async def test_managed_identity_live(live_managed_identity_config):
credential = ManagedIdentityCredential(
client_id=live_managed_identity_config["client_id"])
# do something with Key Vault to verify the credential can get a valid token
client = SecretClient(live_managed_identity_config["vault_url"],
credential,
logging_enable=True)
async for _ in client.list_properties_of_secrets():
pass
class ListSecretsTest(PerfStressTest):
def __init__(self, arguments):
super().__init__(arguments)
# Auth configuration
self.credential = DefaultAzureCredential()
self.async_credential = AsyncDefaultAzureCredential()
# Create clients
vault_url = self.get_from_env("AZURE_KEYVAULT_URL")
self.client = SecretClient(vault_url, self.credential, **self._client_kwargs)
self.async_client = AsyncSecretClient(vault_url, self.async_credential, **self._client_kwargs)
self.secret_names = ["livekvtestlistperfsecret{}".format(i) for i in range(self.args.list_size)]
async def global_setup(self):
"""The global setup is run only once."""
await super().global_setup()
create = [self.async_client.set_secret(name, "secret-value") for name in self.secret_names]
await asyncio.wait(create)
async def global_cleanup(self):
"""The global cleanup is run only once."""
delete = [self.async_client.delete_secret(name) for name in self.secret_names]
await asyncio.wait(delete)
purge = [self.async_client.purge_deleted_secret(name) for name in self.secret_names]
await asyncio.wait(purge)
await super().global_cleanup()
async def close(self):
"""This is run after cleanup."""
await self.async_client.close()
await self.async_credential.close()
await super().close()
def run_sync(self):
"""The synchronous perf test."""
secret_properties = self.client.list_properties_of_secrets()
# enumerate secrets to exercise paging code
list(secret_properties)
async def run_async(self):
"""The asynchronous perf test."""
secret_properties = self.async_client.list_properties_of_secrets()
# enumerate secrets to exercise paging code
async for _ in secret_properties:
pass
@staticmethod
def add_arguments(parser):
super(ListSecretsTest, ListSecretsTest).add_arguments(parser)
parser.add_argument(
'--list-size', nargs='?', type=int, help='Number of secrets to list. Defaults to 10', default=10
)
class ListSecretsTest(PerfStressTest):
def __init__(self, arguments):
super().__init__(arguments)
# Auth configuration
self.credential = DefaultAzureCredential()
self.async_credential = AsyncDefaultAzureCredential()
# Create clients
vault_url = self.get_from_env("AZURE_KEYVAULT_URL")
self.client = SecretClient(vault_url, self.credential,
**self._client_kwargs)
self.async_client = AsyncSecretClient(vault_url, self.async_credential,
**self._client_kwargs)
self.secret_names = [
"livekvtestlistperfsecret{}".format(i)
for i in range(self.args.count)
]
async def global_setup(self):
"""The global setup is run only once."""
# Validate that vault contains 0 secrets (including soft-deleted secrets), since additional secrets
# (including soft-deleted) impact performance.
async for secret in self.async_client.list_properties_of_secrets():
raise Exception(
"KeyVault %s must contain 0 secrets (including soft-deleted) before starting perf test"
% self.async_client.vault_url)
async for secret in self.async_client.list_deleted_secrets():
raise Exception(
"KeyVault %s must contain 0 secrets (including soft-deleted) before starting perf test"
% self.async_client.vault_url)
await super().global_setup()
create = [
self.async_client.set_secret(name, "secret-value")
for name in self.secret_names
]
await asyncio.wait(create)
async def global_cleanup(self):
"""The global cleanup is run only once."""
delete = [
self.async_client.delete_secret(name) for name in self.secret_names
]
await asyncio.wait(delete)
purge = [
self.async_client.purge_deleted_secret(name)
for name in self.secret_names
]
await asyncio.wait(purge)
await super().global_cleanup()
async def close(self):
"""This is run after cleanup."""
await self.async_client.close()
await self.async_credential.close()
await super().close()
def run_sync(self):
"""The synchronous perf test."""
secret_properties = self.client.list_properties_of_secrets()
# enumerate secrets to exercise paging code
list(secret_properties)
async def run_async(self):
"""The asynchronous perf test."""
secret_properties = self.async_client.list_properties_of_secrets()
# enumerate secrets to exercise paging code
async for _ in secret_properties:
pass
@staticmethod
def add_arguments(parser):
super(ListSecretsTest, ListSecretsTest).add_arguments(parser)
parser.add_argument("--count",
nargs="?",
type=int,
help="Number of secrets to list. Defaults to 10",
default=10)
async def run_sample():
# Instantiate a secret client that will be used to call the service.
# Notice that the client is using default Azure credentials.
# To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
# 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials.
VAULT_URL = os.environ["VAULT_URL"]
credential = DefaultAzureCredential()
client = SecretClient(vault_url=VAULT_URL, credential=credential)
try:
# Let's create secrets holding storage and bank accounts credentials. If the secret
# already exists in the Key Vault, then a new version of the secret is created.
print("\n.. Create Secret")
bank_secret = await client.set_secret("listOpsBankSecretName",
"listOpsSecretValue1")
storage_secret = await client.set_secret("listOpsStorageSecretName",
"listOpsSecretValue2")
print("Secret with name '{0}' was created.".format(bank_secret.name))
print("Secret with name '{0}' was created.".format(
storage_secret.name))
# You need to check if any of the secrets are sharing same values.
# Let's list the secrets and print their values.
# List operations don 't return the secrets with value information.
# So, for each returned secret we call get_secret to get the secret with its value information.
print("\n.. List secrets from the Key Vault")
secrets = client.list_properties_of_secrets()
async for secret in secrets:
retrieved_secret = await client.get_secret(secret.name)
print("Secret with name '{0}' with value '{1}' was found.".format(
retrieved_secret.name, retrieved_secret.value))
# The bank account password got updated, so you want to update the secret in Key Vault to ensure it reflects the
# new password. Calling set_secret on an existing secret creates a new version of the secret in the Key Vault
# with the new value.
updated_secret = await client.set_secret(bank_secret.name,
"newSecretValue")
print("Secret with name '{0}' was updated with new value '{1}'".format(
updated_secret.name, updated_secret.value))
# You need to check all the different values your bank account password secret had previously. Lets print all
# the versions of this secret.
print("\n.. List versions of the secret using its name")
secret_versions = client.list_properties_of_secret_versions(
bank_secret.name)
async for secret in secret_versions:
print("Bank Secret with name '{0}' has version: '{1}'".format(
secret.name, secret.version))
# The bank account and storage accounts got closed. Let's delete bank and storage accounts secrets.
print("\n.. Deleting secrets...")
await client.delete_secret(bank_secret.name)
await client.delete_secret(storage_secret.name)
# You can list all the deleted and non-purged secrets, assuming Key Vault is soft-delete enabled.
print("\n.. List deleted secrets from the Key Vault")
deleted_secrets = client.list_deleted_secrets()
async for deleted_secret in deleted_secrets:
print("Secret with name '{0}' has recovery id '{1}'".format(
deleted_secret.name, deleted_secret.recovery_id))
except HttpResponseError as e:
if "(NotSupported)" in e.message:
print(
"\n{0} Please enable soft-delete on Key Vault to perform this operation."
.format(e.message))
else:
print("\nrun_sample has caught an error. {0}".format(e.message))
finally:
print("\nrun_sample done")
await credential.close()
await client.close()
class AzureHandler(Handler):
class Settings(BaseSettings):
client_id: UUID
client_secret: SecretStr
keyvault_url: HttpUrl
storage_blob_url: HttpUrl
tenant_id: UUID
storage_name: str
storage_share_name: str
storage_sas: SecretStr
def __init__(self, env_file) -> None:
self.settings = AzureHandler.Settings(_env_file=env_file)
self.credential = ClientSecretCredential(
str(self.settings.tenant_id),
str(self.settings.client_id),
self.settings.client_secret.get_secret_value(),
)
# Create File and KeyVault Secret Clients
self.secret_index = {}
self.secretsclient = SecretClient(self.settings.keyvault_url,
self.credential)
self.fileclient = FileService(
self.settings.storage_name,
sas_token=self.settings.storage_sas.get_secret_value(),
)
try:
self.fileclient.create_share("lootmarshal")
self.fileclient.create_directory("lootmarshal", "binary_dumps")
asyncio.create_task(self.build_secret_index())
except Exception as e:
raise e
async def validate(self) -> bool:
try:
if not len(self.fileclient.list_shares(num_results=1)):
raise Exception(
"Azure FileService Client could not list shares! Verify authentication."
)
[p async for p in self.secretsclient.list_properties_of_secrets()]
return True
except Exception as e:
raise e
async def build_secret_index(self):
while True:
try:
self.secret_index = [{
"name": p.name,
"content_type": p.content_type,
"tags": p.tags
} async for p in self.secretsclient.list_properties_of_secrets(
)]
except Exception as e:
raise e
await asyncio.sleep(10)
def write_file(self, directory: str, name: str, file: bytes):
name = f"{name}_{time.strftime('%Y%m%d-%H%M%S')}"
logging.info(
f"Writing {name} ({len(file)} bytes) to {directory}/{name}.")
self.fileclient.create_file_from_bytes(
self.settings.storage_share_name, directory, name, file)
async def read_secret(self, name) -> dict:
try:
secret = await self.secretsclient.get_secret(name)
formatted = {
"name": secret.name,
"value": secret.value,
"content_type": secret.properties.content_type,
"tags": secret.properties.tags,
}
return formatted
except Exception as e:
raise HTTPException(status_code=404, detail=str(e))
async def write_secret(self, name, value, content_type, tags):
try:
return await self.secretsclient.set_secret(
name, value, content_type=content_type, tags=tags)
except Exception as e:
raise HTTPException(status_code=404, detail=str(e))
async def list_secrets(self):
try:
secret_list = []
async for props in self.secretsclient.list_properties_of_secrets():
secret = await self.secretsclient.get_secret(props.name)
formatted = {
"name": secret.name,
"value": secret.value,
"content_type": secret.properties.content_type,
"tags": secret.properties.tags,
}
secret_list.append(formatted)
return json.dumps(secret_list, indent=4)
except Exception as e:
raise HTTPException(status_code=404, detail=str(e))
