public async Task RotateServiceBusSecrets_WithValidArguments_RotatesPrimarySecondaryAlternatively() { // Arrange var config = TestConfig.Create(); KeyRotationConfig keyRotationConfig = config.GetKeyRotationConfig(); _logger.LogInformation("Using Service Principal [ClientID: '{ClientId}']", keyRotationConfig.ServicePrincipal.ClientId); const ServiceBusEntityType entity = ServiceBusEntityType.Topic; var keyVaultAuthentication = new ServicePrincipalAuthentication( keyRotationConfig.ServicePrincipal.ClientId, keyRotationConfig.ServicePrincipal.ClientSecret); var keyVaultConfiguration = new KeyVaultConfiguration(keyRotationConfig.KeyVault.VaultUri); var secretProvider = new KeyVaultSecretProvider(keyVaultAuthentication, keyVaultConfiguration); AzureServiceBusClient azureServiceBusClient = CreateAzureServiceBusClient(keyRotationConfig, secretProvider, entity); var rotation = new AzureServiceBusKeyRotation(azureServiceBusClient, keyVaultAuthentication, keyVaultConfiguration, _logger); var client = new ServiceBusConfiguration(keyRotationConfig, _logger); AccessKeys keysBefore1stRotation = await client.GetConnectionStringKeysForTopicAsync(); // Act await rotation.RotateServiceBusSecretAsync(keyRotationConfig.KeyVault.SecretName); // Assert string secondaryConnectionString = await secretProvider.GetRawSecretAsync(keyRotationConfig.KeyVault.SecretName); AccessKeys keysAfter1stRotation = await client.GetConnectionStringKeysForTopicAsync(); Assert.True(secondaryConnectionString == keysAfter1stRotation.SecondaryConnectionString, "Secondary connection string should be set in Azure Key Vault after first rotation"); Assert.NotEqual(keysBefore1stRotation.PrimaryConnectionString, keysAfter1stRotation.PrimaryConnectionString); Assert.NotEqual(keysBefore1stRotation.SecondaryConnectionString, keysAfter1stRotation.SecondaryConnectionString); await rotation.RotateServiceBusSecretAsync(keyRotationConfig.KeyVault.SecretName); string primaryConnectionString = await secretProvider.GetRawSecretAsync(keyRotationConfig.KeyVault.SecretName); AccessKeys keysAfter2ndRotation = await client.GetConnectionStringKeysForTopicAsync(); Assert.True(primaryConnectionString == keysAfter2ndRotation.PrimaryConnectionString, "Primary connection string should be set in Azure Key Vault after second rotation"); Assert.NotEqual(keysAfter1stRotation.PrimaryConnectionString, keysAfter2ndRotation.PrimaryConnectionString); Assert.NotEqual(keysAfter2ndRotation.SecondaryConnectionString, keysAfter1stRotation.SecondaryConnectionString); }
public async Task RotateServiceBusSecret_WithValidArguments_RotatesPrimarySecondaryAlternately(ServiceBusEntityType entity) { // Arrange string vaultUrl = BogusGenerator.Internet.UrlWithPath(protocol: "https"); string secretName = BogusGenerator.Random.Word(); AzureServiceBusNamespace @namespace = GenerateAzureServiceBusLocation(entity); var response = new AzureOperationResponse <AccessKeys> { Body = new AccessKeys( primaryConnectionString: BogusGenerator.Random.Words(), secondaryConnectionString: BogusGenerator.Random.Words()) }; Mock <ITopicsOperations> stubTopics = CreateStubTopicsOperations(@namespace, response); Mock <IQueuesOperations> stubQueues = CreateStubQueueOperations(@namespace, response); Mock <IAzureServiceBusManagementAuthentication> stubServiceBusAuthentication = CreateStubAuthentication(stubTopics.Object, stubQueues.Object); Mock <IKeyVaultAuthentication> stubKeyVaultAuthentication = CreateStubKeyVaultAuthentication(vaultUrl, secretName, response.Body); var rotation = new AzureServiceBusKeyRotation( new AzureServiceBusClient(stubServiceBusAuthentication.Object, @namespace, NullLogger.Instance), stubKeyVaultAuthentication.Object, new KeyVaultConfiguration(vaultUrl), NullLogger.Instance); // Act await rotation.RotateServiceBusSecretAsync(secretName); // Assert Assert.Empty(DetermineNonRelevantInvocations(entity, stubTopics.Invocations, stubQueues.Invocations)); Assert.Collection(DetermineRelevantInvocations(entity, stubTopics.Invocations, stubQueues.Invocations), invocation => AssertInvocationKeyRotation(invocation, KeyType.SecondaryKey), invocation => AssertInvocationKeyRotation(invocation, KeyType.PrimaryKey)); await rotation.RotateServiceBusSecretAsync(secretName); Assert.Empty(DetermineNonRelevantInvocations(entity, stubTopics.Invocations, stubQueues.Invocations)); Assert.Collection(DetermineRelevantInvocations(entity, stubTopics.Invocations, stubQueues.Invocations).Skip(2), invocation => AssertInvocationKeyRotation(invocation, KeyType.PrimaryKey), invocation => AssertInvocationKeyRotation(invocation, KeyType.SecondaryKey)); }