public ConsumerClientFactory(IConfiguration configuration, ILoggerFactory loggerFactory) { _logger = loggerFactory.CreateLogger <ProducerClientFactory>(); _hubSettings = configuration.GetConfiguredSettings <EventHubSettings>(); _consumerGroupName = Consumer.ConsumerGroup ?? EventHubConsumerClient.DefaultConsumerGroupName; _aadSettings = configuration.GetConfiguredSettings <AadSettings>(); _vaultSettings = configuration.GetConfiguredSettings <VaultSettings>(); _logger.LogInformation($"using consumer group: {_consumerGroupName}"); if (!TryCreateClientUsingMsi()) { if (!TryCreateClientUsingSpn()) { if (!TryCreateClientFromKeyVault() && !string.IsNullOrEmpty(_hubSettings.ConnectionStringSecretName)) { if (!string.IsNullOrEmpty(_hubSettings.ConnectionStringSecretName)) { if (!TryCreateClientUsingConnStr()) { throw new Exception("failed to create queue client"); } } else { throw new Exception("Invalid queue settings"); } } } } }
public BlobContainerFactory(IServiceProvider serviceProvider, ILoggerFactory loggerFactory, BlobStorageSettings settings = null) { var configuration = serviceProvider.GetRequiredService <IConfiguration>(); blobSettings = settings ?? configuration.GetConfiguredSettings <BlobStorageSettings>(); aadSettings = configuration.GetConfiguredSettings <AadSettings>(); vaultSettings = configuration.GetConfiguredSettings <VaultSettings>(); kvClient = serviceProvider.GetRequiredService <IKeyVaultClient>(); logger = loggerFactory.CreateLogger <BlobContainerFactory>(); switch (blobSettings.AuthMode) { case StorageAuthMode.Msi: TryCreateUsingMsi(); break; case StorageAuthMode.Spn: TryCreateUsingSpn(); break; case StorageAuthMode.SecretFromVault: TryCreateFromKeyVault(); break; case StorageAuthMode.ConnStr: TryCreateUsingConnStr(); break; default: throw new NotSupportedException($"Storage auth mode: {blobSettings.AuthMode} is not supported"); } }
public QueueClientFactory(IServiceProvider serviceProvider, ILoggerFactory loggerFactory) { logger = loggerFactory.CreateLogger <QueueClientFactory>(); var configuration = serviceProvider.GetRequiredService <IConfiguration>(); queueSettings = configuration.GetConfiguredSettings <QueueSettings>(); aadSettings = configuration.GetConfiguredSettings <AadSettings>(); vaultSettings = configuration.GetConfiguredSettings <VaultSettings>(); kvClient = serviceProvider.GetRequiredService <IKeyVaultClient>(); switch (queueSettings.AuthMode) { case StorageAuthMode.Msi: TryCreateClientUsingMsi(); break; case StorageAuthMode.Spn: TryCreateClientUsingSpn(); break; case StorageAuthMode.SecretFromVault: TryCreateClientFromKeyVault(); break; case StorageAuthMode.ConnStr: TryCreateClientUsingConnStr(); break; default: throw new NotSupportedException($"Storage auth mode: {queueSettings.AuthMode} is not supported"); } }
public ProducerClientFactory(IConfiguration configuration, ILoggerFactory loggerFactory) { logger = loggerFactory.CreateLogger <ProducerClientFactory>(); hubSettings = configuration.GetConfiguredSettings <EventHubSettings>(); aadSettings = configuration.GetConfiguredSettings <AadSettings>(); vaultSettings = configuration.GetConfiguredSettings <VaultSettings>(); if (!TryCreateClientUsingMsi()) { if (!TryCreateClientUsingSpn()) { if (!TryCreateClientFromKeyVault() && !string.IsNullOrEmpty(hubSettings.ConnectionStringSecretName)) { if (!string.IsNullOrEmpty(hubSettings.ConnectionStringSecretName)) { if (!TryCreateClientUsingConnStr()) { throw new Exception("failed to create queue client"); } } else { throw new Exception("Invalid queue settings"); } } } } }
private static VaultClient CreateBootstrappingVaultClient(VaultSettings configuration) { var authMethod = new VaultSharp.V1.AuthMethods.Token.TokenAuthMethodInfo(configuration.BootstrapToken); var settings = new VaultClientSettings(configuration.VaultEndpointUri, authMethod); return(new VaultClient(settings)); }
public static IServiceCollection AddVaultService(this IServiceCollection services, IConfiguration configuration) { var vaultSettings = new VaultSettings(); configuration.GetSection(key: nameof(VaultSettings)).Bind(vaultSettings); services.AddSingleton(vaultSettings); services.AddVault(); return(services); }
public BlobContainerFactory(IConfiguration configuration, ILoggerFactory loggerFactory) { _blobSettings = configuration.GetConfiguredSettings <BlobStorageSettings>(); _aadSettings = configuration.GetConfiguredSettings <AadSettings>(); _vaultSettings = configuration.GetConfiguredSettings <VaultSettings>(); _logger = loggerFactory.CreateLogger <BlobContainerFactory>(); if (!TryCreateUsingMsi()) { if (!TryCreateUsingSpn()) { if (!TryCreateFromKeyVault()) { TryCreateUsingConnStr(); } } } }
public static async Task <string> GetAccessToken( AadAppSettings settings, VaultSettings vaultSettings = null, IKeyVaultClient kvClient = null) { if (!string.IsNullOrEmpty(settings.ClientCertName)) { if (kvClient == null) { throw new ArgumentNullException(nameof(kvClient)); } if (vaultSettings == null) { throw new ArgumentNullException(nameof(vaultSettings)); } } else if (string.IsNullOrEmpty(settings.ClientSecret)) { throw new ArgumentNullException("ClientSecret not specified", nameof(settings)); } IConfidentialClientApplication app; if (!string.IsNullOrEmpty(settings.ClientCertName) && vaultSettings != null) { var cert = await kvClient.GetCertificateAsync(vaultSettings.VaultUrl, settings.ClientCertName); var pfx = new X509Certificate2(cert.Cer); app = ConfidentialClientApplicationBuilder.Create(settings.ClientId) .WithCertificate(pfx) .WithAuthority(settings.Authority) .Build(); } else if (!string.IsNullOrEmpty(settings.ClientSecret)) { app = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithClientSecret(settings.ClientSecret) .WithAuthority(settings.Authority) .Build(); } else { throw new ArgumentException("Either client secret or cert must be specified", nameof(settings)); } try { var result = await app.AcquireTokenForClient(settings.Scopes).ExecuteAsync(); return(result.AccessToken); } catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011")) { // Invalid scope. The scope has to be of the form "https://resourceurl/.default" // Mitigation: change the scope to be as expected Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Scope provided is not supported"); Console.ResetColor(); } return(null); }
public HomeController(IOptions <VaultSettings> options) { _settings = options.Value; }
public AccountController(IOptions <VaultSettings> options) { _vaultSettings = options.Value; }