github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/modules/azure/keyvault.go (about) 1 package azure 2 3 import ( 4 "context" 5 "fmt" 6 "testing" 7 8 kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth" 9 kvmng "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault" 10 "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" 11 "github.com/Azure/go-autorest/autorest" 12 "github.com/stretchr/testify/require" 13 ) 14 15 // KeyVaultSecretExists indicates whether a key vault secret exists; otherwise false 16 // This function would fail the test if there is an error. 17 func KeyVaultSecretExists(t *testing.T, keyVaultName string, secretName string) bool { 18 result, err := KeyVaultSecretExistsE(keyVaultName, secretName) 19 require.NoError(t, err) 20 return result 21 } 22 23 // KeyVaultKeyExists indicates whether a key vault key exists; otherwise false. 24 // This function would fail the test if there is an error. 25 func KeyVaultKeyExists(t *testing.T, keyVaultName string, keyName string) bool { 26 result, err := KeyVaultKeyExistsE(keyVaultName, keyName) 27 require.NoError(t, err) 28 return result 29 } 30 31 // KeyVaultCertificateExists indicates whether a key vault certificate exists; otherwise false. 32 // This function would fail the test if there is an error. 33 func KeyVaultCertificateExists(t *testing.T, keyVaultName string, certificateName string) bool { 34 result, err := KeyVaultCertificateExistsE(keyVaultName, certificateName) 35 require.NoError(t, err) 36 return result 37 } 38 39 // KeyVaultCertificateExistsE indicates whether a certificate exists in key vault; otherwise false. 40 func KeyVaultCertificateExistsE(keyVaultName, certificateName string) (bool, error) { 41 keyVaultSuffix, err := GetKeyVaultURISuffixE() 42 if err != nil { 43 return false, err 44 } 45 client, err := GetKeyVaultClientE() 46 if err != nil { 47 return false, err 48 } 49 maxVersionsCount := int32(1) 50 versions, err := client.GetCertificateVersions(context.Background(), 51 fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix), 52 certificateName, 53 &maxVersionsCount) 54 if err != nil { 55 return false, err 56 } 57 58 if len(versions.Values()) > 0 { 59 return true, nil 60 } 61 return false, nil 62 } 63 64 // KeyVaultKeyExistsE indicates whether a key exists in the key vault; otherwise false. 65 func KeyVaultKeyExistsE(keyVaultName, keyName string) (bool, error) { 66 keyVaultSuffix, err := GetKeyVaultURISuffixE() 67 if err != nil { 68 return false, err 69 } 70 client, err := GetKeyVaultClientE() 71 if err != nil { 72 return false, err 73 } 74 maxVersionsCount := int32(1) 75 versions, err := client.GetKeyVersions(context.Background(), 76 fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix), 77 keyName, 78 &maxVersionsCount) 79 if err != nil { 80 return false, err 81 } 82 83 if len(versions.Values()) > 0 { 84 return true, nil 85 } 86 return false, nil 87 } 88 89 // KeyVaultSecretExistsE indicates whether a secret exists in the key vault; otherwise false. 90 func KeyVaultSecretExistsE(keyVaultName, secretName string) (bool, error) { 91 client, err := GetKeyVaultClientE() 92 if err != nil { 93 return false, err 94 } 95 keyVaultSuffix, err := GetKeyVaultURISuffixE() 96 if err != nil { 97 return false, err 98 } 99 maxVersionsCount := int32(1) 100 versions, err := client.GetSecretVersions(context.Background(), 101 fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix), 102 secretName, 103 &maxVersionsCount) 104 if err != nil { 105 return false, err 106 } 107 108 if len(versions.Values()) > 0 { 109 return true, nil 110 } 111 return false, nil 112 } 113 114 // GetKeyVaultClientE creates a KeyVault client. 115 func GetKeyVaultClientE() (*keyvault.BaseClient, error) { 116 kvClient := keyvault.New() 117 authorizer, err := NewKeyVaultAuthorizerE() 118 if err != nil { 119 return nil, err 120 } 121 kvClient.Authorizer = *authorizer 122 return &kvClient, nil 123 } 124 125 // NewKeyVaultAuthorizerE will return dataplane Authorizer for KeyVault. 126 func NewKeyVaultAuthorizerE() (*autorest.Authorizer, error) { 127 authorizer, err := kvauth.NewAuthorizerFromCLI() 128 return &authorizer, err 129 } 130 131 // GetKeyVault is a helper function that gets the keyvault management object. 132 // This function would fail the test if there is an error. 133 func GetKeyVault(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) *kvmng.Vault { 134 keyVault, err := GetKeyVaultE(t, resGroupName, keyVaultName, subscriptionID) 135 require.NoError(t, err) 136 137 return keyVault 138 } 139 140 // GetKeyVaultE is a helper function that gets the keyvault management object. 141 func GetKeyVaultE(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) (*kvmng.Vault, error) { 142 // Create akey vault management client 143 vaultClient, err := GetKeyVaultManagementClientE(subscriptionID) 144 if err != nil { 145 return nil, err 146 } 147 148 //Get the corresponding server client 149 keyVault, err := vaultClient.Get(context.Background(), resGroupName, keyVaultName) 150 if err != nil { 151 return nil, err 152 } 153 154 //Return keyvault 155 return &keyVault, nil 156 } 157 158 // GetKeyVaultManagementClientE is a helper function that will setup a key vault management client 159 func GetKeyVaultManagementClientE(subscriptionID string) (*kvmng.VaultsClient, error) { 160 // Create a keyvault management client 161 vaultClient, err := CreateKeyVaultManagementClientE(subscriptionID) 162 if err != nil { 163 return nil, err 164 } 165 166 // Create an authorizer 167 authorizer, err := NewAuthorizer() 168 if err != nil { 169 return nil, err 170 } 171 172 // Attach authorizer to the client 173 vaultClient.Authorizer = *authorizer 174 175 return vaultClient, nil 176 }