def test_crud_operations(self, vault_client, **kwargs):
self.assertIsNotNone(vault_client)
client = vault_client.certificates
cert_name = self.get_resource_name("cert")
lifetime_actions = [
LifetimeAction(trigger=Trigger(lifetime_percentage=80), action=Action(action_type=ActionType.auto_renew))
]
cert_policy = CertificatePolicyGenerated(
key_properties=KeyProperties(exportable=True, key_type="RSA", key_size=2048, reuse_key=False),
secret_properties=SecretProperties(content_type="application/x-pkcs12"),
issuer_parameters=IssuerParameters(name="Self"),
lifetime_actions=lifetime_actions,
x509_certificate_properties=X509CertificateProperties(
subject="CN=DefaultPolicy", validity_in_months=12, key_usage=["digitalSignature", "keyEncipherment"]
),
)
polling_interval = 0 if self.is_playback() else None
# create certificate
certificate = client.begin_create_certificate(
certificate_name=cert_name, policy=CertificatePolicy.get_default(), _polling_interval=polling_interval
).result()
self._validate_certificate_bundle(cert=certificate, cert_name=cert_name, cert_policy=cert_policy)
self.assertEqual(client.get_certificate_operation(certificate_name=cert_name).status.lower(), "completed")
# get certificate
cert = client.get_certificate(certificate_name=cert_name)
self._validate_certificate_bundle(cert=cert, cert_name=cert_name, cert_policy=cert_policy)
# update certificate
tags = {"tag1": "updated_value1"}
cert_bundle = client.update_certificate_properties(
certificate_name=cert_name, tags=tags
)
self._validate_certificate_bundle(cert=cert_bundle, cert_name=cert_name, cert_policy=cert_policy)
self.assertEqual(tags, cert_bundle.properties.tags)
self.assertEqual(cert.id, cert_bundle.id)
self.assertNotEqual(cert.properties.updated_on, cert_bundle.properties.updated_on)
# delete certificate
delete_cert_poller = client.begin_delete_certificate(
certificate_name=cert_name, _polling_interval=polling_interval
)
deleted_cert_bundle = delete_cert_poller.result()
self._validate_certificate_bundle(cert=deleted_cert_bundle, cert_name=cert_name, cert_policy=cert_policy)
delete_cert_poller.wait()
# get certificate returns not found
try:
client.get_certificate_version(certificate_name=cert_name, version=deleted_cert_bundle.properties.version)
self.fail("Get should fail")
except Exception as ex:
if not hasattr(ex, "message") or "not found" not in ex.message.lower():
raise ex
async def test_backup_restore(self, vault_client, **kwargs):
self.assertIsNotNone(vault_client)
client = vault_client.certificates
cert_name = self.get_resource_name("cert")
lifetime_actions = [
LifetimeAction(
trigger=Trigger(lifetime_percentage=2),
action=Action(action_type=ActionType.email_contacts))
]
cert_policy = CertificatePolicyGenerated(
key_properties=KeyProperties(exportable=True,
key_type="RSA",
key_size=2048,
reuse_key=False),
secret_properties=SecretProperties(
content_type="application/x-pkcs12"),
issuer_parameters=IssuerParameters(name="Self"),
lifetime_actions=lifetime_actions,
x509_certificate_properties=X509CertificateProperties(
subject="CN=*.microsoft.com",
# commented out for now because of server side bug not
# restoring san dns names
# subject_alternative_names=SubjectAlternativeNames(
# dns_names=['sdk.azure-int.net']
# ),
validity_in_months=24,
),
)
polling_interval = 0 if self.is_playback() else None
# create certificate
await client.create_certificate(
certificate_name=cert_name,
policy=CertificatePolicy._from_certificate_policy_bundle(
cert_policy),
_polling_interval=polling_interval)
# create a backup
certificate_backup = await client.backup_certificate(
certificate_name=cert_name)
# delete the certificate
await client.delete_certificate(certificate_name=cert_name,
_polling_interval=polling_interval)
# restore certificate
restored_certificate = await client.restore_certificate_backup(
backup=certificate_backup)
self._validate_certificate_bundle(cert=restored_certificate,
vault=client.vault_url,
cert_name=cert_name,
cert_policy=cert_policy)
async def test_crud_operations(self, vault_client, **kwargs):
self.assertIsNotNone(vault_client)
client = vault_client.certificates
cert_name = self.get_resource_name("cert")
lifetime_actions = [
LifetimeAction(
trigger=Trigger(lifetime_percentage=2),
action=Action(action_type=ActionType.email_contacts))
]
cert_policy = CertificatePolicyGenerated(
key_properties=KeyProperties(exportable=True,
key_type='RSA',
key_size=2048,
reuse_key=True),
secret_properties=SecretProperties(
content_type='application/x-pkcs12'),
issuer_parameters=IssuerParameters(name='Self'),
lifetime_actions=lifetime_actions,
x509_certificate_properties=X509CertificateProperties(
subject='CN=DefaultPolicy',
validity_in_months=12,
key_usage=[
"cRLSign", "dataEncipherment", "digitalSignature",
"keyAgreement", "keyCertSign", "keyEncipherment"
]))
# create certificate
create_certificate_poller = await client.create_certificate(
name=cert_name)
cert = await create_certificate_poller
self._validate_certificate_bundle(cert=cert,
vault=client.vault_url,
cert_name=cert_name,
cert_policy=cert_policy)
self.assertEqual(
(await
client.get_certificate_operation(name=cert_name)).status.lower(),
'completed')
# get certificate
cert = await client.get_certificate_with_policy(name=cert_name)
self._validate_certificate_bundle(cert=cert,
vault=client.vault_url,
cert_name=cert_name,
cert_policy=cert_policy)
# update certificate
tags = {'tag1': 'updated_value1'}
cert_bundle = await client.update_certificate_properties(
name=cert_name, tags=tags)
self._validate_certificate_bundle(cert=cert_bundle,
vault=client.vault_url,
cert_name=cert_name,
cert_policy=cert_policy)
self.assertEqual(tags, cert_bundle.properties.tags)
self.assertEqual(cert.id, cert_bundle.id)
self.assertNotEqual(cert.properties.updated,
cert_bundle.properties.updated)
# delete certificate
deleted_cert_bundle = await client.delete_certificate(name=cert_name)
self._validate_certificate_bundle(cert=deleted_cert_bundle,
vault=client.vault_url,
cert_name=cert_name,
cert_policy=cert_policy)
# get certificate returns not found
try:
await client.get_certificate(
name=cert_name, version=deleted_cert_bundle.properties.version)
self.fail('Get should fail')
except Exception as ex:
if not hasattr(ex,
'message') or 'not found' not in ex.message.lower():
raise ex
