private IConfigurationRoot GetConfigurationRoot(string configurationFilename, out ISecretInjector secretInjector)
{
Logger.LogInformation(
"Using the {ConfigurationFilename} configuration file",
Path.Combine(Environment.CurrentDirectory, configurationFilename));
var builder = new ConfigurationBuilder()
.SetBasePath(Environment.CurrentDirectory)
.AddJsonFile(configurationFilename, optional: false, reloadOnChange: false);
var uninjectedConfiguration = builder.Build();
var secretReaderFactory = new ConfigurationRootSecretReaderFactory(uninjectedConfiguration);
var cachingSecretReaderFactory = new CachingSecretReaderFactory(secretReaderFactory, KeyVaultSecretCachingTimeout);
secretInjector = cachingSecretReaderFactory.CreateSecretInjector(cachingSecretReaderFactory.CreateSecretReader());
builder = new ConfigurationBuilder()
.SetBasePath(Environment.CurrentDirectory)
.AddInjectedJsonFile(configurationFilename, secretInjector);
return builder.Build();
}
private static RefreshableConfiguration GetSecretInjectedConfiguration(IConfigurationRoot uninjectedConfiguration)
{
// Initialize KeyVault integration.
var secretReaderFactory = new ConfigurationRootSecretReaderFactory(uninjectedConfiguration);
var refreshSecretReaderSettings = new RefreshableSecretReaderSettings();
var refreshingSecretReaderFactory = new RefreshableSecretReaderFactory(secretReaderFactory, refreshSecretReaderSettings);
var secretReader = refreshingSecretReaderFactory.CreateSecretReader();
var secretInjector = refreshingSecretReaderFactory.CreateSecretInjector(secretReader);
// Attempt to inject secrets into all of the configuration strings.
foreach (var pair in uninjectedConfiguration.AsEnumerable())
{
if (!string.IsNullOrWhiteSpace(pair.Value))
{
// We can synchronously wait here because we are outside of the request context. It's not great
// but we need to fetch the initial secrets for the cache before activating any controllers or
// asking DI for configuration.
secretInjector.InjectAsync(pair.Value).Wait();
}
}
// Reload the configuration with secret injection enabled. This is used by the application.
var injectedBuilder = new ConfigurationBuilder()
.AddInjectedJsonFile("appsettings.json", secretInjector)
.AddInjectedJsonFile("appsettings.Development.json", secretInjector)
.AddInjectedEnvironmentVariables(EnvironmentVariablePrefix, secretInjector);
var injectedConfiguration = injectedBuilder.Build();
// Now disable all secrets loads from a non-refresh path. Refresh will be called periodically from a
// background thread. Foreground (request) threads MUST use the cache otherwise there will be a deadlock.
refreshSecretReaderSettings.BlockUncachedReads = true;
return(new RefreshableConfiguration
{
SecretReaderFactory = refreshingSecretReaderFactory,
Root = injectedConfiguration,
});
}
public void CreatesSecretReaderFactoryForValidConfiguration(IDictionary <string, string> config)
{
var secretReaderFacotry = new ConfigurationRootSecretReaderFactory(CreateTestConfiguration(config));
Assert.NotNull(secretReaderFacotry);
}
