Beispiel #1
0
        public void LoadsAllSecretsFromVault()
        {
            var client = new MockKeyVaultClient();

            client.SetPages(
                new []
            {
                CreateSecret("Secret1", "Value1")
            },
                new []
            {
                CreateSecret("Secret2", "Value2")
            }
                );

            // Act
            using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
            {
                provider.Load();

                var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
                Assert.Equal(new[] { "Secret1", "Secret2" }, childKeys);
                Assert.Equal("Value1", provider.Get("Secret1"));
                Assert.Equal("Value2", provider.Get("Secret2"));
            }
        }
Beispiel #2
0
        public void DoesNotLoadDisabledItems()
        {
            var client = new MockKeyVaultClient();

            client.SetPages(
                new []
            {
                CreateSecret("Secret1", "Value1")
            },
                new []
            {
                CreateSecret("Secret2", "Value2", () => new SecretAttributes(enabled: false)),
                CreateSecret("Secret3", "Value3", () => new SecretAttributes(enabled: null)),
            }
                );

            // Act
            using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
            {
                provider.Load();

                // Assert
                var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
                Assert.Equal(new[] { "Secret1" }, childKeys);
                Assert.Equal("Value1", provider.Get("Secret1"));
                Assert.Throws <InvalidOperationException>(() => provider.Get("Secret2"));
                Assert.Throws <InvalidOperationException>(() => provider.Get("Secret3"));
            }
        }
Beispiel #3
0
        public void SupportsReload()
        {
            var updated = DateTime.Now;

            var client = new MockKeyVaultClient();

            client.SetPages(
                new []
            {
                CreateSecret("Secret1", "Value1", () => new SecretAttributes(enabled: true, updated: updated))
            }
                );

            // Act & Assert
            using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
            {
                provider.Load();

                Assert.Equal("Value1", provider.Get("Secret1"));

                client.SetPages(
                    new []
                {
                    CreateSecret("Secret1", "Value2", () => new SecretAttributes(enabled: true, updated: updated.AddSeconds(1)))
                }
                    );

                provider.Load();
                Assert.Equal("Value2", provider.Get("Secret1"));
            }
        }
        public void SupportsReload()
        {
            var client    = new Mock <IKeyVaultClient>(MockBehavior.Strict);
            var secret1Id = GetSecretId("Secret1");
            var value     = "Value1";

            client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
            {
                Value = new[] { new SecretItem {
                                    Id = secret1Id
                                } }
            });

            client.Setup(c => c.GetSecretAsync(secret1Id)).Returns((string id) => Task.FromResult(new SecretBundle()
            {
                Value = value, Id = id
            }));

            // Act & Assert
            var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());

            provider.Load();

            client.VerifyAll();
            Assert.Equal("Value1", provider.Get("Secret1"));

            value = "Value2";
            provider.Load();
            Assert.Equal("Value2", provider.Get("Secret1"));
        }
        public void DoesNotLoadDisabledItems()
        {
            var client    = new Mock <IKeyVaultClient>(MockBehavior.Strict);
            var secret1Id = GetSecretId("Secret1");
            var secret2Id = GetSecretId("Secret2");
            var secret3Id = GetSecretId("Secret3");
            var secret4Id = GetSecretId("Secret4");

            client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
            {
                NextPageLink = "next",
                Value        = new[] { new SecretItem {
                                           Id = secret1Id, Attributes = new SecretAttributes {
                                               Enabled = true
                                           }
                                       } }
            });

            client.Setup(c => c.GetSecretsNextAsync("next")).ReturnsAsync(new PageMock()
            {
                Value = new[]
                {
                    new SecretItem {
                        Id = secret2Id, Attributes = new SecretAttributes {
                            Enabled = false
                        }
                    },
                    new SecretItem {
                        Id = secret3Id, Attributes = new SecretAttributes {
                            Enabled = null
                        }
                    },
                    new SecretItem {
                        Id = secret4Id, Attributes = null
                    },
                }
            });

            client.Setup(c => c.GetSecretAsync(secret1Id)).ReturnsAsync(new SecretBundle()
            {
                Value = "Value1", Id = secret1Id
            });

            // Act
            var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());

            provider.Load();

            // Assert
            client.VerifyAll();

            var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();

            Assert.Equal(new[] { "Secret1" }, childKeys);
            Assert.Equal("Value1", provider.Get("Secret1"));
            Assert.Throws <InvalidOperationException>(() => provider.Get("Secret2"));
            Assert.Throws <InvalidOperationException>(() => provider.Get("Secret3"));
            Assert.Throws <InvalidOperationException>(() => provider.Get("Secret4"));
        }
        public async Task LoadsSecretsInParallel()
        {
            var tcs           = new TaskCompletionSource <object>(TaskCreationOptions.RunContinuationsAsynchronously);
            var expectedCount = 2;

            var client    = new Mock <IKeyVaultClient>(MockBehavior.Strict);
            var secret1Id = GetSecretId("Secret1");
            var secret2Id = GetSecretId("Secret2");

            client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
            {
                Value = new[]
                {
                    new SecretItem {
                        Id = secret1Id, Attributes = new SecretAttributes {
                            Enabled = true
                        }
                    },
                    new SecretItem {
                        Id = secret2Id, Attributes = new SecretAttributes {
                            Enabled = true
                        }
                    }
                }
            });


            client.Setup(c => c.GetSecretAsync(It.IsAny <string>()))
            .Returns(async(string id) => {
                var shortId = id.Substring(id.LastIndexOf('/') + 1);
                if (Interlocked.Decrement(ref expectedCount) == 0)
                {
                    tcs.SetResult(null);
                }

                await tcs.Task.TimeoutAfter(TimeSpan.FromSeconds(10));
                return(new SecretBundle()
                {
                    Value = "Value" + shortId, Id = id
                });
            });

            // Act
            var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());

            provider.Load();
            await tcs.Task;

            // Assert
            client.VerifyAll();

            Assert.Equal("ValueSecret1", provider.Get("Secret1"));
            Assert.Equal("ValueSecret2", provider.Get("Secret2"));
        }
Beispiel #7
0
        public void DoesNotLoadFilteredItems()
        {
            var client = new MockKeyVaultClient();

            client.SetPages(
                new []
            {
                CreateSecret("Secret1", "Value1")
            },
                new []
            {
                CreateSecret("Secret2", "Value2")
            }
                );

            // Act
            using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new EndsWithOneKeyVaultSecretManager()))
            {
                provider.Load();

                // Assert
                var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
                Assert.Equal(new[] { "Secret1" }, childKeys);
                Assert.Equal("Value1", provider.Get("Secret1"));
            }
        }
        public void DoesNotLoadFilteredItems()
        {
            var client    = new Mock <IKeyVaultClient>(MockBehavior.Strict);
            var secret1Id = GetSecretId("Secret1");
            var secret2Id = GetSecretId("Secret2");

            client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
            {
                Value = new[] { new SecretItem {
                                    Id = secret1Id
                                }, new SecretItem {
                                    Id = secret2Id
                                } }
            });

            client.Setup(c => c.GetSecretAsync(secret1Id)).ReturnsAsync(new SecretBundle()
            {
                Value = "Value1", Id = secret1Id
            });

            // Act
            var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new EndsWithOneKeyVaultSecretManager());

            provider.Load();

            // Assert
            client.VerifyAll();

            var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();

            Assert.Equal(new[] { "Secret1" }, childKeys);
            Assert.Equal("Value1", provider.Get("Secret1"));
        }
        public void ReplaceDoubleMinusInKeyName()
        {
            var client    = new Mock <IKeyVaultClient>(MockBehavior.Strict);
            var secret1Id = GetSecretId("Section--Secret1");

            client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
            {
                Value = new[] { new SecretItem {
                                    Id = secret1Id
                                } }
            });

            client.Setup(c => c.GetSecretAsync(secret1Id)).ReturnsAsync(new SecretBundle()
            {
                Value = "Value1", Id = secret1Id
            });

            // Act
            var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());

            provider.Load();

            // Assert
            client.VerifyAll();

            Assert.Equal("Value1", provider.Get("Section:Secret1"));
        }
Beispiel #10
0
        public async Task LoadsSecretsInParallel()
        {
            var tcs           = new TaskCompletionSource <object>(TaskCreationOptions.RunContinuationsAsynchronously);
            var expectedCount = 2;

            var client = new Mock <MockKeyVaultClient>();

            client.Setup(c => c.GetSecretAsync(It.IsAny <string>()))
            .Callback(async(string id) => {
                if (Interlocked.Decrement(ref expectedCount) == 0)
                {
                    tcs.SetResult(null);
                }

                await tcs.Task.TimeoutAfter(TimeSpan.FromSeconds(10));
            }).CallBase();

            client.CallBase = true;

            client.Object.SetPages(
                new []
            {
                CreateSecret("Secret1", "Value1"),
                CreateSecret("Secret2", "Value2")
            }
                );

            // Act
            var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());

            provider.Load();
            await tcs.Task;

            // Assert
            Assert.Equal("Value1", provider.Get("Secret1"));
            Assert.Equal("Value2", provider.Get("Secret2"));
        }
Beispiel #11
0
        public void ReplaceDoubleMinusInKeyName()
        {
            var client = new MockKeyVaultClient();

            client.SetPages(
                new []
            {
                CreateSecret("Section--Secret1", "Value1")
            }
                );

            // Act
            using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
            {
                provider.Load();

                // Assert
                Assert.Equal("Value1", provider.Get("Section:Secret1"));
            }
        }