Exemplo n.º 1
0
        /// <summary>
        /// using pre-configured spn to access key vault, then retrieve sas/conn string for storage
        /// </summary>
        /// <returns></returns>
        private bool TryCreateFromKeyVault()
        {
            if (!string.IsNullOrEmpty(_blobSettings.ConnectionStringSecretName))
            {
                _logger.LogInformation($"trying to access blob from kv...");
                try
                {
                    var authBuilder = new AadAuthBuilder(_aadSettings);

                    Task <string> AuthCallback(string authority, string resource, string scope) =>
                    authBuilder.GetAccessTokenAsync(resource);

                    var kvClient      = new KeyVaultClient(AuthCallback);
                    var connStrSecret = kvClient
                                        .GetSecretAsync(_vaultSettings.VaultUrl, _blobSettings.ConnectionStringSecretName).Result;
                    var containerClient = new BlobContainerClient(connStrSecret.Value, _blobSettings.Container);
                    containerClient.CreateIfNotExists();

                    TryRecreateTestBlob(containerClient);
                    _logger.LogInformation($"Succeed to access blob using msi");
                    Client = containerClient;
                    return(true);
                }
                catch (Exception ex)
                {
                    _logger.LogError(ex, $"faield to access blob from kv...");
                    return(false);
                }
            }

            return(false);
        }
Exemplo n.º 2
0
        public static IServiceCollection AddKeyVault(this IServiceCollection services, IConfiguration configuration)
        {
            var aadSettings = configuration.GetConfiguredSettings <AadSettings>();
            var authBuilder = new AadAuthBuilder(aadSettings);

            Task <string> AuthCallback(string authority, string resource, string scope) => authBuilder.GetAccessTokenAsync(resource);

            var kvClient = new KeyVaultClient(AuthCallback);

            services.AddSingleton <IKeyVaultClient>(kvClient);

            return(services);
        }
Exemplo n.º 3
0
        public OldBlobClient(IConfiguration config, ILoggerFactory loggerFactory)
        {
            logger          = loggerFactory.CreateLogger <OldBlobClient>();
            storageSettings = config.GetConfiguredSettings <BlobStorageSettings>();
            logger.LogInformation(
                $"accessing blob (account={storageSettings.Account}, container={storageSettings.Container}) using default azure credential");
            var aadSettings        = config.GetConfiguredSettings <AadSettings>();
            var authBuilder        = new AadAuthBuilder(aadSettings);
            var clientSecretOrCert = authBuilder.GetClientSecretOrCert();

            logger.LogInformation($"Retrieving access token for aad client: {aadSettings.ClientId}");
            var tokenCredential = GetTokenCredential(
                aadSettings.Authority,
                $"https://{storageSettings.Account}.blob.core.windows.net/",
                aadSettings.ClientId,
                clientSecretOrCert.secret).GetAwaiter().GetResult();
            StorageCredentials storageCredentials = new StorageCredentials(tokenCredential);

            blobClient = new CloudBlobClient(storageSettings.BlobEndpointUri, storageCredentials);
        }
Exemplo n.º 4
0
        /// <summary>
        /// using pre-configured spn to access storage, secret must be provided for spn authentication
        /// </summary>
        /// <returns></returns>
        private bool TryCreateUsingSpn()
        {
            _logger.LogInformation($"trying to access blob using spn...");
            try
            {
                var authBuilder     = new AadAuthBuilder(_aadSettings);
                var accessToken     = authBuilder.GetAccessTokenAsync("https://storage.azure.com/").GetAwaiter().GetResult();
                var tokenCredential = new ClientSecretCredential(_aadSettings.TenantId, _aadSettings.ClientId, accessToken);
                var containerClient = new BlobContainerClient(_blobSettings.ContainerEndpoint, tokenCredential);
                containerClient.CreateIfNotExists();

                TryRecreateTestBlob(containerClient);
                _logger.LogInformation($"Succeed to access blob using msi");
                Client = containerClient;
                return(true);
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, $"faield to access blob using spn...");
                return(false);
            }
        }
Exemplo n.º 5
0
        public ClientFactory(IConfiguration configuration, ILoggerFactory loggerFactory)
        {
            _logger = loggerFactory.CreateLogger <ClientFactory>();
            var aadSettings      = configuration.GetConfiguredSettings <AadSettings>();
            var kustoSettings    = configuration.GetConfiguredSettings <KustoSettings>();
            var authBuilder      = new AadAuthBuilder(aadSettings);
            var clientSecretCert = authBuilder.GetClientSecretOrCert();
            KustoConnectionStringBuilder kcsb;

            if (kustoSettings.AuthMode == AuthMode.User)
            {
                kcsb = new KustoConnectionStringBuilder(kustoSettings.ClusterUrl, kustoSettings.DbName)
                {
                    FederatedSecurity = true,
                    Authority         = aadSettings.Authority
                }.WithAadUserPromptAuthentication();
            }
            else if (clientSecretCert.secret != null)
            {
                kcsb = new KustoConnectionStringBuilder($"{kustoSettings.ClusterUrl}")
                       .WithAadApplicationKeyAuthentication(
                    aadSettings.ClientId,
                    clientSecretCert.secret,
                    aadSettings.Authority);
            }
            else
            {
                kcsb = new KustoConnectionStringBuilder($"{kustoSettings.ClusterUrl}")
                       .WithAadApplicationCertificateAuthentication(
                    aadSettings.ClientId,
                    clientSecretCert.cert,
                    aadSettings.Authority);
            }
            _client      = KustoClientFactory.CreateCslQueryProvider(kcsb);
            _adminClient = KustoClientFactory.CreateCslAdminProvider(kcsb);
        }