github.com/mponton/terratest@v0.44.0/modules/azure/keyvault.go (about) 1 package azure 2 3 import ( 4 "context" 5 "fmt" 6 "os" 7 "testing" 8 9 kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth" 10 kvmng "github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2016-10-01/keyvault" 11 "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" 12 "github.com/Azure/go-autorest/autorest" 13 "github.com/stretchr/testify/require" 14 ) 15 16 // KeyVaultSecretExists indicates whether a key vault secret exists; otherwise false 17 // This function would fail the test if there is an error. 18 func KeyVaultSecretExists(t *testing.T, keyVaultName string, secretName string) bool { 19 result, err := KeyVaultSecretExistsE(keyVaultName, secretName) 20 require.NoError(t, err) 21 return result 22 } 23 24 // KeyVaultKeyExists indicates whether a key vault key exists; otherwise false. 25 // This function would fail the test if there is an error. 26 func KeyVaultKeyExists(t *testing.T, keyVaultName string, keyName string) bool { 27 result, err := KeyVaultKeyExistsE(keyVaultName, keyName) 28 require.NoError(t, err) 29 return result 30 } 31 32 // KeyVaultCertificateExists indicates whether a key vault certificate exists; otherwise false. 33 // This function would fail the test if there is an error. 34 func KeyVaultCertificateExists(t *testing.T, keyVaultName string, certificateName string) bool { 35 result, err := KeyVaultCertificateExistsE(keyVaultName, certificateName) 36 require.NoError(t, err) 37 return result 38 } 39 40 // KeyVaultCertificateExistsE indicates whether a certificate exists in key vault; otherwise false. 41 func KeyVaultCertificateExistsE(keyVaultName, certificateName string) (bool, error) { 42 keyVaultSuffix, err := GetKeyVaultURISuffixE() 43 if err != nil { 44 return false, err 45 } 46 client, err := GetKeyVaultClientE() 47 if err != nil { 48 return false, err 49 } 50 maxVersionsCount := int32(1) 51 versions, err := client.GetCertificateVersions(context.Background(), 52 fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix), 53 certificateName, 54 &maxVersionsCount) 55 if err != nil { 56 return false, err 57 } 58 59 if len(versions.Values()) > 0 { 60 return true, nil 61 } 62 return false, nil 63 } 64 65 // KeyVaultKeyExistsE indicates whether a key exists in the key vault; otherwise false. 66 func KeyVaultKeyExistsE(keyVaultName, keyName string) (bool, error) { 67 keyVaultSuffix, err := GetKeyVaultURISuffixE() 68 if err != nil { 69 return false, err 70 } 71 client, err := GetKeyVaultClientE() 72 if err != nil { 73 return false, err 74 } 75 maxVersionsCount := int32(1) 76 versions, err := client.GetKeyVersions(context.Background(), 77 fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix), 78 keyName, 79 &maxVersionsCount) 80 if err != nil { 81 return false, err 82 } 83 84 if len(versions.Values()) > 0 { 85 return true, nil 86 } 87 return false, nil 88 } 89 90 // KeyVaultSecretExistsE indicates whether a secret exists in the key vault; otherwise false. 91 func KeyVaultSecretExistsE(keyVaultName, secretName string) (bool, error) { 92 client, err := GetKeyVaultClientE() 93 if err != nil { 94 return false, err 95 } 96 keyVaultSuffix, err := GetKeyVaultURISuffixE() 97 if err != nil { 98 return false, err 99 } 100 maxVersionsCount := int32(1) 101 versions, err := client.GetSecretVersions(context.Background(), 102 fmt.Sprintf("https://%s.%s", keyVaultName, keyVaultSuffix), 103 secretName, 104 &maxVersionsCount) 105 if err != nil { 106 return false, err 107 } 108 109 if len(versions.Values()) > 0 { 110 return true, nil 111 } 112 return false, nil 113 } 114 115 // GetKeyVaultClientE creates a KeyVault client. 116 func GetKeyVaultClientE() (*keyvault.BaseClient, error) { 117 kvClient := keyvault.New() 118 authorizer, err := NewKeyVaultAuthorizerE() 119 if err != nil { 120 return nil, err 121 } 122 kvClient.Authorizer = *authorizer 123 return &kvClient, nil 124 } 125 126 // NewKeyVaultAuthorizerE will return dataplane Authorizer for KeyVault. 127 func NewKeyVaultAuthorizerE() (*autorest.Authorizer, error) { 128 // Carry out env var lookups 129 _, clientIDExists := os.LookupEnv(AuthFromEnvClient) 130 _, tenantIDExists := os.LookupEnv(AuthFromEnvTenant) 131 _, fileAuthSet := os.LookupEnv(AuthFromFile) 132 133 // Execute logic to return an authorizer from the correct method 134 if clientIDExists && tenantIDExists { 135 authorizer, err := kvauth.NewAuthorizerFromEnvironment() 136 return &authorizer, err 137 } else if fileAuthSet { 138 authorizer, err := kvauth.NewAuthorizerFromFile() 139 return &authorizer, err 140 } else { 141 authorizer, err := kvauth.NewAuthorizerFromCLI() 142 return &authorizer, err 143 } 144 } 145 146 // GetKeyVault is a helper function that gets the keyvault management object. 147 // This function would fail the test if there is an error. 148 func GetKeyVault(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) *kvmng.Vault { 149 keyVault, err := GetKeyVaultE(t, resGroupName, keyVaultName, subscriptionID) 150 require.NoError(t, err) 151 152 return keyVault 153 } 154 155 // GetKeyVaultE is a helper function that gets the keyvault management object. 156 func GetKeyVaultE(t *testing.T, resGroupName string, keyVaultName string, subscriptionID string) (*kvmng.Vault, error) { 157 // Create akey vault management client 158 vaultClient, err := GetKeyVaultManagementClientE(subscriptionID) 159 if err != nil { 160 return nil, err 161 } 162 163 //Get the corresponding server client 164 keyVault, err := vaultClient.Get(context.Background(), resGroupName, keyVaultName) 165 if err != nil { 166 return nil, err 167 } 168 169 //Return keyvault 170 return &keyVault, nil 171 } 172 173 // GetKeyVaultManagementClientE is a helper function that will setup a key vault management client 174 func GetKeyVaultManagementClientE(subscriptionID string) (*kvmng.VaultsClient, error) { 175 // Create a keyvault management client 176 vaultClient, err := CreateKeyVaultManagementClientE(subscriptionID) 177 if err != nil { 178 return nil, err 179 } 180 181 // Create an authorizer 182 authorizer, err := NewAuthorizer() 183 if err != nil { 184 return nil, err 185 } 186 187 // Attach authorizer to the client 188 vaultClient.Authorizer = *authorizer 189 190 return vaultClient, nil 191 }