public void GivenAConfig_ThenTheMockValuesAreReplacedFromKeyVault() { var service = Substitute.For <ISecretService>(); var client = Substitute.For <IKeyVaultClient>(); client.GetSecretWithHttpMessagesAsync(Arg.Any <string>(), Arg.Is("test1"), Arg.Any <string>(), Arg.Any <Dictionary <string, List <string> > >(), Arg.Any <CancellationToken>()) .Returns(Task.FromResult(new AzureOperationResponse <SecretBundle> { Body = new SecretBundle("secret1") })); var authedClient = new AuthedClient(client); var reader = new ReadKey(authedClient, "keyvaultbuild", "test1"); service.ResolveSingleKey(Arg.Is("#{keyvault:keyvaultbuild:test1}")).Returns(reader); var keys = new TransformKeys(service); var snippet = @"<?xml version=""1.0"" encoding=""utf-8""?> <configuration> <appSettings> <add key=""key1"" value=""#{keyvault:keyvaultbuild:test1}"" /> </appSettings> </configuration>"; var expected = @"<?xml version=""1.0"" encoding=""utf-8""?> <configuration> <appSettings> <add key=""key1"" value=""secret1"" /> </appSettings> </configuration>"; var val = keys.ReplaceKeys(snippet); Assert.AreEqual(expected, val); }
public override bool Execute() { var debug = string.Equals("true", DebugTask?.Trim(), StringComparison.OrdinalIgnoreCase); var promptAuth = string.Equals("true", AlwaysPromptInteractiveAuth?.Trim(), StringComparison.OrdinalIgnoreCase); Config.Log.Information = x => Log.LogWarning(x); Config.Log.Error = (ex, m) => Log.LogError("Error while processing secrets from keyvault. " + Environment.NewLine + ex); try { if (debug && !Debugger.IsAttached) { Debugger.Launch(); Debugger.Break(); } if (promptAuth) { Log.LogWarning("KeyVaultBuildTask: Set to always prompting for auth information."); } var service = SecretServiceBuilder.Create() .AlwaysPromptInteractiveAuth(promptAuth) .WithDirectory(DirectoryId) .WithServicePrincipal(ClientId, Secret); if (!string.IsNullOrEmpty(VaultAliases)) { foreach (var alias in VaultAliases?.Trim().Split(new [] { ';' }, StringSplitOptions.RemoveEmptyEntries)) { var pair = alias.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries); service.WithVaultAlias(pair.First(), pair.Last()); Log.LogWarning("Overriding vault '{0}' with '{1}'", pair.First(), pair.Last()); } } var transformKey = new TransformKeys(service.Build()); var files = ConfigFiles.Select(file => file.GetMetadata("Fullpath")).ToArray(); Parallel.ForEach(files, file => { transformKey.SaveAsFile(file); }); } catch (Exception ex) { TokenCache.DefaultShared.Clear(); Config.Log.Error(ex, "Error occured processing secrets. "); if (debug) { Debugger.Break(); } return(false); } return(true); }
public ReadKey ResolveSingleKey(string keySyntax) { if (TransformKeys.IsKeySyntax(keySyntax) == false) { throw new Exception("Invalid key syntax"); } var raw = keySyntax.Trim('#', '{', '}').Split(':').ToArray(); if (raw.Length != 2 && raw.Length != 3) { throw new Exception("Invalid number of key parts"); } if (raw.Length == 3) { raw = raw.Skip(1).ToArray(); } var vault = raw.First(); var key = raw.Last(); if (_vaultAliases.ContainsKey(vault)) { vault = _vaultAliases[vault]; } var cacheKey = $"{vault}:{key}"; if (_keyCache.ContainsKey(cacheKey) == false) { _keyCache[cacheKey] = new ReadKey(_client, vault, key); } return(_keyCache[cacheKey]); }
public void GivenVaultWithADash() { Assert.IsTrue(TransformKeys.IsKeySyntax("#{keyvault:keyvaultbuild-pre:test}")); }
public void GivenAKeyWithNumbers() { Assert.IsTrue(TransformKeys.IsKeySyntax("#{keyvault:keyvaultbuild:test1230}")); }