forked from icgam/Easify.Azure
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from icgam/Feature/AzureKeyVault
ADP-9462 Feature/azure key vault - Add Azure KeyVault to Easify
- Loading branch information
Showing
8 changed files
with
188 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
src/Easify.Azure.AspNetCore.UnitTests/Easify.Azure.AspNetCore.UnitTests.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<PropertyGroup> | ||
<TargetFramework>netcoreapp3.1</TargetFramework> | ||
|
||
<IsPackable>false</IsPackable> | ||
</PropertyGroup> | ||
|
||
<ItemGroup> | ||
<PackageReference Include="FluentAssertions" Version="5.10.3" /> | ||
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.8.0" /> | ||
<PackageReference Include="NSubstitute" Version="4.2.2" /> | ||
<PackageReference Include="xunit" Version="2.4.1" /> | ||
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3"> | ||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | ||
<PrivateAssets>all</PrivateAssets> | ||
</PackageReference> | ||
<PackageReference Include="coverlet.collector" Version="1.3.0"> | ||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | ||
<PrivateAssets>all</PrivateAssets> | ||
</PackageReference> | ||
</ItemGroup> | ||
|
||
<ItemGroup> | ||
<ProjectReference Include="..\Easify.Azure.AspNetCore\Easify.Azure.AspNetCore.csproj" /> | ||
</ItemGroup> | ||
|
||
</Project> |
49 changes: 49 additions & 0 deletions
49
src/Easify.Azure.AspNetCore.UnitTests/KeyVault/KeyVaultExtensionsTests.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
using Easify.Azure.AspNetCore.KeyVaults; | ||
using FluentAssertions; | ||
using Microsoft.Extensions.Configuration; | ||
using Xunit; | ||
|
||
namespace Easify.Azure.AspNetCore.UnitTests.KeyVault | ||
{ | ||
public class KeyVaultExtensionsTests | ||
{ | ||
[Fact] | ||
public void Should_AddAzureKeyVault_SkipAddingKeyVaultConfiguration_WhenNoNameHasBennProvidedForKeyVaults() | ||
{ | ||
// Arrange | ||
var builder = new ConfigurationBuilder(); | ||
|
||
//Act | ||
builder.AddAzureKeyVault(m => | ||
{ | ||
m.KeyVaultNames = new string[]{}; | ||
m.AzureAdApplicationId = "AppID"; | ||
m.AzureAdApplicationCertThumbprint = "CertificateThumbprint"; | ||
m.AzureAdTenantId = "TenantID"; | ||
}); | ||
|
||
//Assert | ||
builder.Sources.Count.Should().Be(0); | ||
} | ||
|
||
[Fact] | ||
public void Should_AddAzureKeyVault_SkipAddingKeyVaultConfiguration_WhenTheConditionalRegistrationIsFalse() | ||
{ | ||
// Arrange | ||
var builder = new ConfigurationBuilder(); | ||
|
||
|
||
//Act | ||
builder.AddAzureKeyVault(() => false, m => | ||
{ | ||
m.KeyVaultNames = new string[]{}; | ||
m.AzureAdApplicationId = "AppID"; | ||
m.AzureAdApplicationCertThumbprint = "CertificateThumbprint"; | ||
m.AzureAdTenantId = "TenantID"; | ||
}); | ||
|
||
//Assert | ||
builder.Sources.Count.Should().Be(0); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"Logging": { | ||
"LogLevel": { | ||
"Default": "Debug", | ||
"System": "Information", | ||
"Microsoft": "Information" | ||
} | ||
}, | ||
"KeyVaultOptions": { | ||
"AzureAdTenantId": "ConfigurationTenantId", | ||
"AzureAdApplicationId": "ConfigurationApplicationId", | ||
"AzureAdApplicationCertThumbprint": "ConfigurationCertificateThumbprint", | ||
"KeyVaultNames": [] | ||
} | ||
} |
19 changes: 19 additions & 0 deletions
19
src/Easify.Azure.AspNetCore/Easify.Azure.AspNetCore.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<PropertyGroup> | ||
<TargetFramework>netstandard2.0</TargetFramework> | ||
<GeneratePackageOnBuild>true</GeneratePackageOnBuild> | ||
<Title>Easify.Azure.AspNetCore</Title> | ||
<Authors>Mohammad Moattar</Authors> | ||
<PackageProjectUrl>https://github.com/icgam/Easify.Azure</PackageProjectUrl> | ||
<RepositoryUrl>https://github.com/icgam/Easify.Azure</RepositoryUrl> | ||
<LangVersion>default</LangVersion> | ||
</PropertyGroup> | ||
|
||
<ItemGroup> | ||
<PackageReference Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.2.1" /> | ||
<PackageReference Include="Azure.Identity" Version="1.4.0" /> | ||
<PackageReference Include="Easify.Configurations" Version="1.1.4" /> | ||
</ItemGroup> | ||
|
||
</Project> |
50 changes: 50 additions & 0 deletions
50
src/Easify.Azure.AspNetCore/KeyVaults/KeyVaultExtensions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
using System; | ||
using System.Diagnostics.CodeAnalysis; | ||
using System.Linq; | ||
using System.Security.Cryptography.X509Certificates; | ||
using Azure.Extensions.AspNetCore.Configuration.Secrets; | ||
using Azure.Identity; | ||
using Microsoft.Extensions.Configuration; | ||
|
||
namespace Easify.Azure.AspNetCore.KeyVaults | ||
{ | ||
public static class KeyVaultExtensions | ||
{ | ||
[ExcludeFromCodeCoverage] | ||
public static IConfigurationBuilder AddAzureKeyVault(this IConfigurationBuilder builder, Action<KeyVaultOptions> configure = null) | ||
{ | ||
if (builder == null) throw new ArgumentNullException(nameof(builder)); | ||
|
||
var config = builder.Build(); | ||
var options = new KeyVaultOptions(); | ||
config.GetSection(nameof(KeyVaultOptions)).Bind(options); | ||
|
||
configure?.Invoke(options); | ||
|
||
if (!options.KeyVaultNames.Any()) | ||
return builder; | ||
|
||
using var store = new X509Store(options.LocalCertificateStore); | ||
store.Open(OpenFlags.ReadOnly); | ||
var certs = store.Certificates.Find( | ||
X509FindType.FindByThumbprint, | ||
config[options.AzureAdApplicationCertThumbprint], false); | ||
|
||
foreach (var keyVaultName in options.KeyVaultNames) | ||
{ | ||
builder.AddAzureKeyVault(new Uri($"https://{keyVaultName}.vault.azure.net/"), | ||
new ClientCertificateCredential(options.AzureAdTenantId, options.AzureAdApplicationId, certs.OfType<X509Certificate2>().Single()), | ||
new KeyVaultSecretManager()); | ||
} | ||
store.Close(); | ||
|
||
return builder; | ||
} | ||
|
||
public static IConfigurationBuilder AddAzureKeyVault(this ConfigurationBuilder builder, Func<bool> condition, | ||
Action<KeyVaultOptions> configure = null) | ||
{ | ||
return condition() ? builder.AddAzureKeyVault(configure) : builder; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
using System.Security.Cryptography.X509Certificates; | ||
|
||
namespace Easify.Azure.AspNetCore.KeyVaults | ||
{ | ||
public class KeyVaultOptions | ||
{ | ||
public string AzureAdTenantId { get; set; } | ||
public string AzureAdApplicationId { get; set; } | ||
public string AzureAdApplicationCertThumbprint { get; set; } | ||
public StoreLocation LocalCertificateStore { get; set; } = StoreLocation.CurrentUser; | ||
public string[] KeyVaultNames { get; set; } = { }; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters