Ejemplo n.º 1
0
    def test_crud_operations(self, vault_client, **kwargs):
        self.assertIsNotNone(vault_client)
        client = vault_client.certificates
        cert_name = self.get_resource_name("cert")
        lifetime_actions = [
            LifetimeAction(trigger=Trigger(lifetime_percentage=80), action=Action(action_type=ActionType.auto_renew))
        ]
        cert_policy = CertificatePolicyGenerated(
            key_properties=KeyProperties(exportable=True, key_type="RSA", key_size=2048, reuse_key=False),
            secret_properties=SecretProperties(content_type="application/x-pkcs12"),
            issuer_parameters=IssuerParameters(name="Self"),
            lifetime_actions=lifetime_actions,
            x509_certificate_properties=X509CertificateProperties(
                subject="CN=DefaultPolicy", validity_in_months=12, key_usage=["digitalSignature", "keyEncipherment"]
            ),
        )

        polling_interval = 0 if self.is_playback() else None

        # create certificate
        certificate = client.begin_create_certificate(
            certificate_name=cert_name, policy=CertificatePolicy.get_default(), _polling_interval=polling_interval
        ).result()
        self._validate_certificate_bundle(cert=certificate, cert_name=cert_name, cert_policy=cert_policy)

        self.assertEqual(client.get_certificate_operation(certificate_name=cert_name).status.lower(), "completed")

        # get certificate
        cert = client.get_certificate(certificate_name=cert_name)
        self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy)

        # update certificate
        tags = {"tag1": "updated_value1"}
        cert_bundle = client.update_certificate_properties(
            certificate_name=cert_name, tags=tags
        )
        self._validate_certificate_bundle(cert=cert_bundle, cert_name=cert_name, cert_policy=cert_policy)
        self.assertEqual(tags, cert_bundle.properties.tags)
        self.assertEqual(cert.id, cert_bundle.id)
        self.assertNotEqual(cert.properties.updated_on, cert_bundle.properties.updated_on)

        # delete certificate
        delete_cert_poller = client.begin_delete_certificate(
            certificate_name=cert_name, _polling_interval=polling_interval
        )
        deleted_cert_bundle = delete_cert_poller.result()
        self._validate_certificate_bundle(cert=deleted_cert_bundle, cert_name=cert_name, cert_policy=cert_policy)
        delete_cert_poller.wait()

        # get certificate returns not found
        try:
            client.get_certificate_version(certificate_name=cert_name, version=deleted_cert_bundle.properties.version)
            self.fail("Get should fail")
        except Exception as ex:
            if not hasattr(ex, "message") or "not found" not in ex.message.lower():
                raise ex
Ejemplo n.º 2
0
    async def test_backup_restore(self, vault_client, **kwargs):
        self.assertIsNotNone(vault_client)
        client = vault_client.certificates
        cert_name = self.get_resource_name("cert")
        lifetime_actions = [
            LifetimeAction(
                trigger=Trigger(lifetime_percentage=2),
                action=Action(action_type=ActionType.email_contacts))
        ]
        cert_policy = CertificatePolicyGenerated(
            key_properties=KeyProperties(exportable=True,
                                         key_type="RSA",
                                         key_size=2048,
                                         reuse_key=False),
            secret_properties=SecretProperties(
                content_type="application/x-pkcs12"),
            issuer_parameters=IssuerParameters(name="Self"),
            lifetime_actions=lifetime_actions,
            x509_certificate_properties=X509CertificateProperties(
                subject="CN=*.microsoft.com",
                # commented out for now because of server side bug not
                # restoring san dns names
                # subject_alternative_names=SubjectAlternativeNames(
                #     dns_names=['sdk.azure-int.net']
                # ),
                validity_in_months=24,
            ),
        )

        polling_interval = 0 if self.is_playback() else None

        # create certificate
        await client.create_certificate(
            certificate_name=cert_name,
            policy=CertificatePolicy._from_certificate_policy_bundle(
                cert_policy),
            _polling_interval=polling_interval)

        # create a backup
        certificate_backup = await client.backup_certificate(
            certificate_name=cert_name)

        # delete the certificate
        await client.delete_certificate(certificate_name=cert_name,
                                        _polling_interval=polling_interval)

        # restore certificate
        restored_certificate = await client.restore_certificate_backup(
            backup=certificate_backup)
        self._validate_certificate_bundle(cert=restored_certificate,
                                          vault=client.vault_url,
                                          cert_name=cert_name,
                                          cert_policy=cert_policy)
Ejemplo n.º 3
0
    async def test_crud_operations(self, vault_client, **kwargs):
        self.assertIsNotNone(vault_client)
        client = vault_client.certificates
        cert_name = self.get_resource_name("cert")
        lifetime_actions = [
            LifetimeAction(
                trigger=Trigger(lifetime_percentage=2),
                action=Action(action_type=ActionType.email_contacts))
        ]
        cert_policy = CertificatePolicyGenerated(
            key_properties=KeyProperties(exportable=True,
                                         key_type='RSA',
                                         key_size=2048,
                                         reuse_key=True),
            secret_properties=SecretProperties(
                content_type='application/x-pkcs12'),
            issuer_parameters=IssuerParameters(name='Self'),
            lifetime_actions=lifetime_actions,
            x509_certificate_properties=X509CertificateProperties(
                subject='CN=DefaultPolicy',
                validity_in_months=12,
                key_usage=[
                    "cRLSign", "dataEncipherment", "digitalSignature",
                    "keyAgreement", "keyCertSign", "keyEncipherment"
                ]))

        # create certificate
        create_certificate_poller = await client.create_certificate(
            name=cert_name)
        cert = await create_certificate_poller

        self._validate_certificate_bundle(cert=cert,
                                          vault=client.vault_url,
                                          cert_name=cert_name,
                                          cert_policy=cert_policy)

        self.assertEqual(
            (await
             client.get_certificate_operation(name=cert_name)).status.lower(),
            'completed')

        # get certificate
        cert = await client.get_certificate_with_policy(name=cert_name)
        self._validate_certificate_bundle(cert=cert,
                                          vault=client.vault_url,
                                          cert_name=cert_name,
                                          cert_policy=cert_policy)

        # update certificate
        tags = {'tag1': 'updated_value1'}
        cert_bundle = await client.update_certificate_properties(
            name=cert_name, tags=tags)
        self._validate_certificate_bundle(cert=cert_bundle,
                                          vault=client.vault_url,
                                          cert_name=cert_name,
                                          cert_policy=cert_policy)
        self.assertEqual(tags, cert_bundle.properties.tags)
        self.assertEqual(cert.id, cert_bundle.id)
        self.assertNotEqual(cert.properties.updated,
                            cert_bundle.properties.updated)

        # delete certificate
        deleted_cert_bundle = await client.delete_certificate(name=cert_name)
        self._validate_certificate_bundle(cert=deleted_cert_bundle,
                                          vault=client.vault_url,
                                          cert_name=cert_name,
                                          cert_policy=cert_policy)

        # get certificate returns not found
        try:
            await client.get_certificate(
                name=cert_name, version=deleted_cert_bundle.properties.version)
            self.fail('Get should fail')
        except Exception as ex:
            if not hasattr(ex,
                           'message') or 'not found' not in ex.message.lower():
                raise ex