github.com/mponton/terratest@v0.44.0/modules/azure/keyvault.go (about)

     1  package azure
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"os"
     7  	"testing"
     8  
     9  	kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
    10  	kvmng "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault"
    11  	"github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault"
    12  	"github.com/Azure/go-autorest/autorest"
    13  	"github.com/stretchr/testify/require"
    14  )
    15  
    16  // KeyVaultSecretExists indicates whether a key vault secret exists; otherwise false
    17  // This function would fail the test if there is an error.
    18  func KeyVaultSecretExists(t *testing.T, keyVaultName string, secretName string) bool {
    19  	result, err := KeyVaultSecretExistsE(keyVaultName, secretName)
    20  	require.NoError(t, err)
    21  	return result
    22  }
    23  
    24  // KeyVaultKeyExists indicates whether a key vault key exists; otherwise false.
    25  // This function would fail the test if there is an error.
    26  func KeyVaultKeyExists(t *testing.T, keyVaultName string, keyName string) bool {
    27  	result, err := KeyVaultKeyExistsE(keyVaultName, keyName)
    28  	require.NoError(t, err)
    29  	return result
    30  }
    31  
    32  // KeyVaultCertificateExists indicates whether a key vault certificate exists; otherwise false.
    33  // This function would fail the test if there is an error.
    34  func KeyVaultCertificateExists(t *testing.T, keyVaultName string, certificateName string) bool {
    35  	result, err := KeyVaultCertificateExistsE(keyVaultName, certificateName)
    36  	require.NoError(t, err)
    37  	return result
    38  }
    39  
    40  // KeyVaultCertificateExistsE indicates whether a certificate exists in key vault; otherwise false.
    41  func KeyVaultCertificateExistsE(keyVaultName, certificateName string) (bool, error) {
    42  	keyVaultSuffix, err := GetKeyVaultURISuffixE()
    43  	if err != nil {
    44  		return false, err
    45  	}
    46  	client, err := GetKeyVaultClientE()
    47  	if err != nil {
    48  		return false, err
    49  	}
    50  	maxVersionsCount := int32(1)
    51  	versions, err := client.GetCertificateVersions(context.Background(),
    52  		fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix),
    53  		certificateName,
    54  		&maxVersionsCount)
    55  	if err != nil {
    56  		return false, err
    57  	}
    58  
    59  	if len(versions.Values()) > 0 {
    60  		return true, nil
    61  	}
    62  	return false, nil
    63  }
    64  
    65  // KeyVaultKeyExistsE indicates whether a key exists in the key vault; otherwise false.
    66  func KeyVaultKeyExistsE(keyVaultName, keyName string) (bool, error) {
    67  	keyVaultSuffix, err := GetKeyVaultURISuffixE()
    68  	if err != nil {
    69  		return false, err
    70  	}
    71  	client, err := GetKeyVaultClientE()
    72  	if err != nil {
    73  		return false, err
    74  	}
    75  	maxVersionsCount := int32(1)
    76  	versions, err := client.GetKeyVersions(context.Background(),
    77  		fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix),
    78  		keyName,
    79  		&maxVersionsCount)
    80  	if err != nil {
    81  		return false, err
    82  	}
    83  
    84  	if len(versions.Values()) > 0 {
    85  		return true, nil
    86  	}
    87  	return false, nil
    88  }
    89  
    90  // KeyVaultSecretExistsE indicates whether a secret exists in the key vault; otherwise false.
    91  func KeyVaultSecretExistsE(keyVaultName, secretName string) (bool, error) {
    92  	client, err := GetKeyVaultClientE()
    93  	if err != nil {
    94  		return false, err
    95  	}
    96  	keyVaultSuffix, err := GetKeyVaultURISuffixE()
    97  	if err != nil {
    98  		return false, err
    99  	}
   100  	maxVersionsCount := int32(1)
   101  	versions, err := client.GetSecretVersions(context.Background(),
   102  		fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix),
   103  		secretName,
   104  		&maxVersionsCount)
   105  	if err != nil {
   106  		return false, err
   107  	}
   108  
   109  	if len(versions.Values()) > 0 {
   110  		return true, nil
   111  	}
   112  	return false, nil
   113  }
   114  
   115  // GetKeyVaultClientE creates a KeyVault client.
   116  func GetKeyVaultClientE() (*keyvault.BaseClient, error) {
   117  	kvClient := keyvault.New()
   118  	authorizer, err := NewKeyVaultAuthorizerE()
   119  	if err != nil {
   120  		return nil, err
   121  	}
   122  	kvClient.Authorizer = *authorizer
   123  	return &kvClient, nil
   124  }
   125  
   126  // NewKeyVaultAuthorizerE will return dataplane Authorizer for KeyVault.
   127  func NewKeyVaultAuthorizerE() (*autorest.Authorizer, error) {
   128  	// Carry out env var lookups
   129  	_, clientIDExists := os.LookupEnv(AuthFromEnvClient)
   130  	_, tenantIDExists := os.LookupEnv(AuthFromEnvTenant)
   131  	_, fileAuthSet := os.LookupEnv(AuthFromFile)
   132  
   133  	// Execute logic to return an authorizer from the correct method
   134  	if clientIDExists && tenantIDExists {
   135  		authorizer, err := kvauth.NewAuthorizerFromEnvironment()
   136  		return &authorizer, err
   137  	} else if fileAuthSet {
   138  		authorizer, err := kvauth.NewAuthorizerFromFile()
   139  		return &authorizer, err
   140  	} else {
   141  		authorizer, err := kvauth.NewAuthorizerFromCLI()
   142  		return &authorizer, err
   143  	}
   144  }
   145  
   146  // GetKeyVault is a helper function that gets the keyvault management object.
   147  // This function would fail the test if there is an error.
   148  func GetKeyVault(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) *kvmng.Vault {
   149  	keyVault, err := GetKeyVaultE(t, resGroupName, keyVaultName, subscriptionID)
   150  	require.NoError(t, err)
   151  
   152  	return keyVault
   153  }
   154  
   155  // GetKeyVaultE is a helper function that gets the keyvault management object.
   156  func GetKeyVaultE(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) (*kvmng.Vault, error) {
   157  	// Create akey vault management client
   158  	vaultClient, err := GetKeyVaultManagementClientE(subscriptionID)
   159  	if err != nil {
   160  		return nil, err
   161  	}
   162  
   163  	//Get the corresponding server client
   164  	keyVault, err := vaultClient.Get(context.Background(), resGroupName, keyVaultName)
   165  	if err != nil {
   166  		return nil, err
   167  	}
   168  
   169  	//Return keyvault
   170  	return &keyVault, nil
   171  }
   172  
   173  // GetKeyVaultManagementClientE is a helper function that will setup a key vault management client
   174  func GetKeyVaultManagementClientE(subscriptionID string) (*kvmng.VaultsClient, error) {
   175  	// Create a keyvault management client
   176  	vaultClient, err := CreateKeyVaultManagementClientE(subscriptionID)
   177  	if err != nil {
   178  		return nil, err
   179  	}
   180  
   181  	// Create an authorizer
   182  	authorizer, err := NewAuthorizer()
   183  	if err != nil {
   184  		return nil, err
   185  	}
   186  
   187  	// Attach authorizer to the client
   188  	vaultClient.Authorizer = *authorizer
   189  
   190  	return vaultClient, nil
   191  }