public void KeyVaultSecretsConfigurationProvider_Returns_SP0_List()
{
// Arrange
var expected = new List <string>();
expected.Add("abb3296c-6c13-495c-9475-ad08fdfefde6");
var kvSerializer = new KeyVaultSecretSerializer();
var serializedSp0List = kvSerializer.Serialize(expected);
var config = new Mock <IConfigurationRoot>();
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:Sp0ListKey")])
.Returns("OptimumCCoEGlobalAdmins");
config.SetupGet(x => x[It.Is <string>(s => s == "OptimumCCoEGlobalAdmins")])
.Returns(serializedSp0List);
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:TenantId")])
.Returns("000e9e6c-a02e-406e-a5ba-a077bf712dc1");
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:Instance")])
.Returns("https://login.microsoftonline.com/");
var kvConfig = new KeyVaultSecretsConfigurationProvider(config.Object, kvSerializer);
// Act
var actual = kvConfig.GetSp0List();
// Assert
Assert.NotNull(actual);
Assert.Contains(actual, f => f.Contains("abb3296c-6c13-495c-9475-ad08fdfefde6"));
}
public RoleDefinitionTests(MemoryCacheFixture memoryCache)
{
cache = memoryCache.Cache;
config = new Mock <IConfiguration>();
configRoot = new Mock <IConfigurationRoot>();
var expected = new ServicePrincipal(
"04b40527-4ef6-40ba-9db4-f954ee905f92",
"d77d75c3-7c1d-4351-8b6d-195b4d550c31");
var kvSerializer = new KeyVaultSecretSerializer();
var serializedMasterSp = kvSerializer.Serialize(expected);
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:MasterSpKey")])
.Returns("OptimumCCoERootSP");
config.SetupGet(x => x[It.Is <string>(s => s == "OptimumCCoERootSP")])
.Returns(serializedMasterSp);
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:TenantId")])
.Returns("35595a02-4d6d-44ac-99e1-f9ab4cd872db");
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:Instance")])
.Returns("https://login.microsoftonline.com/");
configRoot.Setup(sb => sb[It.IsAny <string>()])
.Returns((string key) => config.Object[key]);
}
public void KeyVaultSecretsConfigurationProvider_Returns_Master_SP()
{
// Arrange
var expected = new ServicePrincipal(
"abb3296c-6c13-495c-9475-ad08fdfefde6",
"=98mOjH.+6ci]r6L5bwOFm.9[NovNwe="); //mastersp
var kvSerializer = new KeyVaultSecretSerializer();
var serializedMasterSp = kvSerializer.Serialize(expected);
var config = new Mock <IConfigurationRoot>();
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:MasterSpKey")])
.Returns("OptimumCCoERootSP");
config.SetupGet(x => x[It.Is <string>(s => s == "OptimumCCoERootSP")])
.Returns(serializedMasterSp);
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:TenantId")])
.Returns("000e9e6c-a02e-406e-a5ba-a077bf712dc1");
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:Instance")])
.Returns("https://login.microsoftonline.com/");
var kvConfig = new KeyVaultSecretsConfigurationProvider(config.Object, kvSerializer);
// Act
var actual = kvConfig.GetMasterServicePrincipal();
// Assert
Assert.NotNull(actual);
Assert.Equal(expected.ClientId, actual.ClientId);
Assert.Equal(expected.ClientSecret, actual.ClientSecret);
}
public async Task Get_Role_Definition_By_Name(string roleName)
{
// Arrange
var kvSerializer = new KeyVaultSecretSerializer();
var kvConfig = new KeyVaultSecretsConfigurationProvider(configRoot.Object, kvSerializer);
var roleDefinitionService = new RoleDefinitionService(cache, config.Object, kvConfig);
// Act
var roleDefinition = roleDefinitionService.GetRoleByName(roleName);
// Assert
Assert.Equal(roleName.ToLowerInvariant(), roleDefinition.Properties.RoleName.ToLowerInvariant());
}
public void Service_Principal_Is_Serialized_To_Base64_SPMaster_L_Subscription()
{
// Arrange
var s = new KeyVaultSecretSerializer();
var sp = new ServicePrincipal("abb3296c-6c13-495c-9475-ad08fdfefde6", "=98mOjH.+6ci]r6L5bwOFm.9[NovNwe=");
var expected = "eyJDbGllbnRJZCI6ImFiYjMyOTZjLTZjMTMtNDk1Yy05NDc1LWFkMDhmZGZlZmRlNiIsIkNsaWVudFNlY3JldCI6Ij05OG1PakguKzZjaV1yNkw1YndPRm0uOVtOb3ZOd2U9In0=";
// Act
var actual = s.Serialize(sp);
// Assert
Assert.Equal(expected, actual);
}
public void Service_Principal_Is_Serialized_To_Base64()
{
// Arrange
var s = new KeyVaultSecretSerializer();
var sp = new ServicePrincipal("65e318d4-d615-482c-a18b-203418d1d278", "Ft*v2xQpC1Ib3+iUoKswYGjUWj4]T_1a");
var expected = "eyJDbGllbnRJZCI6IjY1ZTMxOGQ0LWQ2MTUtNDgyYy1hMThiLTIwMzQxOGQxZDI3OCIsIkNsaWVudFNlY3JldCI6IkZ0KnYyeFFwQzFJYjMraVVvS3N3WUdqVVdqNF1UXzFhIn0=";
// Act
var actual = s.Serialize(sp);
// Assert
Assert.Equal(expected, actual);
}
public void Enrollment_Account_Info_Serialize_To_JSON()
{
// Arrange
var s = new KeyVaultSecretSerializer();
var enrollmentsInfo = new List <EnrollmentAccountInfo>();
enrollmentsInfo.Add(new EnrollmentAccountInfo()
{
EnrollmentAccountId = "f97e4d24-15e3-4e46-bb21-e3e8314c7ff9",
KeyVaultName = "sppoccomkvt001",
SecretName = "sp1clientsecret"
});
var expected = "W3siRW5yb2xsbWVudEFjY291bnRJZCI6ImY5N2U0ZDI0LTE1ZTMtNGU0Ni1iYjIxLWUzZTgzMTRjN2ZmOSIsIktleVZhdWx0TmFtZSI6InNwcG9jY29ta3Z0MDAxIiwiU2VjcmV0TmFtZSI6InNwMWNsaWVudHNlY3JldCJ9XQ==";
// Act
var actual = s.Serialize(enrollmentsInfo);
// Assert
Assert.Equal(expected, actual);
}
public void KeyVaultSecretsConfigurationProvider_Returns_SP1_List()
{
// Arrange
var expected = new List <EnrollmentAccountInfo>();
expected.Add(new EnrollmentAccountInfo()
{
EnrollmentAccountId = "04b40527-4ef6-40ba-9db4-f954ee905f92",
KeyVaultName = "sppoccritkvt001",
SecretName = "EnrollmentAccountSecret"
});
var kvSerializer = new KeyVaultSecretSerializer();
var serializedEnrollmentAccounts = kvSerializer.Serialize(expected);
var config = new Mock <IConfigurationRoot>();
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:Sp1ListKey")])
.Returns("OptimumCCoEEnrollmentAccounts");
config.SetupGet(x => x[It.Is <string>(s => s == "OptimumCCoEEnrollmentAccounts")])
.Returns(serializedEnrollmentAccounts);
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:TenantId")])
.Returns("000e9e6c-a02e-406e-a5ba-a077bf712dc1");
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:Instance")])
.Returns("https://login.microsoftonline.com/");
var kvConfig = new KeyVaultSecretsConfigurationProvider(config.Object, kvSerializer);
// Act
var actual = kvConfig.GetSp1List();
// Assert
Assert.NotNull(actual);
Assert.Contains(actual, f => f.EnrollmentAccountId == "04b40527-4ef6-40ba-9db4-f954ee905f92");
}
public void KeyVaultSecretsConfigurationProvider_Update_Sp0_and_Sp1_List()
{
// Arrange
var expectedEnrollmentAccounts = new List <EnrollmentAccountInfo>();
expectedEnrollmentAccounts.Add(new EnrollmentAccountInfo()
{
EnrollmentAccountId = "04b40527-4ef6-40ba-9db4-f954ee905f92",
KeyVaultName = "sppoccritkvt001",
SecretName = "EnrollmentAccountSecret"
});
var expectedGlobalAdmins = new List <string>()
{
"04b40527-4ef6-40ba-9db4-f954ee905f92"
};
var masterServicePrincipal = new ServicePrincipal(
"abb3296c-6c13-495c-9475-ad08fdfefde6",
"=98mOjH.+6ci]r6L5bwOFm.9[NovNwe="); //mastersp
var kvSerializer = new KeyVaultSecretSerializer();
var serializedEnrollmentAccounts = kvSerializer.Serialize(expectedEnrollmentAccounts);
var serializedMasterSp = kvSerializer.Serialize(masterServicePrincipal);
var serializedGlobalAdm = kvSerializer.Serialize(expectedGlobalAdmins);
var config = new Mock <IConfigurationRoot>();
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:Sp0ListKey")])
.Returns("OptimumCCoEGlobalAdmins");
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:Sp1ListKey")])
.Returns("OptimumCCoEEnrollmentAccounts");
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:MasterSpKey")])
.Returns("OptimumCCoERootSP");
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:TenantId")])
.Returns("000e9e6c-a02e-406e-a5ba-a077bf712dc1");
config.SetupGet(x => x[It.Is <string>(s => s == "AzureAd:Instance")])
.Returns("https://login.microsoftonline.com/");
config.SetupGet(x => x[It.Is <string>(s => s == "OptimumCCoERootSP")])
.Returns(serializedMasterSp);
config.SetupGet(x => x[It.Is <string>(s => s == "KeyVault:EndPoint")])
.Returns("https://masterspkvt.vault.azure.net/");
var kvConfig = new KeyVaultSecretsConfigurationProvider(config.Object, kvSerializer);
// Act
var actualSp0Update = kvConfig.UpdateSp0List(expectedGlobalAdmins).Result;
var actualSp1Update = kvConfig.UpdateSp1List(expectedEnrollmentAccounts).Result;
// Assert
Assert.NotNull(actualSp0Update);
Assert.NotNull(actualSp1Update);
Assert.Equal(serializedGlobalAdm, actualSp0Update);
Assert.Equal(serializedEnrollmentAccounts, actualSp1Update);
}
