public async Task KeyVaultSecretProvider_StoreSecret_Succeeds() { // Arrange var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri"); string tenantId = Configuration.GetTenantId(); string clientId = Configuration.GetServicePrincipalClientId(); string clientKey = Configuration.GetServicePrincipalClientSecret(); var secretName = $"Test-Secret-{Guid.NewGuid()}"; var secretValue = Guid.NewGuid().ToString(); using (TemporaryEnvironmentVariable.Create(Constants.AzureTenantIdEnvironmentVariable, tenantId)) using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientIdVariable, clientId)) using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientSecretVariable, clientKey)) { var keyVaultSecretProvider = new KeyVaultSecretProvider( tokenCredential: new ChainedTokenCredential(new ManagedIdentityCredential(clientId), new EnvironmentCredential()), vaultConfiguration: new KeyVaultConfiguration(keyVaultUri)); var cachedSecretProvider = new KeyVaultCachedSecretProvider(keyVaultSecretProvider); // Act Secret secret = await cachedSecretProvider.StoreSecretAsync(secretName, secretValue); // Assert Assert.NotNull(secret); Assert.NotNull(secret.Value); Assert.NotNull(secret.Version); Secret fetchedSecret = await cachedSecretProvider.GetSecretAsync(secretName); Assert.Equal(secretValue, fetchedSecret.Value); Assert.Equal(secret.Version, fetchedSecret.Version); Assert.Equal(secret.Expires, fetchedSecret.Expires); } }
public async Task StoreSecret_WithoutSecretValue_Fails() { // Arrange var stubProvider = new SpyKeyVaultSecretProvider(Mock.Of <TokenCredential>(), new KeyVaultConfiguration("https://some-key.vault.azure.net")); var cachedProvider = new KeyVaultCachedSecretProvider(stubProvider); // Act / Assert await Assert.ThrowsAnyAsync <ArgumentException>( () => cachedProvider.StoreSecretAsync(secretName: "SomeKey", secretValue: null)); }
public async Task StoreSecret_UsesCache_WhenWithinCacheInterval() { // Arrange string secretName = $"MySecret-{Guid.NewGuid()}"; string secretValue1 = $"secret-{Guid.NewGuid()}"; string secretValue2 = $"secret-{Guid.NewGuid()}"; var spyProvider = new SpyKeyVaultSecretProvider(Mock.Of <TokenCredential>(), new KeyVaultConfiguration("https://some-key.vault.azure.net")); var cachedProvider = new KeyVaultCachedSecretProvider(spyProvider); await cachedProvider.StoreSecretAsync(secretName, secretValue1); // Act await cachedProvider.StoreSecretAsync(secretName, secretValue2); // Assert string actual = await cachedProvider.GetRawSecretAsync(secretName); Assert.Equal(secretValue2, actual); Assert.Equal(2, spyProvider.StoreSecretCalls); Assert.Equal(0, spyProvider.GetRawSecretCalls); }