feat: add bulk key regeneration to az iot hub device-identity renew-key and az iot hub module-identity renew-key

.azure-devops/merge.yml

@@ -82,7 +82,7 @@ jobs:
 - job: 'run_unit_tests_macOs'
   dependsOn: ['build_and_publish_azure_iot_cli_ext', 'build_and_publish_azure_cli_test_sdk']
   pool:
-    vmImage: 'macOS-11'
+    vmImage: 'macOS-13'
 
   steps:
   - template: templates/run-tests-parallel.yml

.github/workflows/tox.yml

@@ -20,14 +20,14 @@ jobs:
   unit-test:
     name: Unit test ${{ matrix.py }} - ${{ matrix.os }}
     continue-on-error: ${{ inputs.continue-on-error }}
-    runs-on: ${{ matrix.os }}-latest
+    runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
         os:
-          - ubuntu
-          - windows
-          - macos
+          - ubuntu-22.04
+          - windows-2022
+          - macos-13
         py:
           - "3.11"
           - "3.10"

azext_iot/_help.py

@@ -230,12 +230,19 @@
     "iot hub device-identity renew-key"
 ] = """
     type: command
-    short-summary: Renew target keys of an IoT Hub device with sas authentication.
+    short-summary: Renew target keys of IoT Hub devices with sas authentication.
+    long-summary: |
+                  Currently etags and key type `swap` are not supported for bulk key regeneration.
+                  Bulk Key regeneration will yeild a different output format from single device key regeneration.
     examples:
       - name: Renew the primary key.
         text: az iot hub device-identity renew-key -d {device_id} -n {iothub_name} --kt primary
       - name: Swap the primary and secondary keys.
         text: az iot hub device-identity renew-key -d {device_id} -n {iothub_name} --kt swap
+      - name: Renew the secondary key for two devices and their modules.
+        text: az iot hub device-identity renew-key -d {device_id} {device_id} -n {iothub_name} --kt secondary --include-modules
+      - name: Renew the both keys for all devices within the hub.
+        text: az iot hub device-identity renew-key -d * -n {iothub_name} --kt both
 """
 
 helps[
@@ -557,12 +564,19 @@
     "iot hub module-identity renew-key"
 ] = """
     type: command
-    short-summary: Renew target keys of an IoT Hub device module with sas authentication.
+    short-summary: Renew target keys of IoT Hub device modules with sas authentication.
+    long-summary: |
+                  Currently etags and key type `swap` are not supported for bulk key regeneration.
+                  Bulk Key regeneration will yeild a different output format from single module key regeneration.
     examples:
       - name: Renew the primary key.
         text: az iot hub module-identity renew-key -m {module_name} -d {device_id} -n {iothub_name} --kt primary
       - name: Swap the primary and secondary keys.
         text: az iot hub module-identity renew-key -m {module_name} -d {device_id} -n {iothub_name} --kt swap
+      - name: Renew the secondary key for two modules.
+        text: az iot hub module-identity renew-key -m {module_name} {module_name} -d {device_id} -n {iothub_name} --kt secondary
+      - name: Renew both keys for all modules in the device.
+        text: az iot hub module-identity renew-key -m * -d {device_id} -n {iothub_name} --kt both
 """
 
 helps[

azext_iot/_params.py

@@ -467,6 +467,25 @@ def load_arguments(self, _):
             arg_type=get_enum_type(RenewKeyType),
             help="Target key type to regenerate.",
         )
+        context.argument(
+            "device_ids",
+            options_list=["--device-id", "-d"],
+            help="Space seperated list of target Device Ids. Use `*` for all devices.",
+            nargs="+",
+            action="extend"
+        )
+        context.argument(
+            "include_modules",
+            options_list=["--include-modules", "--im"],
+            help="Flag to include device modules during key regeneration.",
+            arg_type=get_three_state_flag()
+        )
+        context.argument(
+            "etag",
+            options_list=["--etag", "-e"],
+            help="Etag or entity tag corresponding to the last state of the resource. "
+            "If no etag is provided the value '*' is used. This arguement only applies to `swap`.",
+        )
 
     with self.argument_context("iot hub device-identity export") as context:
         context.argument(
@@ -614,6 +633,19 @@ def load_arguments(self, _):
             arg_type=get_enum_type(RenewKeyType),
             help="Target key type to regenerate.",
         )
+        context.argument(
+            "module_ids",
+            options_list=["--module-id", "-m"],
+            help="Space seperated list of target Module Ids. Use `*` for all modules.",
+            nargs="+",
+            action="extend"
+        )
+        context.argument(
+            "etag",
+            options_list=["--etag", "-e"],
+            help="Etag or entity tag corresponding to the last state of the resource. "
+            "If no etag is provided the value '*' is used. This arguement only applies to `swap`.",
+        )
 
     with self.argument_context("iot hub distributed-tracing update") as context:
         context.argument(

azext_iot/common/shared.py

@@ -232,6 +232,7 @@ class RenewKeyType(Enum):
     primary = KeyType.primary.value
     secondary = KeyType.secondary.value
     swap = "swap"
+    both = "both"
 
 
 class IoTHubStateType(Enum):

azext_iot/constants.py

@@ -43,6 +43,10 @@
 IOTDPS_PROVISIONING_HOST = "global.azure-devices-provisioning.net"
 DEVICETWIN_POLLING_INTERVAL_SEC = 10
 DEVICETWIN_MONITOR_TIME_SEC = 15
+IOTHUB_THROTTLE_MAX_TRIES = 3
+IOTHUB_THROTTLE_SLEEP_SEC = 20
+THROTTLE_HTTP_STATUS_CODE = 429
+IOTHUB_RENEW_KEY_BATCH_SIZE = 100
 # (Lib name, minimum version (including), maximum version (excluding))
 EVENT_LIB = ("uamqp", "1.2", "1.3")
 PNP_DTDLV2_COMPONENT_MARKER = "__t"