext, TestMode};
-use azure_security_keyvault_keys::KeyClient;
+use azure_security_keyvault_keys::{KeyClient, KeyClientOptions};
 use include_file::include_markdown;
 
 #[recorded::test]
 async fn readme(ctx: TestContext) -> Result<()> {
-    use azure_security_keyvault_keys::KeyClientOptions;
-
     let recording = ctx.recording();
 
     let mut options = KeyClientOptions::default();
@@ -39,6 +37,7 @@ async fn readme(ctx: TestContext) -> Result<()> {
     include_markdown!("README.md", "list_keys", scope);
 
     println!("Encrypt and decrypt");
+    rand::seed(recording.random());
     include_markdown!("README.md", "encrypt_decrypt", scope);
 
     println!("Handle errors");
@@ -63,3 +62,30 @@ async fn readme(ctx: TestContext) -> Result<()> {
 
     Ok(())
 }
+
+/// Override `use rand::random` import in README.md to use recorded seed.
+mod rand {
+    // cspell:ignore Seedable
+    #![allow(static_mut_refs)]
+    use rand::{
+        distr::{Distribution, StandardUniform},
+        Rng, SeedableRng,
+    };
+    use rand_chacha::ChaCha20Rng;
+    use std::sync::OnceLock;
+
+    static mut RNG: OnceLock<ChaCha20Rng> = OnceLock::new();
+
+    pub fn random<T>() -> T
+    where
+        StandardUniform: Distribution<T>,
+    {
+        unsafe { RNG.get_mut().expect("expected ChaCha20 rng").random() }
+    }
+
+    pub fn seed(seed: [u8; 32]) {
+        unsafe {
+            RNG.set(ChaCha20Rng::from_seed(seed)).expect("set seed");
+        }
+    }
+}

sdk/keyvault/azure_security_keyvault_keys/tests/readme.rs

@@ -50,14 +50,11 @@ az login
 
 Instantiate a `DeveloperToolsCredential` to pass to the client. The same instance of a token credential can be used with multiple clients if they will be authenticating with the same identity.
 
-### Set and Get a Secret
+### Instantiate a client
 
 ```rust no_run
 use azure_identity::DeveloperToolsCredential;
-use azure_security_keyvault_secrets::{
-    models::{Secret, SecretClientGetSecretOptions, SetSecretParameters},
-    ResourceExt, SecretClient,
-};
+use azure_security_keyvault_secrets::SecretClient;
 
 #[tokio::main]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
@@ -69,29 +66,12 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         None,
     )?;
 
-    // Create a new secret using the secret client.
-    let secret_set_parameters = SetSecretParameters {
-        value: Some("secret-value".into()),
-        ..Default::default()
-    };
-
-    let secret: Secret = client
-        .set_secret("secret-name", secret_set_parameters.try_into()?, None)
-        .await?
-        .into_model()?;
-
-    // Get version of created secret.
-    let secret_version = secret.resource_id()?.version;
-
-    // Retrieve a secret using the secret client.
-    let secret: Secret = client
-        .get_secret("secret-name", Some(SecretClientGetSecretOptions {
-            secret_version,
-            ..Default::default()
-        }))
+    // Get a secret using the secret client.
+    let secret = client
+        .get_secret("secret-name", None)
         .await?
         .into_model()?;
-    println!("{:?}", secret.value);
+    println!("Secret: {:?}", secret.value);
 
     Ok(())
 }
@@ -113,7 +93,7 @@ We guarantee that all client instance methods are thread-safe and independent of
 
 ## Examples
 
-The following section provides several code snippets using a `SecretClient` like we instantiated above, covering some of the most common Azure Key Vault secrets service related tasks:
+The following section provides several code snippets using a `SecretClient` like we [instantiated above](#instantiate-a-client):
 
 * [Create a secret](#create-a-secret)
 * [Retrieve a secret](#retrieve-a-secret)

sdk/keyvault/azure_security_keyvault_secrets/README.md

@@ -7,13 +7,11 @@ use azure_core::{
     time::Duration,
 };
 use azure_core_test::{recorded, TestContext, TestMode};
-use azure_security_keyvault_secrets::SecretClient;
+use azure_security_keyvault_secrets::{SecretClient, SecretClientOptions};
 use include_file::include_markdown;
 
 #[recorded::test]
 async fn readme(ctx: TestContext) -> Result<()> {
-    use azure_security_keyvault_secrets::SecretClientOptions;
-
     let recording = ctx.recording();
 
     let mut options = SecretClientOptions::default();