def _validate(ns): from azure.keyvault.key_vault_id import KeyVaultIdentifier pure_entity_type = entity_type.replace('deleted', '') name = getattr(ns, pure_entity_type + '_name', None) vault = getattr(ns, 'vault_base_url', None) if not vault: vault = getattr(ns, 'hsm_name', None) identifier = getattr(ns, 'identifier', None) if identifier: vault_base_url = getattr(ns, 'vault_base_url', None) hsm_name = getattr(ns, 'hsm_name', None) if vault_base_url: raise CLIError('--vault-name and --id are mutually exclusive.') if hsm_name: raise CLIError('--hsm-name and --id are mutually exclusive.') ident = KeyVaultIdentifier(uri=identifier, collection=entity_type + 's') setattr(ns, pure_entity_type + '_name', ident.name) setattr(ns, 'vault_base_url', ident.vault) if ident.version and hasattr(ns, pure_entity_type + '_version'): setattr(ns, pure_entity_type + '_version', ident.version) elif not (name and vault): raise CLIError( 'incorrect usage: --id ID | --vault-name/--hsm-name VAULT/HSM ' '--name/-n NAME [--version VERSION]')
def __read_kv_from_app_service(cmd, appservice_account, prefix_to_add="", content_type=None): try: key_values = [] from azure.cli.command_modules.appservice.custom import get_app_settings settings = get_app_settings( cmd, resource_group_name=appservice_account["resource_group"], name=appservice_account["name"], slot=None) for item in settings: key = prefix_to_add + item['name'] if validate_import_key(key): tags = {'AppService:SlotSetting': str(item['slotSetting']).lower()} if item['slotSetting'] else {} value = item['value'] # Value will look like one of the following if it is a KeyVault reference: # @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931) # @Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret;SecretVersion=ec96f02080254f109c51a1f14cdb1931) if value and value.strip().lower().startswith(KeyVaultConstants.APPSVC_KEYVAULT_PREFIX.lower()): try: # Strip all whitespaces from value string. # Valid values of SecretUri, VaultName, SecretName or SecretVersion will never have whitespaces. value = value.replace(" ", "") appsvc_value_dict = dict(x.split('=') for x in value[len(KeyVaultConstants.APPSVC_KEYVAULT_PREFIX) + 1: -1].split(';')) appsvc_value_dict = {k.lower(): v for k, v in appsvc_value_dict.items()} secret_identifier = appsvc_value_dict.get('secreturi') if not secret_identifier: # Construct secreturi vault_name = appsvc_value_dict.get('vaultname') secret_name = appsvc_value_dict.get('secretname') secret_version = appsvc_value_dict.get('secretversion') secret_identifier = "https://{0}.vault.azure.net/secrets/{1}/{2}".format(vault_name, secret_name, secret_version) try: from azure.keyvault.key_vault_id import KeyVaultIdentifier # this throws an exception for invalid format of secret identifier KeyVaultIdentifier(uri=secret_identifier) kv = KeyValue(key=key, value=json.dumps({"uri": secret_identifier}, ensure_ascii=False, separators=(',', ':')), tags=tags, content_type=KeyVaultConstants.KEYVAULT_CONTENT_TYPE) key_values.append(kv) continue except (TypeError, ValueError) as e: logger.debug( 'Exception while validating the format of KeyVault identifier. Key "%s" with value "%s" will be treated like a regular key-value.\n%s', key, value, str(e)) except (AttributeError, TypeError, ValueError) as e: logger.debug( 'Key "%s" with value "%s" is not a well-formatted KeyVault reference. It will be treated like a regular key-value.\n%s', key, value, str(e)) elif content_type and __is_json_content_type(content_type): # If appservice values are being imported with JSON content type, # we need to validate that values are in valid JSON format. try: json.loads(value) except ValueError: raise CLIError('Value "{}" for key "{}" is not a valid JSON object, which conflicts with the provided content type "{}".'.format(value, key, content_type)) kv = KeyValue(key=key, value=value, tags=tags) key_values.append(kv) return key_values except Exception as exception: raise CLIError("Failed to read key-values from appservice.\n" + str(exception))
def validate_secret_identifier(namespace): """ Validate the format of keyvault reference secret identifier """ from azure.keyvault.key_vault_id import KeyVaultIdentifier identifier = getattr(namespace, 'secret_identifier', None) try: # this throws an exception for invalid format of secret identifier KeyVaultIdentifier(uri=identifier) except Exception as e: raise CLIError("Received an exception while validating the format of secret identifier.\n{0}".format(str(e)))
def _validate(ns): from azure.keyvault.key_vault_id import KeyVaultIdentifier name = getattr(ns, entity_type.replace('deleted', '') + '_name', None) vault = getattr(ns, 'vault_base_url', None) identifier = getattr(ns, 'identifier', None) if identifier: ident = KeyVaultIdentifier(uri=identifier, collection=entity_type + 's') setattr(ns, entity_type + '_name', ident.name) setattr(ns, 'vault_base_url', ident.vault) if hasattr(ns, entity_type + '_version'): setattr(ns, entity_type + '_version', ident.version) elif not (name and vault): raise CLIError('incorrect usage: --id ID | --vault-name VAULT --name NAME [--version VERSION]')