public void AzureClientCertificateLocalFile() { TestUtilities utils = DefaultUtilities(); ConfigurationOptions config = utils.ConfigurationOptions; utils.ConfigurationOptions.Validate(); DeleteTokenCache(); ProcessOutput results = utils.ExecuteTest((config) => { AzureResourceManager arm = new AzureResourceManager(config); string certFile = $"{TestUtilities.TempDir}\\{config.AzureClientSecret}.pfx"; new CertificateUtilities().SaveCertificateToFile(_appCertificate, certFile); //config.AzureClientId = ""; config.AzureClientCertificate = certFile; config.AzureKeyVault = ""; config.AzureClientSecret = ""; Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid"); return(config.ValidateAad()); }, utils.Collector.Config); Assert.IsTrue(results.ExitBool); Assert.IsTrue(!results.HasErrors(), results.ToString()); }
public bool CreateClient(bool prompt, bool deviceLogin = false, string resource = "") { if (_config.IsClientIdConfigured() & prompt) { return(false); } else if (_config.IsClientIdConfigured() & !prompt) { if (_config.ClientCertificate != null) { CreateConfidentialCertificateClient(resource, _config.ClientCertificate); } else if (!string.IsNullOrEmpty(_config.AzureKeyVault) & !string.IsNullOrEmpty(_config.AzureClientSecret)) { CreateConfidentialCertificateClient(resource, ReadCertificateFromKeyvault(_config.AzureKeyVault, _config.AzureClientSecret)); } else if (ClientIdentity.IsTypeManagedIdentity) { CreateConfidentialManagedIdentityClient(resource); } else if (!string.IsNullOrEmpty(_config.AzureClientCertificate)) { CreateConfidentialCertificateClient(resource, new CertificateUtilities().GetClientCertificate(_config.AzureClientCertificate)); } else if (!string.IsNullOrEmpty(_config.AzureClientSecret)) { CreateConfidentialClient(resource, _config.AzureClientSecret); } else { Log.Error("unknown configuration"); return(false); } return(true); } else { CreatePublicClient(prompt, deviceLogin); return(true); } }
private void Authenticate() { if (!_arm.IsAuthenticated) { _arm.Scopes = new List <string>() { $"{_armAuthResource}//user_impersonation" }; if (_config.IsClientIdConfigured()) { _arm.Scopes = new List <string>() { $"{_armAuthResource}//.default" }; } _arm.Authenticate(false, _armAuthResource); } if (!_laArm.IsAuthenticated) { _laArm.Scopes = new List <string>() { $"{_logAnalyticsAuthResource}//user_impersonation" }; if (_config.IsClientIdConfigured()) { _laArm.Scopes = new List <string>() { $"{_logAnalyticsAuthResource}//.default" }; } _laArm.Authenticate(true, _logAnalyticsAuthResource); } }
public void AzureClientCertificateKeyVaultAppRegistration() { TestUtilities utils = DefaultUtilities(); ConfigurationOptions config = utils.ConfigurationOptions; utils.ConfigurationOptions.Validate(); DeleteTokenCache(); ProcessOutput results = utils.ExecuteTest((config) => { config.AzureClientCertificate = ""; Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid"); return(config.ValidateAad()); }, utils.Collector.Config); Assert.IsTrue(results.ExitBool); Assert.IsTrue(!results.HasErrors(), results.ToString()); }
public void Authenticate(bool throwOnError = false) { _arm.Scopes = new List <string>() { $"{ClusterIngestUrl}/kusto.read", $"{ClusterIngestUrl}/kusto.write" }; if (_config.IsClientIdConfigured()) { _arm.Scopes = new List <string>() { $"{ClusterIngestUrl}/.default" }; } if (_config.IsKustoConfigured() && _arm.Authenticate(throwOnError, ClusterIngestUrl)) { DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName, UserToken = _arm.BearerToken }; ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName, UserToken = _arm.BearerToken }; } else { DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName }; ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName }; } IdentityToken = RetrieveKustoIdentityToken(); IngestionResources = RetrieveIngestionResources(); }
public void AzureClientCertificateKeyVaultUserManagedIdentity() { TestUtilities utils = DefaultUtilities(); ConfigurationOptions config = utils.ConfigurationOptions; utils.ConfigurationOptions.Validate(); DeleteTokenCache(); ProcessOutput results = utils.ExecuteTest((config) => { //config.AzureClientId = ""; Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid"); AzureResourceManager arm = new AzureResourceManager(config); Assert.IsTrue(arm.ClientIdentity.IsUserManagedIdentity, "arm.IsUserManagedIdentity not detected. test from azure vm with user managed identity enabled."); return(config.ValidateAad()); }, utils.Collector.Config); Assert.IsTrue(results.ExitBool); Assert.IsTrue(!results.HasErrors(), results.ToString()); }
public void AzureClientCertificateX509withPassword() { TestUtilities utils = DefaultUtilities(); ConfigurationOptions config = utils.ConfigurationOptions; utils.ConfigurationOptions.Validate(); DeleteTokenCache(); ProcessOutput results = utils.ExecuteTest((config) => { CertificateUtilities certificateUtilities = new CertificateUtilities(); certificateUtilities.SetSecurePassword(TestUtilities.TestProperties.testAdminPassword); config.ClientCertificate = certificateUtilities.GetClientCertificate(TestUtilities.TestProperties.AzureClientCertificate);// _appCertificate; config.AzureKeyVault = ""; Assert.IsTrue(config.IsClientIdConfigured(), "test configuration invalid"); return(config.ValidateAad()); }, utils.Collector.Config); Assert.IsTrue(results.ExitBool); Assert.IsTrue(!results.HasErrors(), results.ToString()); }
public void Authenticate(bool throwOnError = false) { _arm.Scopes = new List <string>() { $"{ClusterIngestUrl}/kusto.read", $"{ClusterIngestUrl}/kusto.write" }; if (_config.IsClientIdConfigured()) { _arm.Scopes = new List <string>() { $"{ClusterIngestUrl}/.default" }; } if (_config.IsKustoConfigured() && _arm.Authenticate(throwOnError, ClusterIngestUrl)) { if (_arm.ClientIdentity.IsAppRegistration) { Log.Info($"connecting to kusto with app registration {_config.AzureClientId}"); DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName, ApplicationClientId = _config.AzureClientId, ApplicationCertificateBlob = _config.ClientCertificate, Authority = _config.AzureTenantId, ApplicationCertificateSendX5c = true }; ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName, ApplicationClientId = _config.AzureClientId, ApplicationCertificateBlob = _config.ClientCertificate, Authority = _config.AzureTenantId, ApplicationCertificateSendX5c = true }; } else { DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName, UserToken = _arm.BearerToken }; ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName, UserToken = _arm.BearerToken }; } } else { DatabaseConnection = new KustoConnectionStringBuilder(ClusterIngestUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName }; ManagementConnection = new KustoConnectionStringBuilder(ManagementUrl) { FederatedSecurity = true, InitialCatalog = DatabaseName }; } IdentityToken = RetrieveKustoIdentityToken(); IngestionResources = RetrieveIngestionResources(); }