feat: add self_signed pluginConfig

[JeyJeyGao]

Feat:

• added self_signed parameter in the pluginConfig for self-signed certificate (Certificates Get permission)

Fix:

• removed as_secert pluginConfig
• secerts get is the default behavior when self_signed and ca_certs are not set (Secrets Get permission)
• added a message to remind user to enable secrets get permission
• raise exception when the ca_certs is empty

Parameters logic:

• self_signed is true && ca_certs=/path/to/cacerts ==> exception
• self_signed is true && ca_certs is null or empty ==> get self-signed certificate with Certificates Get permission
• self_signed is false or not set && ca_certs=/path/to/cacerts ==> get leaf certificate with Certificates Get permission and read the certificate bundle from file
• self_signed is false or not set && ca_certs is not set or empty ==> get certificate chain with Secrets Get permission

Signed-off-by: Junjie Gao junjiegao@microsoft.com

[codecov]

Codecov Report

Merging #119 (6550dd7) into main (6bf62ca) will increase coverage by 0.22%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #119      +/-   ##
==========================================
+ Coverage   93.97%   94.19%   +0.22%     
==========================================
  Files          15       15              
  Lines         448      465      +17     
==========================================
+ Hits          421      438      +17     
  Misses         27       27              

Impacted Files	Coverage Δ
...gin.AzureKeyVault/Certificate/CertificateBundle.cs	100.00% <100.00%> (ø)
....Plugin.AzureKeyVault/Command/GenerateSignature.cs	100.00% <100.00%> (ø)

[shizhMSFT]

LGTM with suggestions

[shizhMSFT]

LGTM

[Two-Hearts]

I highly recommend that we document this behavior somewhere in this Repo for user's reference, otherwise the learning experience for new users gonna be a real pain :)

Parameters logic:
self_signed is true && ca_certs=/path/to/cacerts ==> exception
self_signed is true && ca_certs is null or empty ==> get self-signed certificate with Certificates Get permission
self_signed is false or not set && ca_certs=/path/to/cacerts ==> get leaf certificate with Certificates Get permission and read the certificate bundle from file
self_signed is false or not set && ca_certs is not set or empty ==> get certificate chain with Secrets Get permission

/cc: @shizhMSFT @yizha1 @FeynmanZhou

[JeyJeyGao]

I highly recommend that we document this behavior somewhere in this Repo for user's reference, otherwise the learning experience for new users gonna be a real pain :)

Parameters logic:
self_signed is true && ca_certs=/path/to/cacerts ==> exception
self_signed is true && ca_certs is null or empty ==> get self-signed certificate with Certificates Get permission
self_signed is false or not set && ca_certs=/path/to/cacerts ==> get leaf certificate with Certificates Get permission and read the certificate bundle from file
self_signed is false or not set && ca_certs is not set or empty ==> get certificate chain with Secrets Get permission

/cc: @shizhMSFT @yizha1 @FeynmanZhou

I will create a new RR to update the documentations and include your suggestion.