/// <summary> /// using pre-configured spn to access key vault, then retrieve sas/conn string for storage /// </summary> /// <returns></returns> private bool TryCreateFromKeyVault() { if (!string.IsNullOrEmpty(_blobSettings.ConnectionStringSecretName)) { _logger.LogInformation($"trying to access blob from kv..."); try { var authBuilder = new AadAuthBuilder(_aadSettings); Task <string> AuthCallback(string authority, string resource, string scope) => authBuilder.GetAccessTokenAsync(resource); var kvClient = new KeyVaultClient(AuthCallback); var connStrSecret = kvClient .GetSecretAsync(_vaultSettings.VaultUrl, _blobSettings.ConnectionStringSecretName).Result; var containerClient = new BlobContainerClient(connStrSecret.Value, _blobSettings.Container); containerClient.CreateIfNotExists(); TryRecreateTestBlob(containerClient); _logger.LogInformation($"Succeed to access blob using msi"); Client = containerClient; return(true); } catch (Exception ex) { _logger.LogError(ex, $"faield to access blob from kv..."); return(false); } } return(false); }
public static IServiceCollection AddKeyVault(this IServiceCollection services, IConfiguration configuration) { var aadSettings = configuration.GetConfiguredSettings <AadSettings>(); var authBuilder = new AadAuthBuilder(aadSettings); Task <string> AuthCallback(string authority, string resource, string scope) => authBuilder.GetAccessTokenAsync(resource); var kvClient = new KeyVaultClient(AuthCallback); services.AddSingleton <IKeyVaultClient>(kvClient); return(services); }
public OldBlobClient(IConfiguration config, ILoggerFactory loggerFactory) { logger = loggerFactory.CreateLogger <OldBlobClient>(); storageSettings = config.GetConfiguredSettings <BlobStorageSettings>(); logger.LogInformation( $"accessing blob (account={storageSettings.Account}, container={storageSettings.Container}) using default azure credential"); var aadSettings = config.GetConfiguredSettings <AadSettings>(); var authBuilder = new AadAuthBuilder(aadSettings); var clientSecretOrCert = authBuilder.GetClientSecretOrCert(); logger.LogInformation($"Retrieving access token for aad client: {aadSettings.ClientId}"); var tokenCredential = GetTokenCredential( aadSettings.Authority, $"https://{storageSettings.Account}.blob.core.windows.net/", aadSettings.ClientId, clientSecretOrCert.secret).GetAwaiter().GetResult(); StorageCredentials storageCredentials = new StorageCredentials(tokenCredential); blobClient = new CloudBlobClient(storageSettings.BlobEndpointUri, storageCredentials); }
/// <summary> /// using pre-configured spn to access storage, secret must be provided for spn authentication /// </summary> /// <returns></returns> private bool TryCreateUsingSpn() { _logger.LogInformation($"trying to access blob using spn..."); try { var authBuilder = new AadAuthBuilder(_aadSettings); var accessToken = authBuilder.GetAccessTokenAsync("https://storage.azure.com/").GetAwaiter().GetResult(); var tokenCredential = new ClientSecretCredential(_aadSettings.TenantId, _aadSettings.ClientId, accessToken); var containerClient = new BlobContainerClient(_blobSettings.ContainerEndpoint, tokenCredential); containerClient.CreateIfNotExists(); TryRecreateTestBlob(containerClient); _logger.LogInformation($"Succeed to access blob using msi"); Client = containerClient; return(true); } catch (Exception ex) { _logger.LogError(ex, $"faield to access blob using spn..."); return(false); } }
public ClientFactory(IConfiguration configuration, ILoggerFactory loggerFactory) { _logger = loggerFactory.CreateLogger <ClientFactory>(); var aadSettings = configuration.GetConfiguredSettings <AadSettings>(); var kustoSettings = configuration.GetConfiguredSettings <KustoSettings>(); var authBuilder = new AadAuthBuilder(aadSettings); var clientSecretCert = authBuilder.GetClientSecretOrCert(); KustoConnectionStringBuilder kcsb; if (kustoSettings.AuthMode == AuthMode.User) { kcsb = new KustoConnectionStringBuilder(kustoSettings.ClusterUrl, kustoSettings.DbName) { FederatedSecurity = true, Authority = aadSettings.Authority }.WithAadUserPromptAuthentication(); } else if (clientSecretCert.secret != null) { kcsb = new KustoConnectionStringBuilder($"{kustoSettings.ClusterUrl}") .WithAadApplicationKeyAuthentication( aadSettings.ClientId, clientSecretCert.secret, aadSettings.Authority); } else { kcsb = new KustoConnectionStringBuilder($"{kustoSettings.ClusterUrl}") .WithAadApplicationCertificateAuthentication( aadSettings.ClientId, clientSecretCert.cert, aadSettings.Authority); } _client = KustoClientFactory.CreateCslQueryProvider(kcsb); _adminClient = KustoClientFactory.CreateCslAdminProvider(kcsb); }