public void LoadsAllSecretsFromVault()
{
var client = new MockKeyVaultClient();
client.SetPages(
new []
{
CreateSecret("Secret1", "Value1")
},
new []
{
CreateSecret("Secret2", "Value2")
}
);
// Act
using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
{
provider.Load();
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1", "Secret2" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
Assert.Equal("Value2", provider.Get("Secret2"));
}
}
public void DoesNotLoadDisabledItems()
{
var client = new MockKeyVaultClient();
client.SetPages(
new []
{
CreateSecret("Secret1", "Value1")
},
new []
{
CreateSecret("Secret2", "Value2", () => new SecretAttributes(enabled: false)),
CreateSecret("Secret3", "Value3", () => new SecretAttributes(enabled: null)),
}
);
// Act
using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
{
provider.Load();
// Assert
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
Assert.Throws <InvalidOperationException>(() => provider.Get("Secret2"));
Assert.Throws <InvalidOperationException>(() => provider.Get("Secret3"));
}
}
public void SupportsReload()
{
var updated = DateTime.Now;
var client = new MockKeyVaultClient();
client.SetPages(
new []
{
CreateSecret("Secret1", "Value1", () => new SecretAttributes(enabled: true, updated: updated))
}
);
// Act & Assert
using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
{
provider.Load();
Assert.Equal("Value1", provider.Get("Secret1"));
client.SetPages(
new []
{
CreateSecret("Secret1", "Value2", () => new SecretAttributes(enabled: true, updated: updated.AddSeconds(1)))
}
);
provider.Load();
Assert.Equal("Value2", provider.Get("Secret1"));
}
}
public void SupportsReload()
{
var client = new Mock <IKeyVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var value = "Value1";
client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
{
Value = new[] { new SecretItem {
Id = secret1Id
} }
});
client.Setup(c => c.GetSecretAsync(secret1Id)).Returns((string id) => Task.FromResult(new SecretBundle()
{
Value = value, Id = id
}));
// Act & Assert
var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());
provider.Load();
client.VerifyAll();
Assert.Equal("Value1", provider.Get("Secret1"));
value = "Value2";
provider.Load();
Assert.Equal("Value2", provider.Get("Secret1"));
}
public void DoesNotLoadDisabledItems()
{
var client = new Mock <IKeyVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var secret2Id = GetSecretId("Secret2");
var secret3Id = GetSecretId("Secret3");
var secret4Id = GetSecretId("Secret4");
client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
{
NextPageLink = "next",
Value = new[] { new SecretItem {
Id = secret1Id, Attributes = new SecretAttributes {
Enabled = true
}
} }
});
client.Setup(c => c.GetSecretsNextAsync("next")).ReturnsAsync(new PageMock()
{
Value = new[]
{
new SecretItem {
Id = secret2Id, Attributes = new SecretAttributes {
Enabled = false
}
},
new SecretItem {
Id = secret3Id, Attributes = new SecretAttributes {
Enabled = null
}
},
new SecretItem {
Id = secret4Id, Attributes = null
},
}
});
client.Setup(c => c.GetSecretAsync(secret1Id)).ReturnsAsync(new SecretBundle()
{
Value = "Value1", Id = secret1Id
});
// Act
var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());
provider.Load();
// Assert
client.VerifyAll();
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
Assert.Throws <InvalidOperationException>(() => provider.Get("Secret2"));
Assert.Throws <InvalidOperationException>(() => provider.Get("Secret3"));
Assert.Throws <InvalidOperationException>(() => provider.Get("Secret4"));
}
public async Task LoadsSecretsInParallel()
{
var tcs = new TaskCompletionSource <object>(TaskCreationOptions.RunContinuationsAsynchronously);
var expectedCount = 2;
var client = new Mock <IKeyVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var secret2Id = GetSecretId("Secret2");
client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
{
Value = new[]
{
new SecretItem {
Id = secret1Id, Attributes = new SecretAttributes {
Enabled = true
}
},
new SecretItem {
Id = secret2Id, Attributes = new SecretAttributes {
Enabled = true
}
}
}
});
client.Setup(c => c.GetSecretAsync(It.IsAny <string>()))
.Returns(async(string id) => {
var shortId = id.Substring(id.LastIndexOf('/') + 1);
if (Interlocked.Decrement(ref expectedCount) == 0)
{
tcs.SetResult(null);
}
await tcs.Task.TimeoutAfter(TimeSpan.FromSeconds(10));
return(new SecretBundle()
{
Value = "Value" + shortId, Id = id
});
});
// Act
var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());
provider.Load();
await tcs.Task;
// Assert
client.VerifyAll();
Assert.Equal("ValueSecret1", provider.Get("Secret1"));
Assert.Equal("ValueSecret2", provider.Get("Secret2"));
}
public void DoesNotLoadFilteredItems()
{
var client = new MockKeyVaultClient();
client.SetPages(
new []
{
CreateSecret("Secret1", "Value1")
},
new []
{
CreateSecret("Secret2", "Value2")
}
);
// Act
using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new EndsWithOneKeyVaultSecretManager()))
{
provider.Load();
// Assert
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
}
}
public void DoesNotLoadFilteredItems()
{
var client = new Mock <IKeyVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var secret2Id = GetSecretId("Secret2");
client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
{
Value = new[] { new SecretItem {
Id = secret1Id
}, new SecretItem {
Id = secret2Id
} }
});
client.Setup(c => c.GetSecretAsync(secret1Id)).ReturnsAsync(new SecretBundle()
{
Value = "Value1", Id = secret1Id
});
// Act
var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new EndsWithOneKeyVaultSecretManager());
provider.Load();
// Assert
client.VerifyAll();
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
}
public void ReplaceDoubleMinusInKeyName()
{
var client = new Mock <IKeyVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Section--Secret1");
client.Setup(c => c.GetSecretsAsync(VaultUri)).ReturnsAsync(new PageMock()
{
Value = new[] { new SecretItem {
Id = secret1Id
} }
});
client.Setup(c => c.GetSecretAsync(secret1Id)).ReturnsAsync(new SecretBundle()
{
Value = "Value1", Id = secret1Id
});
// Act
var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());
provider.Load();
// Assert
client.VerifyAll();
Assert.Equal("Value1", provider.Get("Section:Secret1"));
}
public async Task LoadsSecretsInParallel()
{
var tcs = new TaskCompletionSource <object>(TaskCreationOptions.RunContinuationsAsynchronously);
var expectedCount = 2;
var client = new Mock <MockKeyVaultClient>();
client.Setup(c => c.GetSecretAsync(It.IsAny <string>()))
.Callback(async(string id) => {
if (Interlocked.Decrement(ref expectedCount) == 0)
{
tcs.SetResult(null);
}
await tcs.Task.TimeoutAfter(TimeSpan.FromSeconds(10));
}).CallBase();
client.CallBase = true;
client.Object.SetPages(
new []
{
CreateSecret("Secret1", "Value1"),
CreateSecret("Secret2", "Value2")
}
);
// Act
var provider = new AzureKeyVaultConfigurationProvider(client.Object, VaultUri, new DefaultKeyVaultSecretManager());
provider.Load();
await tcs.Task;
// Assert
Assert.Equal("Value1", provider.Get("Secret1"));
Assert.Equal("Value2", provider.Get("Secret2"));
}
public void ReplaceDoubleMinusInKeyName()
{
var client = new MockKeyVaultClient();
client.SetPages(
new []
{
CreateSecret("Section--Secret1", "Value1")
}
);
// Act
using (var provider = new AzureKeyVaultConfigurationProvider(client, VaultUri, new DefaultKeyVaultSecretManager()))
{
provider.Load();
// Assert
Assert.Equal("Value1", provider.Get("Section:Secret1"));
}
}