/
keyvault.go
191 lines (168 loc) · 5.65 KB
/
keyvault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
package azure
import (
"context"
"fmt"
"os"
"testing"
kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
kvmng "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
"github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault"
"github.com/Azure/go-autorest/autorest"
"github.com/stretchr/testify/require"
)
// KeyVaultSecretExists indicates whether a key vault secret exists; otherwise false
// This function would fail the test if there is an error.
func KeyVaultSecretExists(t *testing.T, keyVaultName string, secretName string) bool {
result, err := KeyVaultSecretExistsE(keyVaultName, secretName)
require.NoError(t, err)
return result
}
// KeyVaultKeyExists indicates whether a key vault key exists; otherwise false.
// This function would fail the test if there is an error.
func KeyVaultKeyExists(t *testing.T, keyVaultName string, keyName string) bool {
result, err := KeyVaultKeyExistsE(keyVaultName, keyName)
require.NoError(t, err)
return result
}
// KeyVaultCertificateExists indicates whether a key vault certificate exists; otherwise false.
// This function would fail the test if there is an error.
func KeyVaultCertificateExists(t *testing.T, keyVaultName string, certificateName string) bool {
result, err := KeyVaultCertificateExistsE(keyVaultName, certificateName)
require.NoError(t, err)
return result
}
// KeyVaultCertificateExistsE indicates whether a certificate exists in key vault; otherwise false.
func KeyVaultCertificateExistsE(keyVaultName, certificateName string) (bool, error) {
keyVaultSuffix, err := GetKeyVaultURISuffixE()
if err != nil {
return false, err
}
client, err := GetKeyVaultClientE()
if err != nil {
return false, err
}
maxVersionsCount := int32(1)
versions, err := client.GetCertificateVersions(context.Background(),
fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix),
certificateName,
&maxVersionsCount)
if err != nil {
return false, err
}
if len(versions.Values()) > 0 {
return true, nil
}
return false, nil
}
// KeyVaultKeyExistsE indicates whether a key exists in the key vault; otherwise false.
func KeyVaultKeyExistsE(keyVaultName, keyName string) (bool, error) {
keyVaultSuffix, err := GetKeyVaultURISuffixE()
if err != nil {
return false, err
}
client, err := GetKeyVaultClientE()
if err != nil {
return false, err
}
maxVersionsCount := int32(1)
versions, err := client.GetKeyVersions(context.Background(),
fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix),
keyName,
&maxVersionsCount)
if err != nil {
return false, err
}
if len(versions.Values()) > 0 {
return true, nil
}
return false, nil
}
// KeyVaultSecretExistsE indicates whether a secret exists in the key vault; otherwise false.
func KeyVaultSecretExistsE(keyVaultName, secretName string) (bool, error) {
client, err := GetKeyVaultClientE()
if err != nil {
return false, err
}
keyVaultSuffix, err := GetKeyVaultURISuffixE()
if err != nil {
return false, err
}
maxVersionsCount := int32(1)
versions, err := client.GetSecretVersions(context.Background(),
fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix),
secretName,
&maxVersionsCount)
if err != nil {
return false, err
}
if len(versions.Values()) > 0 {
return true, nil
}
return false, nil
}
// GetKeyVaultClientE creates a KeyVault client.
func GetKeyVaultClientE() (*keyvault.BaseClient, error) {
kvClient := keyvault.New()
authorizer, err := NewKeyVaultAuthorizerE()
if err != nil {
return nil, err
}
kvClient.Authorizer = *authorizer
return &kvClient, nil
}
// NewKeyVaultAuthorizerE will return dataplane Authorizer for KeyVault.
func NewKeyVaultAuthorizerE() (*autorest.Authorizer, error) {
// Carry out env var lookups
_, clientIDExists := os.LookupEnv(AuthFromEnvClient)
_, tenantIDExists := os.LookupEnv(AuthFromEnvTenant)
_, fileAuthSet := os.LookupEnv(AuthFromFile)
// Execute logic to return an authorizer from the correct method
if clientIDExists && tenantIDExists {
authorizer, err := kvauth.NewAuthorizerFromEnvironment()
return &authorizer, err
} else if fileAuthSet {
authorizer, err := kvauth.NewAuthorizerFromFile()
return &authorizer, err
} else {
authorizer, err := kvauth.NewAuthorizerFromCLI()
return &authorizer, err
}
}
// GetKeyVault is a helper function that gets the keyvault management object.
// This function would fail the test if there is an error.
func GetKeyVault(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) *kvmng.Vault {
keyVault, err := GetKeyVaultE(t, resGroupName, keyVaultName, subscriptionID)
require.NoError(t, err)
return keyVault
}
// GetKeyVaultE is a helper function that gets the keyvault management object.
func GetKeyVaultE(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) (*kvmng.Vault, error) {
// Create akey vault management client
vaultClient, err := GetKeyVaultManagementClientE(subscriptionID)
if err != nil {
return nil, err
}
//Get the corresponding server client
keyVault, err := vaultClient.Get(context.Background(), resGroupName, keyVaultName)
if err != nil {
return nil, err
}
//Return keyvault
return &keyVault, nil
}
// GetKeyVaultManagementClientE is a helper function that will setup a key vault management client
func GetKeyVaultManagementClientE(subscriptionID string) (*kvmng.VaultsClient, error) {
// Create a keyvault management client
vaultClient, err := CreateKeyVaultManagementClientE(subscriptionID)
if err != nil {
return nil, err
}
// Create an authorizer
authorizer, err := NewAuthorizer()
if err != nil {
return nil, err
}
// Attach authorizer to the client
vaultClient.Authorizer = *authorizer
return vaultClient, nil
}