public void GivenAConfig_ThenTheMockValuesAreReplacedFromKeyVault()
{
var service = Substitute.For <ISecretService>();
var client = Substitute.For <IKeyVaultClient>();
client.GetSecretWithHttpMessagesAsync(Arg.Any <string>(), Arg.Is("test1"), Arg.Any <string>(), Arg.Any <Dictionary <string, List <string> > >(), Arg.Any <CancellationToken>())
.Returns(Task.FromResult(new AzureOperationResponse <SecretBundle> {
Body = new SecretBundle("secret1")
}));
var authedClient = new AuthedClient(client);
var reader = new ReadKey(authedClient, "keyvaultbuild", "test1");
service.ResolveSingleKey(Arg.Is("#{keyvault:keyvaultbuild:test1}")).Returns(reader);
var keys = new TransformKeys(service);
var snippet = @"<?xml version=""1.0"" encoding=""utf-8""?>
<configuration>
<appSettings>
<add key=""key1"" value=""#{keyvault:keyvaultbuild:test1}"" />
</appSettings>
</configuration>";
var expected = @"<?xml version=""1.0"" encoding=""utf-8""?>
<configuration>
<appSettings>
<add key=""key1"" value=""secret1"" />
</appSettings>
</configuration>";
var val = keys.ReplaceKeys(snippet);
Assert.AreEqual(expected, val);
}
public override bool Execute()
{
var debug = string.Equals("true", DebugTask?.Trim(), StringComparison.OrdinalIgnoreCase);
var promptAuth = string.Equals("true", AlwaysPromptInteractiveAuth?.Trim(), StringComparison.OrdinalIgnoreCase);
Config.Log.Information = x => Log.LogWarning(x);
Config.Log.Error = (ex, m) => Log.LogError("Error while processing secrets from keyvault. " + Environment.NewLine + ex);
try
{
if (debug && !Debugger.IsAttached)
{
Debugger.Launch();
Debugger.Break();
}
if (promptAuth)
{
Log.LogWarning("KeyVaultBuildTask: Set to always prompting for auth information.");
}
var service = SecretServiceBuilder.Create()
.AlwaysPromptInteractiveAuth(promptAuth)
.WithDirectory(DirectoryId)
.WithServicePrincipal(ClientId, Secret);
if (!string.IsNullOrEmpty(VaultAliases))
{
foreach (var alias in VaultAliases?.Trim().Split(new [] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
var pair = alias.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries);
service.WithVaultAlias(pair.First(), pair.Last());
Log.LogWarning("Overriding vault '{0}' with '{1}'", pair.First(), pair.Last());
}
}
var transformKey = new TransformKeys(service.Build());
var files = ConfigFiles.Select(file => file.GetMetadata("Fullpath")).ToArray();
Parallel.ForEach(files, file =>
{
transformKey.SaveAsFile(file);
});
}
catch (Exception ex)
{
TokenCache.DefaultShared.Clear();
Config.Log.Error(ex, "Error occured processing secrets. ");
if (debug)
{
Debugger.Break();
}
return(false);
}
return(true);
}
public ReadKey ResolveSingleKey(string keySyntax)
{
if (TransformKeys.IsKeySyntax(keySyntax) == false)
{
throw new Exception("Invalid key syntax");
}
var raw = keySyntax.Trim('#', '{', '}').Split(':').ToArray();
if (raw.Length != 2 && raw.Length != 3)
{
throw new Exception("Invalid number of key parts");
}
if (raw.Length == 3)
{
raw = raw.Skip(1).ToArray();
}
var vault = raw.First();
var key = raw.Last();
if (_vaultAliases.ContainsKey(vault))
{
vault = _vaultAliases[vault];
}
var cacheKey = $"{vault}:{key}";
if (_keyCache.ContainsKey(cacheKey) == false)
{
_keyCache[cacheKey] = new ReadKey(_client, vault, key);
}
return(_keyCache[cacheKey]);
}
public void GivenVaultWithADash()
{
Assert.IsTrue(TransformKeys.IsKeySyntax("#{keyvault:keyvaultbuild-pre:test}"));
}
public void GivenAKeyWithNumbers()
{
Assert.IsTrue(TransformKeys.IsKeySyntax("#{keyvault:keyvaultbuild:test1230}"));
}
