public void AzureClientCertificateLocalFile()
{
TestUtilities utils = DefaultUtilities();
ConfigurationOptions config = utils.ConfigurationOptions;
utils.ConfigurationOptions.Validate();
DeleteTokenCache();
ProcessOutput results = utils.ExecuteTest((config) =>
{
AzureResourceManager arm = new AzureResourceManager(config);
string certFile = $"{TestUtilities.TempDir}\\{config.AzureClientSecret}.pfx";
new CertificateUtilities().SaveCertificateToFile(_appCertificate, certFile);
//config.AzureClientId = "";
config.AzureClientCertificate = certFile;
config.AzureKeyVault = "";
config.AzureClientSecret = "";
Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid");
return(config.ValidateAad());
}, utils.Collector.Config);
Assert.IsTrue(results.ExitBool);
Assert.IsTrue(!results.HasErrors(), results.ToString());
}
public bool CreateClient(bool prompt, bool deviceLogin = false, string resource = "")
{
if (_config.IsClientIdConfigured() & prompt)
{
return(false);
}
else if (_config.IsClientIdConfigured() & !prompt)
{
if (_config.ClientCertificate != null)
{
CreateConfidentialCertificateClient(resource, _config.ClientCertificate);
}
else if (!string.IsNullOrEmpty(_config.AzureKeyVault) & !string.IsNullOrEmpty(_config.AzureClientSecret))
{
CreateConfidentialCertificateClient(resource, ReadCertificateFromKeyvault(_config.AzureKeyVault, _config.AzureClientSecret));
}
else if (ClientIdentity.IsTypeManagedIdentity)
{
CreateConfidentialManagedIdentityClient(resource);
}
else if (!string.IsNullOrEmpty(_config.AzureClientCertificate))
{
CreateConfidentialCertificateClient(resource, new CertificateUtilities().GetClientCertificate(_config.AzureClientCertificate));
}
else if (!string.IsNullOrEmpty(_config.AzureClientSecret))
{
CreateConfidentialClient(resource, _config.AzureClientSecret);
}
else
{
Log.Error("unknown configuration");
return(false);
}
return(true);
}
else
{
CreatePublicClient(prompt, deviceLogin);
return(true);
}
}
private void Authenticate()
{
if (!_arm.IsAuthenticated)
{
_arm.Scopes = new List <string>()
{
$"{_armAuthResource}//user_impersonation"
};
if (_config.IsClientIdConfigured())
{
_arm.Scopes = new List <string>()
{
$"{_armAuthResource}//.default"
};
}
_arm.Authenticate(false, _armAuthResource);
}
if (!_laArm.IsAuthenticated)
{
_laArm.Scopes = new List <string>()
{
$"{_logAnalyticsAuthResource}//user_impersonation"
};
if (_config.IsClientIdConfigured())
{
_laArm.Scopes = new List <string>()
{
$"{_logAnalyticsAuthResource}//.default"
};
}
_laArm.Authenticate(true, _logAnalyticsAuthResource);
}
}
public void AzureClientCertificateKeyVaultAppRegistration()
{
TestUtilities utils = DefaultUtilities();
ConfigurationOptions config = utils.ConfigurationOptions;
utils.ConfigurationOptions.Validate();
DeleteTokenCache();
ProcessOutput results = utils.ExecuteTest((config) =>
{
config.AzureClientCertificate = "";
Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid");
return(config.ValidateAad());
}, utils.Collector.Config);
Assert.IsTrue(results.ExitBool);
Assert.IsTrue(!results.HasErrors(), results.ToString());
}
public void Authenticate(bool throwOnError = false)
{
_arm.Scopes = new List <string>()
{
$"{ClusterIngestUrl}/kusto.read", $"{ClusterIngestUrl}/kusto.write"
};
if (_config.IsClientIdConfigured())
{
_arm.Scopes = new List <string>()
{
$"{ClusterIngestUrl}/.default"
};
}
if (_config.IsKustoConfigured() && _arm.Authenticate(throwOnError, ClusterIngestUrl))
{
DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl)
{
FederatedSecurity = true, InitialCatalog = DatabaseName, UserToken = _arm.BearerToken
};
ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl)
{
FederatedSecurity = true, InitialCatalog = DatabaseName, UserToken = _arm.BearerToken
};
}
else
{
DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl)
{
FederatedSecurity = true, InitialCatalog = DatabaseName
};
ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl)
{
FederatedSecurity = true, InitialCatalog = DatabaseName
};
}
IdentityToken = RetrieveKustoIdentityToken();
IngestionResources = RetrieveIngestionResources();
}
public void AzureClientCertificateKeyVaultUserManagedIdentity()
{
TestUtilities utils = DefaultUtilities();
ConfigurationOptions config = utils.ConfigurationOptions;
utils.ConfigurationOptions.Validate();
DeleteTokenCache();
ProcessOutput results = utils.ExecuteTest((config) =>
{
//config.AzureClientId = "";
Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid");
AzureResourceManager arm = new AzureResourceManager(config);
Assert.IsTrue(arm.ClientIdentity.IsUserManagedIdentity, "arm.IsUserManagedIdentity not detected. test from azure vm with user managed identity enabled.");
return(config.ValidateAad());
}, utils.Collector.Config);
Assert.IsTrue(results.ExitBool);
Assert.IsTrue(!results.HasErrors(), results.ToString());
}
public void AzureClientCertificateX509withPassword()
{
TestUtilities utils = DefaultUtilities();
ConfigurationOptions config = utils.ConfigurationOptions;
utils.ConfigurationOptions.Validate();
DeleteTokenCache();
ProcessOutput results = utils.ExecuteTest((config) =>
{
CertificateUtilities certificateUtilities = new CertificateUtilities();
certificateUtilities.SetSecurePassword(TestUtilities.TestProperties.testAdminPassword);
config.ClientCertificate = certificateUtilities.GetClientCertificate(TestUtilities.TestProperties.AzureClientCertificate);// _appCertificate;
config.AzureKeyVault = "";
Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid");
return(config.ValidateAad());
}, utils.Collector.Config);
Assert.IsTrue(results.ExitBool);
Assert.IsTrue(!results.HasErrors(), results.ToString());
}
public void Authenticate(bool throwOnError = false)
{
_arm.Scopes = new List <string>()
{
$"{ClusterIngestUrl}/kusto.read", $"{ClusterIngestUrl}/kusto.write"
};
if (_config.IsClientIdConfigured())
{
_arm.Scopes = new List <string>()
{
$"{ClusterIngestUrl}/.default"
};
}
if (_config.IsKustoConfigured() && _arm.Authenticate(throwOnError, ClusterIngestUrl))
{
if (_arm.ClientIdentity.IsAppRegistration)
{
Log.Info($"connecting to kusto with app registration {_config.AzureClientId}");
DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl)
{
FederatedSecurity = true,
InitialCatalog = DatabaseName,
ApplicationClientId = _config.AzureClientId,
ApplicationCertificateBlob = _config.ClientCertificate,
Authority = _config.AzureTenantId,
ApplicationCertificateSendX5c = true
};
ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl)
{
FederatedSecurity = true,
InitialCatalog = DatabaseName,
ApplicationClientId = _config.AzureClientId,
ApplicationCertificateBlob = _config.ClientCertificate,
Authority = _config.AzureTenantId,
ApplicationCertificateSendX5c = true
};
}
else
{
DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl)
{
FederatedSecurity = true,
InitialCatalog = DatabaseName,
UserToken = _arm.BearerToken
};
ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl)
{
FederatedSecurity = true,
InitialCatalog = DatabaseName,
UserToken = _arm.BearerToken
};
}
}
else
{
DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl)
{
FederatedSecurity = true,
InitialCatalog = DatabaseName
};
ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl)
{
FederatedSecurity = true,
InitialCatalog = DatabaseName
};
}
IdentityToken = RetrieveKustoIdentityToken();
IngestionResources = RetrieveIngestionResources();
}
