Added new conf prop for kv dict (#342)

* Added new conf prop for kv dict * no serializatoin * config as string * added default value for kv dict * use alternate kv name where available * removed code modifications * removed unused usings * added unit test * using tryget instead
Altinn · Feb 23, 2024 · e4c6b01 · e4c6b01
1 parent dfcb5c4
commit e4c6b01
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 5 deletions.
diff --git a/src/Storage/Configuration/AzureStorageConfiguration.cs b/src/Storage/Configuration/AzureStorageConfiguration.cs
@@ -35,6 +35,11 @@ public class AzureStorageConfiguration
         /// </summary>
         public string OrgKeyVaultURI { get; set; }
 
+        /// <summary>
+        /// Dictionary containing alternative key vault names for app owner
+        /// </summary>
+        public string OrgKeyVaultDict { get; set; } = "{}";
+
         /// <summary>
         /// name of app owner storage account
         /// </summary>

diff --git a/src/Storage/Repository/BlobRepository.cs b/src/Storage/Repository/BlobRepository.cs
@@ -1,17 +1,16 @@
 using System;
-using System.Collections.Generic;
-using System.Data;
 using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
+
 using Altinn.Platform.Storage.Configuration;
-using Altinn.Platform.Storage.Interface.Enums;
 using Altinn.Platform.Storage.Interface.Models;
+
 using Azure;
 using Azure.Storage;
 using Azure.Storage.Blobs;
 using Azure.Storage.Blobs.Models;
-using Microsoft.Extensions.Hosting;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 

diff --git a/src/Storage/Repository/SasTokenProvider.cs b/src/Storage/Repository/SasTokenProvider.cs
@@ -1,5 +1,7 @@
 using System;
 using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
 
@@ -25,6 +27,7 @@ public class SasTokenProvider : ISasTokenProvider
         private readonly ILogger<SasTokenProvider> _logger;
 
         private readonly SemaphoreSlim _semaphore = new SemaphoreSlim(1, 1);
+        private readonly Dictionary<string, string> _orgKeyVaultDict;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="SasTokenProvider"/> class.
@@ -43,6 +46,7 @@ public class SasTokenProvider : ISasTokenProvider
         {
             _keyVaultWrapper = keyVaultWrapper;
             _storageConfiguration = storageConfiguration.Value;
+            _orgKeyVaultDict = JsonSerializer.Deserialize<Dictionary<string, string>>(_storageConfiguration.OrgKeyVaultDict);
             _logger = logger;
         }
 
@@ -72,7 +76,17 @@ public async Task<string> GetSasToken(string org)
                 string sasDefinition = string.Format(_storageConfiguration.OrgSasDefinition, org);
 
                 string secretName = $"{storageAccount}-{sasDefinition}";
-                string keyVaultUri = string.Format(_storageConfiguration.OrgKeyVaultURI, org);
+
+                string keyVaultUri = string.Empty;
+
+                if (_orgKeyVaultDict.TryGetValue(org, out keyVaultUri))
+                {
+                    // key was found in dictionary and keyVaultUri populated with a value
+                }
+                else
+                {
+                    keyVaultUri = string.Format(_storageConfiguration.OrgKeyVaultURI, org);
+                }
 
                 _logger.LogInformation("Getting secret '{secretName}' from '{keyVaultUri}'.", secretName, keyVaultUri);
 

diff --git a/test/UnitTest/TestingRepositories/SasTokenProviderTests.cs b/test/UnitTest/TestingRepositories/SasTokenProviderTests.cs
@@ -10,6 +10,7 @@
 using Microsoft.Extensions.Options;
 
 using Moq;
+
 using Xunit;
 
 namespace Altinn.Platform.Storage.UnitTest.TestingRepositories
@@ -247,5 +248,43 @@ public async Task GetSasToken_TokenExpiresBetweenCalls_PerformsTwoCallsToKeyVaul
 
             keyVaultClient.Verify(s => s.GetSecretAsync(It.Is<string>(u => u == uri), It.Is<string>(i => i == secretName)), Times.Exactly(2));
         }
+
+        [Fact]
+        public async Task GetSasToken_OrgKvUsesAlternativeName_NameRetrievedFromDictionary()
+        {
+            // Arrange
+            string org = "ttd";
+            string uri = "random-uri.com";
+
+            string storageAccount = string.Format(StorageAccount, org);
+            string sasDefinition = string.Format(SasDefinition, org);
+            string secretName = $"{storageAccount}-{sasDefinition}";
+
+            Mock<IKeyVaultClientWrapper> keyVaultClient = new Mock<IKeyVaultClientWrapper>();
+            keyVaultClient.Setup(s => s.GetSecretAsync(It.IsAny<string>(), It.IsAny<string>())).ReturnsAsync("ttdsecret");
+
+            AzureStorageConfiguration storageSettings = new AzureStorageConfiguration
+            {
+                OrgKeyVaultURI = KeyVaultURI,
+                OrgStorageAccount = StorageAccount,
+                OrgSasDefinition = SasDefinition,
+                OrgKeyVaultDict = "{\"ttd\":\"random-uri.com\"}",
+                AllowedSasTokenAgeHours = 0
+            };
+
+            Mock<IOptions<AzureStorageConfiguration>> storageConfiguration = new Mock<IOptions<AzureStorageConfiguration>>();
+            storageConfiguration.SetupGet(x => x.Value).Returns(storageSettings);
+
+            SasTokenProvider target = new SasTokenProvider(keyVaultClient.Object, storageConfiguration.Object, _mockLogger.Object);
+
+            // Act
+            await target.GetSasToken(org);
+            string actual = await target.GetSasToken(org);
+
+            // Assert
+            Assert.Equal("ttdsecret", actual);
+
+            keyVaultClient.Verify(s => s.GetSecretAsync(It.Is<string>(u => u == uri), It.Is<string>(i => i == secretName)), Times.Exactly(2));
+        }
     }
 }