public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
//Getting secret from query
string secret = req.Query["secret"];
//Validating if secret is empty
if (string.IsNullOrEmpty(secret))
return new BadRequestObjectResult("Request does not contain a valid Secret");
SecretRequest secretRequest = new SecretRequest(secret);
log.LogInformation($"GetKeyVaultSecret request received for secret { secretRequest.Secret}");
//Creating keyvault object
var keyvault = new KeyVault();
log.LogInformation("Secret Value retrieved from KeyVault.");
//Getting secret information
var secretBundle = await keyvault.GetSecret(secret);
//Returning secret data
var secretResponse = new SecretResponse { Secret = secretRequest.Secret, Value = secretBundle.Value };
return new OkObjectResult(secretResponse);
}
public DriveHandler(ILogger <Startup> Logger, IConfiguration configuration)
{
Configuration = configuration;
_logger = Logger;
var keys = new KeyVault(Logger);
_folderId = keys.GetSecret("ChummerFolderId");
}
private UserCredential AuthorizeGoogleUser()
{
try
{
//string refreshToken = Startup.AppSettings["AuthenticationGoogleRefreshToken"];
var keys = new KeyVault(_logger);
string refreshToken = keys.GetSecret("AuthenticationGoogleRefreshToken");
//_logger.LogInformation("AuthenticationGoogleRefreshToken retrieved from KeyVault: " + refreshToken);
var token = new TokenResponse
{
AccessToken = "",
RefreshToken = refreshToken
};
var flow2 = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = keys.GetSecret("GoogleChummerSINersId"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersId"],
ClientSecret = keys.GetSecret("GoogleChummerSINersSecret"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersSecret"]
},
Scopes = Scopes,
DataStore = new GoogleIDataStore("me", refreshToken, _logger)
});
_logger.LogInformation("AuthenticationGoogleRefreshToken retrieved from KeyVault: " + refreshToken
+ Environment.NewLine + "\tGoogleChummerSINersId: " + flow2.ClientSecrets.ClientId + Environment.NewLine
+ "\tGoogleChummerSINersSecret: " + flow2.ClientSecrets.ClientSecret);
UserCredential credential = new UserCredential(flow2, "me", token);
return(credential);
}
catch (Exception e)
{
_logger.LogError("Could Authorize Google User: " + e);
throw;
}
}
public ActionResult LookUp(int beerId)
{
string clientId = KeyVault.GetSecret("untappd-clientid").Result;
string clientSecret = KeyVault.GetSecret("untappd-clientsecret").Result;
UntappdClient client = UntappdClient.Create(clientId, clientSecret);
ViewBag.Message = client.Lookup(beerId);
return(View("Message"));
}
[ExcludeFromCodeCoverage] //excluded as Msi isn't part of the build pipeline for testing.
public static IConfigurationBuilder AddKeyVaultSecrets(this IConfigurationBuilder builder, List <string> keys, bool throwNotFoundErrors = false)
{
try
{
var instanceName = builder.Build().GetValue <string>("KeyVaultInstanceName");
if (instanceName.IsNullOrEmpty())
{
throw new InvalidOperationException("Expecting setting \"KeyVaultInstanceName\" to infer instance name");
}
var vault = new KeyVault(new MsiConfig {
KeyVaultInstanceName = instanceName
});
var secrets = new List <KeyValuePair <string, string> >();
// Gather secrets from Key Vault
foreach (var key in keys)
{
try
{
var value = vault.GetSecret(key).GetAwaiter().GetResult();
secrets.Add(new KeyValuePair <string, string>(key, value));
}
catch (KeyVaultErrorException e)
{
// Throw an exception if requested.
if (e.Response.StatusCode == HttpStatusCode.NotFound && throwNotFoundErrors)
{
throw;
}
// Do nothing if it fails to find the value.
Console.WriteLine($"Failed to find keyvault setting: {key}, exception: {e.Message}");
}
}
// Add them to config.
if (secrets.Any())
{
builder.AddInMemoryCollection(secrets);
}
// Keep track of instance.
KeyVaultInstance = vault;
// Return updated builder.
return(builder);
}
catch (Exception ex)
{
throw new InvalidOperationException("Problem occurred retrieving secrets from KeyVault using Managed Identity", ex);
}
}
public void Test_KeyVault_MsiError()
{
// Arrange
var kvClient = new KeyVault(new MsiConfig {
KeyVaultInstanceName = _config.GetValue <string>("InstanceName")
});
// Act/Assert
kvClient.Name.Should().Be(_config.GetValue <string>("InstanceName"));
(kvClient.Config as MsiConfig).Should().NotBeNull();
Assert.Throws <AzureServiceTokenProviderException>(() => kvClient.GetSecret("test").GetAwaiter().GetResult());
}
//https://stackoverflow.com/questions/26098009/how-google-api-v-3-0-net-library-and-google-oauth2-handling-refresh-token/31843907#31843907
public async Task <UserCredential> GetUserCredential(IConfiguration configuration)
{
try
{
var keys = new KeyVault(_logger);
string refreshToken = keys.GetSecret("AuthenticationGoogleRefreshToken");//Startup.AppSettings["AuthenticationGoogleRefreshToken"];
UserCredential credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
new ClientSecrets
{
ClientId = keys.GetSecret("GoogleChummerSINersId"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersId"],
ClientSecret = keys.GetSecret("GoogleChummerSINersSecret"), //Startup.AppSettings["Authentication.Google.GoogleChummerSINersSecret"]
}, Scopes, "user", CancellationToken.None, new GoogleIDataStore("me", refreshToken, _logger));
return(credential);
}
catch (Exception e)
{
_logger.LogError("Could not get UserCredentials: " + e);
return(null);
}
}
public static void SetConnectionString()
{
string connectionString = ConfigurationManager.ConnectionStrings["BifDbContext"].ConnectionString;
if (!connectionString.Contains("{0}"))
{
HttpContext.Current.Application.Add("connectionString", connectionString);
return;
}
string username = KeyVault.GetSecret("db-username").Result;
string password = KeyVault.GetSecret(username).Result;
HttpContext.Current.Application.Add("connectionString", string.Format(connectionString, username, password));
}
public JsonResult SearchAsync(string q)
{
string clientId = KeyVault.GetSecret("untappd-clientid").Result;
string clientSecret = KeyVault.GetSecret("untappd-clientsecret").Result;
UntappdClient client = UntappdClient.Create(clientId, clientSecret);
BeerSearchResult searchResult = client.Search(q);
var results = searchResult.Beers.Items.Select(x => new {
x.Beer.Id,
Name = x.Beer.Name,
x.Beer.Rating,
Brewery = x.Brewery.Name
});
return(Json(results, JsonRequestBehavior.AllowGet));
}
/// <summary>
/// Adds key vault secrets to the configuration builder.
/// Uses Service Principle configuration for security.
/// </summary>
/// <param name="builder">The builder to extend.</param>
/// <param name="config">The service principle configuration information.</param>
/// <param name="keys">The keys to lookup.</param>
/// <returns>IConfigurationBuilder.</returns>
/// <exception cref="InvalidOperationException">Problem occurred retrieving secrets from KeyVault</exception>
public static IConfigurationBuilder AddKeyVaultSecrets(this IConfigurationBuilder builder, ServicePrincipleConfig config, params string[] keys)
{
try
{
var vault = new KeyVault(config);
var secrets = new List <KeyValuePair <string, string> >();
// Gather secrets from Key Vault
foreach (var key in keys)
{
try
{
var value = vault.GetSecret(key).GetAwaiter().GetResult();
secrets.Add(new KeyValuePair <string, string>(key, value));
}
catch (KeyVaultErrorException e)
{
// Do nothing if it fails to find the value.
Console.WriteLine($"Failed to find keyvault setting: {key}, exception: {e.Message}");
}
}
// Add them to config.
if (secrets.Any())
{
builder.AddInMemoryCollection(secrets);
}
// Keep track of instance.
KeyVaultInstance = vault;
// Return updated builder.
return(builder);
}
catch (Exception ex)
{
throw new InvalidOperationException("Problem occurred retrieving secrets from KeyVault using Service Principle", ex);
}
}
