async def test_policy(self, client, **kwargs):
cert_name = "policyCertificate"
cert_policy = CertificatePolicy(
issuer_name="Self",
subject="CN=DefaultPolicy",
exportable=True,
key_type=KeyType.rsa,
key_size=2048,
reuse_key=True,
enhanced_key_usage=["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"],
key_usage=[KeyUsageType.decipher_only],
content_type=CertificateContentType.pkcs12,
validity_in_months=12,
lifetime_actions=[LifetimeAction(action=CertificatePolicyAction.email_contacts, lifetime_percentage=98)],
certificate_transparency=False,
san_dns_names=["sdk.azure-int.net"],
)
# get certificate policy
await client.create_certificate(cert_name, cert_policy)
returned_policy = await client.get_certificate_policy(certificate_name=cert_name)
self._validate_certificate_policy(cert_policy, returned_policy)
cert_policy._key_type = KeyType.ec
cert_policy._key_size = 256
cert_policy._key_curve_name = KeyCurveName.p_256
returned_policy = await client.update_certificate_policy(certificate_name=cert_name, policy=cert_policy)
self._validate_certificate_policy(cert_policy, returned_policy)
async def test_crud_operations(self, azure_keyvault_url, **kwargs):
client = self.create_client(azure_keyvault_url)
cert_name = self.get_resource_name("cert")
lifetime_actions = [LifetimeAction(lifetime_percentage=80, action=CertificatePolicyAction.auto_renew)]
cert_policy = CertificatePolicy(
issuer_name="Self",
subject="CN=DefaultPolicy",
exportable=True,
key_type=KeyType.rsa,
key_size=2048,
reuse_key=False,
content_type=CertificateContentType.pkcs12,
lifetime_actions=lifetime_actions,
validity_in_months=12,
key_usage=[KeyUsageType.digital_signature, KeyUsageType.key_encipherment],
)
# create certificate
cert = await client.create_certificate(certificate_name=cert_name, policy=CertificatePolicy.get_default())
self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy)
self.assertEqual(
(await client.get_certificate_operation(certificate_name=cert_name)).status.lower(), "completed"
)
# get certificate
cert = await client.get_certificate(certificate_name=cert_name)
self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy)
# update certificate, ensuring the new updated_on value is at least one second later than the original
if self.is_live:
await asyncio.sleep(1)
tags = {"tag1": "updated_value1"}
updated_cert = await client.update_certificate_properties(cert_name, tags=tags)
self._validate_certificate_bundle(cert=updated_cert, cert_name=cert_name, cert_policy=cert_policy)
self.assertEqual(tags, updated_cert.properties.tags)
self.assertEqual(cert.id, updated_cert.id)
self.assertNotEqual(cert.properties.updated_on, updated_cert.properties.updated_on)
# delete certificate
deleted_cert_bundle = await client.delete_certificate(certificate_name=cert_name)
self._validate_certificate_bundle(cert=deleted_cert_bundle, cert_name=cert_name, cert_policy=cert_policy)
# get certificate returns not found
try:
await client.get_certificate_version(cert_name, deleted_cert_bundle.properties.version)
self.fail("Get should fail")
except Exception as ex:
if not hasattr(ex, "message") or "not found" not in ex.message.lower():
raise ex
def test_crud_operations(self, vault_client, **kwargs):
self.assertIsNotNone(vault_client)
client = vault_client.certificates
cert_name = self.get_resource_name("cert")
lifetime_actions = [
LifetimeAction(lifetime_percentage=80,
action=CertificatePolicyAction.auto_renew)
]
cert_policy = CertificatePolicy(
issuer_name="Self",
subject="CN=DefaultPolicy",
exportable=True,
key_type=KeyType.rsa,
key_size=2048,
reuse_key=False,
content_type=CertificateContentType.pkcs12,
lifetime_actions=lifetime_actions,
validity_in_months=12,
key_usage=[
KeyUsageType.digital_signature, KeyUsageType.key_encipherment
])
polling_interval = 0 if self.is_playback() else None
# create certificate
certificate = client.begin_create_certificate(
cert_name,
CertificatePolicy.get_default(),
_polling_interval=polling_interval).result()
self._validate_certificate_bundle(cert=certificate,
cert_name=cert_name,
cert_policy=cert_policy)
self.assertEqual(
client.get_certificate_operation(
certificate_name=cert_name).status.lower(), "completed")
# get certificate
cert = client.get_certificate(certificate_name=cert_name)
self._validate_certificate_bundle(cert=cert,
cert_name=cert_name,
cert_policy=cert_policy)
# update certificate
tags = {"tag1": "updated_value1"}
cert_bundle = client.update_certificate_properties(cert_name,
tags=tags)
self._validate_certificate_bundle(cert=cert_bundle,
cert_name=cert_name,
cert_policy=cert_policy)
self.assertEqual(tags, cert_bundle.properties.tags)
self.assertEqual(cert.id, cert_bundle.id)
self.assertNotEqual(cert.properties.updated_on,
cert_bundle.properties.updated_on)
# delete certificate
delete_cert_poller = client.begin_delete_certificate(
cert_name, _polling_interval=polling_interval)
deleted_cert_bundle = delete_cert_poller.result()
self._validate_certificate_bundle(cert=deleted_cert_bundle,
cert_name=cert_name,
cert_policy=cert_policy)
delete_cert_poller.wait()
# get certificate returns not found
try:
client.get_certificate_version(
cert_name, deleted_cert_bundle.properties.version)
self.fail("Get should fail")
except Exception as ex:
if not hasattr(ex,
"message") or "not found" not in ex.message.lower():
raise ex
# - You get when you use the CLI 2.0: az keyvault certificate get-default-policy
DEFAULT_POLICY = CertificatePolicy(
'Self',
exportable=True,
key_type='RSA',
key_size=2048,
reuse_key=True,
content_type='application/x-pkcs12',
subject='CN=CLIGetDefaultPolicy',
validity_in_months=12,
key_usage=[
"cRLSign", "dataEncipherment", "digitalSignature", "keyEncipherment",
"keyAgreement", "keyCertSign"
],
lifetime_actions=[
LifetimeAction(action=CertificatePolicyAction.auto_renew,
days_before_expiry=90)
])
# Network
VNET_NAME = 'azure-sample-vnet'
SUBNET_NAME = 'azure-sample-subnet'
PUBLIC_IP_NAME = 'azure-sample-pip'
NIC_NAME = 'azure-sample-nic'
IP_CONFIG_NAME = 'azure-sample-ip-config'
# VM
VM_NAME = 'azuretestmsi'
ADMIN_LOGIN = '******'
ADMIN_PASSWORD = '******' + GROUP_NAME
