/// <summary>
/// Create new instance
/// </summary>
/// <param name="configuration"></param>
/// <param name="keyVaultUrlVarName"></param>
/// <param name="lazyLoad"></param>
/// <param name="allowDeveloperAccess"></param>
/// <returns></returns>
private static async Task <KeyVaultConfigurationProvider> CreateInstanceAsync(
IConfigurationRoot configuration, string keyVaultUrlVarName,
bool lazyLoad, bool allowDeveloperAccess)
{
var vaultUri = configuration.GetValue <string>(keyVaultUrlVarName, null);
if (string.IsNullOrEmpty(vaultUri))
{
Log.Logger.Debug("No keyvault uri found in configuration under {key}. " +
"Cannot read configuration from keyvault.",
keyVaultUrlVarName);
vaultUri = Environment.GetEnvironmentVariable(keyVaultUrlVarName);
if (string.IsNullOrEmpty(vaultUri))
{
Log.Logger.Debug("No keyvault uri found in environment.",
keyVaultUrlVarName);
return(null);
}
}
var keyVault = await TryKeyVaultClientAsync(vaultUri,
configuration, keyVaultUrlVarName, allowDeveloperAccess);
if (keyVault == null)
{
return(null);
}
var provider = new KeyVaultConfigurationProvider(keyVault, vaultUri);
if (!lazyLoad)
{
await provider.LoadAllSecretsAsync();
}
return(provider);
}
/// <summary>
/// Add configuration from Azure KeyVault. Providers configured prior to
/// this one will be used to get Azure KeyVault connection details.
/// </summary>
/// <param name="builder"></param>
/// <param name="allowInteractiveLogon"></param>
/// <param name="singleton"></param>
/// <param name="keyVaultUrlVarName"></param>
/// <param name="providerPriority"> Determines where in the configuration
/// providers chain current provider should be added. Default to lowest
/// </param>
/// <returns></returns>
public static IConfigurationBuilder AddFromKeyVault(this IConfigurationBuilder builder,
ConfigurationProviderPriority providerPriority = ConfigurationProviderPriority.Lowest,
bool allowInteractiveLogon = false, bool singleton = true, string keyVaultUrlVarName = null)
{
var configuration = builder.Build();
var provider = KeyVaultConfigurationProvider.CreateInstanceAsync(
allowInteractiveLogon, singleton, configuration, keyVaultUrlVarName).Result;
if (provider != null)
{
switch (providerPriority)
{
case ConfigurationProviderPriority.Highest:
builder.Add(provider);
break;
case ConfigurationProviderPriority.Lowest:
builder.Sources.Insert(0, provider);
break;
default:
throw new ArgumentException(
$"Unknown ConfigurationProviderPriority value: {providerPriority}");
}
}
return(builder);
}
/// <summary>
/// Create new instance
/// </summary>
/// <param name="configuration"></param>
/// <param name="allowInteractiveLogon"></param>
/// <param name="keyVaultUrlVarName"></param>
/// <param name="lazyLoad"></param>
/// <returns></returns>
private static async Task <KeyVaultConfigurationProvider> CreateInstanceAsync(
IConfigurationRoot configuration, bool allowInteractiveLogon, string keyVaultUrlVarName,
bool lazyLoad)
{
var vaultUri = configuration.GetValue <string>(keyVaultUrlVarName, null);
if (string.IsNullOrEmpty(vaultUri))
{
Log.Logger.Debug("No keyvault uri found in configuration under {key}. ",
keyVaultUrlVarName);
vaultUri = Environment.GetEnvironmentVariable(keyVaultUrlVarName);
if (string.IsNullOrEmpty(vaultUri))
{
Log.Logger.Debug("No keyvault uri found in environment under {key}. " +
"Not reading configuration from keyvault without keyvault uri.",
keyVaultUrlVarName);
return(null);
}
}
var provider = new KeyVaultConfigurationProvider(configuration, vaultUri,
allowInteractiveLogon);
try {
await provider.ValidateReadSecretAsync(keyVaultUrlVarName);
}
catch (Exception ex) {
// https://github.com/Azure/Industrial-IoT/tree/master/deploy/helm/azure-industrial-iot#load-configuration-from-azure-key-vault
throw new InvalidConfigurationException(
"Could not access the provided keyvault URI. " +
"If you want to read configuration from the keyvault, make sure " +
"it is reachable, the required permissions are configured " +
"and authentication provider information is available. " +
"Sign into Visual Studio or Azure CLI on this machine and try again.", ex);
}
if (!lazyLoad)
{
while (true)
{
try {
await provider.LoadAllSecretsAsync();
break;
}
// try again...
catch (TaskCanceledException) {}
catch (SocketException) {}
await Task.Delay(TimeSpan.FromSeconds(1));
Log.Logger.Information(
"Failed loading secrets due to timeout or network - try again ...");
}
}
return(provider);
}
/// <summary>
/// Add configuration from azure keyvault.
/// </summary>
/// <param name="builder"></param>
/// <param name="singleton"></param>
/// <param name="keyVaultUrlVarName"></param>
/// <returns></returns>
public static IConfigurationBuilder AddFromKeyVault(
this IConfigurationBuilder builder, bool singleton = true,
string keyVaultUrlVarName = null)
{
var provider = KeyVaultConfigurationProvider.CreateInstanceAsync(
singleton, builder.Build(), keyVaultUrlVarName).Result;
if (provider != null)
{
builder.Add(provider);
}
return(builder);
}
/// <summary>
/// Create new instance
/// </summary>
/// <param name="configuration"></param>
/// <param name="keyVaultUrlVarName"></param>
/// <param name="lazyLoad"></param>
/// <returns></returns>
private static async Task <KeyVaultConfigurationProvider> CreateInstanceAsync(
IConfigurationRoot configuration, string keyVaultUrlVarName, bool lazyLoad)
{
var vaultUri = configuration.GetValue <string>(keyVaultUrlVarName, null);
if (string.IsNullOrEmpty(vaultUri))
{
Log.Logger.Debug("No keyvault uri found in configuration under {key}. ",
keyVaultUrlVarName);
vaultUri = Environment.GetEnvironmentVariable(keyVaultUrlVarName);
if (string.IsNullOrEmpty(vaultUri))
{
Log.Logger.Debug("No keyvault uri found in environment under {key}. " +
"Not reading configuration from keyvault without keyvault uri.",
keyVaultUrlVarName);
return(null);
}
}
var provider = new KeyVaultConfigurationProvider(configuration, vaultUri);
if (!await provider.TryReadSecretAsync(keyVaultUrlVarName))
{
throw new InvalidConfigurationException(
"A keyvault uri was provided could not access keyvault at the address. " +
"If you want to read configuration from keyvault, make sure " +
"the keyvault is reachable, the required permissions are configured " +
"on keyvault and authentication provider information is available. " +
"Sign into Visual Studio or Azure CLI on this machine and try again.");
}
if (!lazyLoad)
{
while (true)
{
try {
await provider.LoadAllSecretsAsync();
break;
}
// try again...
catch (TaskCanceledException) {}
catch (SocketException) {}
await Task.Delay(TimeSpan.FromSeconds(1));
Log.Logger.Information(
"Failed loading secrets due to timeout or network - try again ...");
}
}
return(provider);
}
/// <summary>
/// Add configuration from Azure KeyVault. Providers configured prior to
/// this one will be used to get Azure KeyVault connection details.
/// </summary>
/// <param name="builder"></param>
/// <param name="allowInteractiveLogon"></param>
/// <param name="singleton"></param>
/// <param name="keyVaultUrlVarName"></param>
/// <param name="providerPriority"> Determines where in the configuration
/// providers chain current provider should be added. Default to lowest
/// </param>
/// <returns></returns>
public static IConfigurationBuilder AddFromKeyVault(this IConfigurationBuilder builder,
ConfigurationProviderPriority providerPriority = ConfigurationProviderPriority.Lowest,
bool allowInteractiveLogon = false, bool singleton = true, string keyVaultUrlVarName = null)
{
var configuration = builder.Build();
// Check if configuration should be loaded from KeyVault, default to true.
var keyVaultConfigEnabled = configuration.GetValue(PcsVariable.PCS_KEYVAULT_CONFIG_ENABLED, true);
if (!keyVaultConfigEnabled)
{
return(builder);
}
var provider = KeyVaultConfigurationProvider.CreateInstanceAsync(
allowInteractiveLogon, singleton, configuration, keyVaultUrlVarName).Result;
if (provider != null)
{
switch (providerPriority)
{
case ConfigurationProviderPriority.Highest:
builder.Add(provider);
break;
case ConfigurationProviderPriority.Lowest:
builder.Sources.Insert(0, provider);
break;
default:
throw new ArgumentException(
$"Unknown ConfigurationProviderPriority value: {providerPriority}");
}
}
return(builder);
}
public IConfigurationProvider Build(IConfigurationBuilder builder)
{
var config = new KeyVaultConfigurationProvider(keyVaultKeys, keyVaultService);
return(config);
}