private Azure(RestClient restClient, string subscriptionId, string tenantId, IAuthenticated authenticated)
{
resourceManager = ResourceManager.Fluent.ResourceManager.Authenticate(restClient).WithSubscription(subscriptionId);
storageManager = StorageManager.Authenticate(restClient, subscriptionId);
computeManager = ComputeManager.Authenticate(restClient, subscriptionId);
networkManager = NetworkManager.Authenticate(restClient, subscriptionId);
batchManager = BatchManager.Authenticate(restClient, subscriptionId);
keyVaultManager = KeyVaultManager.Authenticate(restClient, subscriptionId, tenantId);
trafficManager = TrafficManager.Fluent.TrafficManager.Authenticate(restClient, subscriptionId);
dnsZoneManager = DnsZoneManager.Authenticate(restClient, subscriptionId);
sqlManager = SqlManager.Authenticate(restClient, subscriptionId);
redisManager = RedisManager.Authenticate(restClient, subscriptionId);
cdnManager = CdnManager.Authenticate(restClient, subscriptionId);
appServiceManager = AppServiceManager.Authenticate(restClient, subscriptionId, tenantId);
searchManager = SearchManager.Authenticate(restClient, subscriptionId);
serviceBusManager = ServiceBusManager.Authenticate(restClient, subscriptionId);
containerInstanceManager = ContainerInstanceManager.Authenticate(restClient, subscriptionId);
registryManager = RegistryManager.Authenticate(restClient, subscriptionId);
containerServiceManager = ContainerServiceManager.Authenticate(restClient, subscriptionId);
cosmosDBManager = CosmosDBManager.Authenticate(restClient, subscriptionId);
authorizationManager = AuthorizationManager.Authenticate(restClient, subscriptionId);
msiManager = MsiManager.Authenticate(restClient, subscriptionId);
batchAIManager = BatchAIManager.Authenticate(restClient, subscriptionId);
monitorManager = MonitorManager.Authenticate(restClient, subscriptionId);
eventHubManager = EventHubManager.Authenticate(restClient, subscriptionId);
SubscriptionId = subscriptionId;
this.authenticated = authenticated;
}
public HomeController(
IKeyVaultManager keyVaultManager,
IConfiguration configuration
)
{
_keyVaultManager = keyVaultManager;
_configuration = configuration;
}
public AppServiceManager(RestClient restClient, string subscriptionId, string tenantId) :
base(restClient, subscriptionId, WebSiteManagementClient.NewInstance(restClient))
{
Inner.SubscriptionId = subscriptionId;
keyVaultManager = KeyVault.Fluent.KeyVaultManager.Authenticate(restClient, subscriptionId, tenantId);
storageManager = Storage.Fluent.StorageManager.Authenticate(restClient, subscriptionId);
graphRbacManager = Graph.RBAC.Fluent.GraphRbacManager.Authenticate(restClient, tenantId);
this.tenantId = tenantId;
this.restClient = restClient;
}
public AppServiceManager(RestClient restClient, string subscriptionId, string tenantId) :
base(restClient, subscriptionId, new WebSiteManagementClient(new Uri(restClient.BaseUri),
restClient.Credentials,
restClient.RootHttpHandler,
restClient.Handlers.ToArray())
{
SubscriptionId = subscriptionId
})
{
keyVaultManager = KeyVault.Fluent.KeyVaultManager.Authenticate(restClient, subscriptionId, tenantId);
storageManager = Storage.Fluent.StorageManager.Authenticate(restClient, subscriptionId);
this.tenantId = tenantId;
this.restClient = restClient;
}
public SshCredsManager(EnvironmentConfiguration config,
IKeyVaultManager keyVaultManager,
ICredentialLookup credentialLookup,
IShellRunner shellRunner,
IVmManager vmManager,
IPathHelper appFolderFinder,
ILogger <SshCredsManager> logger,
IOSHandler osHandler,
IMachineIpManager machineIpManager)
{
this.config = config;
this.keyVaultManager = keyVaultManager;
this.credentialLookup = credentialLookup;
this.shellRunner = shellRunner;
this.vmManager = vmManager;
this.appFolderFinder = appFolderFinder;
this.logger = logger;
this.osHandler = osHandler;
this.machineIpManager = machineIpManager;
sshHostLookup = new Lazy <Task <string> >(() => vmManager.GetPublicIp(config.PublicIpName));
sshStateLoad = new Lazy <Task <SshState> >(() => LoadSshState());
}
public void CanCRUDKeyVault()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
// Create user service principal
String sp = SdkContext.RandomResourceName("sp", 20);
String us = SdkContext.RandomResourceName("us", 20);
IGraphRbacManager graphManager = TestHelper.CreateGraphRbacManager();
string vaultName1 = TestUtilities.GenerateName("vault1");
string rgName = TestUtilities.GenerateName("rgNEMV");
IKeyVaultManager manager = TestHelper.CreateKeyVaultManager();
IServicePrincipal servicePrincipal = graphManager.ServicePrincipals
.Define(sp)
.WithNewApplication("http://" + sp)
.Create();
IActiveDirectoryUser user = graphManager.Users
.Define(us)
.WithEmailAlias(us)
.WithPassword("P@$$w0rd")
.Create();
//var spnCredentialsClientId = HttpMockServer.Variables[ConnectionStringKeys.ServicePrincipalKey];
try
{
IVault vault = manager.Vaults
.Define(vaultName1)
.WithRegion(Region.USWest)
.WithNewResourceGroup(rgName)
.DefineAccessPolicy()
.ForServicePrincipal("http://" + sp)
.AllowKeyPermissions(KeyPermissions.List)
.AllowSecretAllPermissions()
.AllowCertificatePermissions(CertificatePermissions.Get)
.Attach()
.DefineAccessPolicy()
.ForUser(us)
.AllowKeyAllPermissions()
.AllowSecretAllPermissions()
.AllowCertificatePermissions(CertificatePermissions.Get, CertificatePermissions.List, CertificatePermissions.Create)
.Attach()
.Create();
Assert.NotNull(vault);
Assert.Equal(vaultName1, vault.Name);
foreach (IAccessPolicy policy in vault.AccessPolicies)
{
if (policy.ObjectId.Equals(servicePrincipal.Id))
{
Assert.Equal(1, policy.Permissions.Keys.Count);
Assert.Equal(KeyPermissions.List.Value, policy.Permissions.Keys[0]);
Assert.Equal(8, policy.Permissions.Secrets.Count);
Assert.Equal(1, policy.Permissions.Certificates.Count);
Assert.Equal(CertificatePermissions.Get.Value, policy.Permissions.Certificates[0]);
}
if (policy.ObjectId.Equals(user.Id))
{
Assert.Equal(16, policy.Permissions.Keys.Count);
Assert.Equal(8, policy.Permissions.Secrets.Count);
Assert.Equal(3, policy.Permissions.Certificates.Count);
}
}
vault = vault.Update()
.UpdateAccessPolicy(servicePrincipal.Id)
.AllowKeyAllPermissions()
.DisallowSecretAllPermissions()
.AllowCertificateAllPermissions()
.Parent()
.Apply();
foreach (IAccessPolicy policy in vault.AccessPolicies)
{
if (policy.ObjectId.Equals(servicePrincipal.Id))
{
Assert.Equal(16, policy.Permissions.Keys.Count);
Assert.Equal(0, policy.Permissions.Secrets.Count);
Assert.Equal(14, policy.Permissions.Certificates.Count);
}
}
}
finally
{
try
{
TestHelper.CreateResourceManager().ResourceGroups.DeleteByName(rgName);
}
catch { }
}
}
}
public void CanCRUDKeyVault()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
string vaultName1 = TestUtilities.GenerateName("vault1");
string vaultName2 = TestUtilities.GenerateName("vault2");
string rgName = TestUtilities.GenerateName("rgNEMV");
IKeyVaultManager manager = TestHelper.CreateKeyVaultManager();
var spnCredentialsClientId = HttpMockServer.Variables[ConnectionStringKeys.ServicePrincipalKey];
try
{
IVault vault1 = manager.Vaults
.Define(vaultName1)
.WithRegion(Region.USWest)
.WithNewResourceGroup(rgName)
.WithEmptyAccessPolicy()
.Create();
Assert.NotNull(vault1);
Assert.Equal(vaultName1, vault1.Name);
Assert.Equal(0, vault1.AccessPolicies.Count);
vault1 = vault1.Update()
.DefineAccessPolicy()
.ForServicePrincipal(spnCredentialsClientId)
.AllowKeyAllPermissions()
.AllowSecretPermissions(SecretPermissions.Get)
.AllowSecretPermissions(SecretPermissions.List)
.Attach()
.Apply();
Assert.NotNull(vault1);
Assert.Equal(1, vault1.AccessPolicies.Count);
Assert.Equal(KeyPermissions.All.ToString(), vault1.AccessPolicies[0].Permissions.Keys[0]);
Assert.Equal(2, vault1.AccessPolicies[0].Permissions.Secrets.Count);
vault1 = vault1.Update()
.WithDeploymentEnabled()
.WithTemplateDeploymentEnabled()
.UpdateAccessPolicy(vault1.AccessPolicies.First().ObjectId)
.AllowSecretAllPermissions()
.Parent()
.Apply();
Assert.Equal(1, vault1.AccessPolicies.Count);
Assert.Equal(3, vault1.AccessPolicies[0].Permissions.Secrets.Count);
IVault vault2 = manager.Vaults
.Define(vaultName2)
.WithRegion(Region.USEast)
.WithExistingResourceGroup(rgName)
.DefineAccessPolicy()
.ForServicePrincipal(spnCredentialsClientId)
.AllowKeyPermissions(KeyPermissions.Get)
.AllowKeyPermissions(KeyPermissions.List)
.AllowKeyPermissions(KeyPermissions.Decrypt)
.AllowSecretPermissions(SecretPermissions.Get)
.Attach()
.Create();
Assert.Equal(1, vault2.AccessPolicies.Count);
Assert.Equal(3, vault2.AccessPolicies[0].Permissions.Keys.Count);
var vaults = manager.Vaults.ListByResourceGroup(rgName);
Assert.Equal(2, vaults.Count());
manager.Vaults.DeleteById(vault1.Id);
manager.Vaults.DeleteById(vault2.Id);
vaults = manager.Vaults.ListByResourceGroup(rgName);
Assert.Empty(vaults);
}
finally
{
try
{
TestHelper.CreateResourceManager().ResourceGroups.DeleteByName(rgName);
}
catch { }
}
}
}
public void CanCRUDSecret()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
IGraphRbacManager graphManager = TestHelper.CreateGraphRbacManager();
string vaultName1 = TestUtilities.GenerateName("vault1");
string secretName = TestUtilities.GenerateName("secret1");
string rgName = TestUtilities.GenerateName("rgNEMV");
IKeyVaultManager manager = TestHelper.CreateKeyVaultManager();
var spnCredentialsClientId = HttpMockServer.Variables[ConnectionStringKeys.ServicePrincipalKey];
try
{
IVault vault = manager.Vaults
.Define(vaultName1)
.WithRegion(Region.USWest)
.WithNewResourceGroup(rgName)
.DefineAccessPolicy()
.ForServicePrincipal(spnCredentialsClientId)
.AllowKeyAllPermissions()
.AllowSecretAllPermissions()
.Attach()
.Create();
Assert.NotNull(vault);
SdkContext.DelayProvider.Delay(10000);
var secret = vault.Secrets.Define(secretName)
.WithValue("Some secret value")
.Create();
Assert.NotNull(secret);
Assert.NotNull(secret.Id);
Assert.Equal("Some secret value", secret.Value);
secret = secret.Update()
.WithValue("Some updated value")
.Apply();
Assert.Equal("Some updated value", secret.Value);
var versions = secret.ListVersions();
int count = 2;
foreach (var version in versions)
{
if ("Some secret value" == version.Value)
{
count--;
}
if ("Some updated value" == version.Value)
{
count--;
}
}
Assert.Equal(0, count);
}
finally
{
try
{
TestHelper.CreateResourceManager().ResourceGroups.DeleteByName(rgName);
}
catch { }
}
}
}
public KeyVaultAccessManager(IKeyVaultManager keyVaultManager)
{
this.keyVaultManager = keyVaultManager;
}
public CredentialLookup(IKeyVaultManager keyVaultManager, IStringGenerator stringGenerator)
{
this.keyVaultManager = keyVaultManager;
this.stringGenerator = stringGenerator;
}
