async def test_policy(self, client, **kwargs): cert_name = "policyCertificate" cert_policy = CertificatePolicy( issuer_name="Self", subject="CN=DefaultPolicy", exportable=True, key_type=KeyType.rsa, key_size=2048, reuse_key=True, enhanced_key_usage=["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2"], key_usage=[KeyUsageType.decipher_only], content_type=CertificateContentType.pkcs12, validity_in_months=12, lifetime_actions=[LifetimeAction(action=CertificatePolicyAction.email_contacts, lifetime_percentage=98)], certificate_transparency=False, san_dns_names=["sdk.azure-int.net"], ) # get certificate policy await client.create_certificate(cert_name, cert_policy) returned_policy = await client.get_certificate_policy(certificate_name=cert_name) self._validate_certificate_policy(cert_policy, returned_policy) cert_policy._key_type = KeyType.ec cert_policy._key_size = 256 cert_policy._key_curve_name = KeyCurveName.p_256 returned_policy = await client.update_certificate_policy(certificate_name=cert_name, policy=cert_policy) self._validate_certificate_policy(cert_policy, returned_policy)
async def test_crud_operations(self, azure_keyvault_url, **kwargs): client = self.create_client(azure_keyvault_url) cert_name = self.get_resource_name("cert") lifetime_actions = [LifetimeAction(lifetime_percentage=80, action=CertificatePolicyAction.auto_renew)] cert_policy = CertificatePolicy( issuer_name="Self", subject="CN=DefaultPolicy", exportable=True, key_type=KeyType.rsa, key_size=2048, reuse_key=False, content_type=CertificateContentType.pkcs12, lifetime_actions=lifetime_actions, validity_in_months=12, key_usage=[KeyUsageType.digital_signature, KeyUsageType.key_encipherment], ) # create certificate cert = await client.create_certificate(certificate_name=cert_name, policy=CertificatePolicy.get_default()) self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy) self.assertEqual( (await client.get_certificate_operation(certificate_name=cert_name)).status.lower(), "completed" ) # get certificate cert = await client.get_certificate(certificate_name=cert_name) self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy) # update certificate, ensuring the new updated_on value is at least one second later than the original if self.is_live: await asyncio.sleep(1) tags = {"tag1": "updated_value1"} updated_cert = await client.update_certificate_properties(cert_name, tags=tags) self._validate_certificate_bundle(cert=updated_cert, cert_name=cert_name, cert_policy=cert_policy) self.assertEqual(tags, updated_cert.properties.tags) self.assertEqual(cert.id, updated_cert.id) self.assertNotEqual(cert.properties.updated_on, updated_cert.properties.updated_on) # delete certificate deleted_cert_bundle = await client.delete_certificate(certificate_name=cert_name) self._validate_certificate_bundle(cert=deleted_cert_bundle, cert_name=cert_name, cert_policy=cert_policy) # get certificate returns not found try: await client.get_certificate_version(cert_name, deleted_cert_bundle.properties.version) self.fail("Get should fail") except Exception as ex: if not hasattr(ex, "message") or "not found" not in ex.message.lower(): raise ex
def test_crud_operations(self, vault_client, **kwargs): self.assertIsNotNone(vault_client) client = vault_client.certificates cert_name = self.get_resource_name("cert") lifetime_actions = [ LifetimeAction(lifetime_percentage=80, action=CertificatePolicyAction.auto_renew) ] cert_policy = CertificatePolicy( issuer_name="Self", subject="CN=DefaultPolicy", exportable=True, key_type=KeyType.rsa, key_size=2048, reuse_key=False, content_type=CertificateContentType.pkcs12, lifetime_actions=lifetime_actions, validity_in_months=12, key_usage=[ KeyUsageType.digital_signature, KeyUsageType.key_encipherment ]) polling_interval = 0 if self.is_playback() else None # create certificate certificate = client.begin_create_certificate( cert_name, CertificatePolicy.get_default(), _polling_interval=polling_interval).result() self._validate_certificate_bundle(cert=certificate, cert_name=cert_name, cert_policy=cert_policy) self.assertEqual( client.get_certificate_operation( certificate_name=cert_name).status.lower(), "completed") # get certificate cert = client.get_certificate(certificate_name=cert_name) self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy) # update certificate tags = {"tag1": "updated_value1"} cert_bundle = client.update_certificate_properties(cert_name, tags=tags) self._validate_certificate_bundle(cert=cert_bundle, cert_name=cert_name, cert_policy=cert_policy) self.assertEqual(tags, cert_bundle.properties.tags) self.assertEqual(cert.id, cert_bundle.id) self.assertNotEqual(cert.properties.updated_on, cert_bundle.properties.updated_on) # delete certificate delete_cert_poller = client.begin_delete_certificate( cert_name, _polling_interval=polling_interval) deleted_cert_bundle = delete_cert_poller.result() self._validate_certificate_bundle(cert=deleted_cert_bundle, cert_name=cert_name, cert_policy=cert_policy) delete_cert_poller.wait() # get certificate returns not found try: client.get_certificate_version( cert_name, deleted_cert_bundle.properties.version) self.fail("Get should fail") except Exception as ex: if not hasattr(ex, "message") or "not found" not in ex.message.lower(): raise ex
# - You get when you use the CLI 2.0: az keyvault certificate get-default-policy DEFAULT_POLICY = CertificatePolicy( 'Self', exportable=True, key_type='RSA', key_size=2048, reuse_key=True, content_type='application/x-pkcs12', subject='CN=CLIGetDefaultPolicy', validity_in_months=12, key_usage=[ "cRLSign", "dataEncipherment", "digitalSignature", "keyEncipherment", "keyAgreement", "keyCertSign" ], lifetime_actions=[ LifetimeAction(action=CertificatePolicyAction.auto_renew, days_before_expiry=90) ]) # Network VNET_NAME = 'azure-sample-vnet' SUBNET_NAME = 'azure-sample-subnet' PUBLIC_IP_NAME = 'azure-sample-pip' NIC_NAME = 'azure-sample-nic' IP_CONFIG_NAME = 'azure-sample-ip-config' # VM VM_NAME = 'azuretestmsi' ADMIN_LOGIN = '******' ADMIN_PASSWORD = '******' + GROUP_NAME