def test_parse_certificate_id(self):
expected = self._get_expected('certificates', 'myvault', 'mycert', 'abc123')
res = KeyVaultId.parse_certificate_id('https://myvault.vault.azure.net/certificates/mycert/abc123')
self.assertEqual(res.__dict__, expected)
expected = self._get_expected('certificates', 'myvault', 'mycert')
res = KeyVaultId.parse_certificate_id('https://myvault.vault.azure.net/certificates/mycert')
self.assertEqual(res.__dict__, expected)
def test_parse_certificate_id(self):
expected = self._get_expected('certificates', 'myvault', 'mycert',
'abc123')
res = KeyVaultId.parse_certificate_id(
'https://myvault.vault.azure.net/certificates/mycert/abc123')
self.assertEqual(res.__dict__, expected)
expected = self._get_expected('certificates', 'myvault', 'mycert')
res = KeyVaultId.parse_certificate_id(
'https://myvault.vault.azure.net/certificates/mycert')
self.assertEqual(res.__dict__, expected)
def test_list_versions(self, vault, **kwargs):
self.assertIsNotNone(vault)
vault_uri = vault.properties.vault_uri
cert_name = self.get_resource_name('certver')
max_certificates = self.list_test_size
expected = {}
# import same certificates as different versions
for x in range(0, max_certificates):
cert_bundle = None
error_count = 0
while not cert_bundle:
try:
cert_bundle = self._import_common_certificate(vault_uri, cert_name)[0]
cid = KeyVaultId.parse_certificate_id(cert_bundle.id).id.strip('/')
expected[cid] = cert_bundle.attributes
except Exception as ex:
if hasattr(ex, 'message') and 'Throttled' in ex.message:
error_count += 1
time.sleep(2.5 * error_count)
continue
else:
raise ex
# list certificate versions
self._validate_certificate_list(list(self.client.get_certificate_versions(vault_uri, cert_name)), expected)
def test_recover_and_purge(self, vault, **kwargs):
self.assertIsNotNone(vault)
vault_uri = vault.properties.vault_uri
certs = {}
cert_policy = CertificatePolicy(key_properties=KeyProperties(exportable=True,
key_type='RSA',
key_size=2048,
reuse_key=False),
secret_properties=SecretProperties(content_type='application/x-pkcs12'),
issuer_parameters=IssuerParameters(name='Self'),
x509_certificate_properties=X509CertificateProperties(
subject='CN=*.microsoft.com',
subject_alternative_names=SubjectAlternativeNames(
dns_names=['onedrive.microsoft.com', 'xbox.microsoft.com']
),
validity_in_months=24
))
# create certificates to recover
for i in range(0, self.list_test_size):
cert_name = self.get_resource_name('certrec{}'.format(str(i)))
certs[cert_name] = self._import_common_certificate(vault_uri, cert_name)
# create certificates to purge
for i in range(0, self.list_test_size):
cert_name = self.get_resource_name('certprg{}'.format(str(i)))
certs[cert_name] = self._import_common_certificate(vault_uri, cert_name)
# delete all certificates
for cert_name in certs.keys():
delcert = self.client.delete_certificate(vault_uri, cert_name)
print(delcert)
if not self.is_playback():
time.sleep(30)
# validate all our deleted certificates are returned by get_deleted_certificates
deleted = [KeyVaultId.parse_certificate_id(s.id).name for s in self.client.get_deleted_certificates(vault_uri)]
# self.assertTrue(all(s in deleted for s in certs.keys()))
# recover select secrets
for certificate_name in [s for s in certs.keys() if s.startswith('certrec')]:
self.client.recover_deleted_certificate(vault_uri, certificate_name)
# purge select secrets
for certificate_name in [s for s in certs.keys() if s.startswith('certprg')]:
self.client.purge_deleted_certificate(vault_uri, certificate_name)
if not self.is_playback():
time.sleep(30)
# validate none of our deleted certificates are returned by get_deleted_certificates
deleted = [KeyVaultId.parse_secret_id(s.id).name for s in self.client.get_deleted_certificates(vault_uri)]
self.assertTrue(not any(s in deleted for s in certs.keys()))
# validate the recovered certificates
expected = {k: v for k, v in certs.items() if k.startswith('certrec')}
actual = {k: self.client.get_certificate(vault_uri, k, KeyVaultId.version_none) for k in expected.keys()}
self.assertEqual(len(set(expected.keys()) & set(actual.keys())), len(expected))
def _validate_certificate_bundle(self, cert, vault, cert_name, cert_policy):
cert_id = KeyVaultId.parse_certificate_id(cert.id)
self.assertEqual(cert_id.vault.strip('/'), vault.strip('/'))
self.assertEqual(cert_id.name, cert_name)
self.assertIsNotNone(cert)
self.assertIsNotNone(cert.x509_thumbprint)
self.assertIsNotNone(cert.cer)
self.assertIsNotNone(cert.attributes)
self.assertIsNotNone(cert.policy)
self.assertIsNotNone(cert.policy.id)
self.assertIsNotNone(cert.policy.issuer_parameters)
self.assertIsNotNone(cert.policy.lifetime_actions)
self.assertEqual(cert.policy.key_properties, cert_policy.key_properties)
self.assertEqual(cert.policy.secret_properties, cert_policy.secret_properties)
self.assertIsNotNone(cert.policy.x509_certificate_properties)
if cert_policy.x509_certificate_properties:
self.assertEqual(cert.policy.x509_certificate_properties.validity_in_months,
cert_policy.x509_certificate_properties.validity_in_months)
KeyVaultId.parse_secret_id(cert.sid)
KeyVaultId.parse_key_id(cert.kid)
