async def test_managed_identity_live(live_managed_identity_config): credential = ManagedIdentityCredential( client_id=live_managed_identity_config["client_id"]) # do something with Key Vault to verify the credential can get a valid token client = SecretClient(live_managed_identity_config["vault_url"], credential, logging_enable=True) async for _ in client.list_properties_of_secrets(): pass
class ListSecretsTest(PerfStressTest): def __init__(self, arguments): super().__init__(arguments) # Auth configuration self.credential = DefaultAzureCredential() self.async_credential = AsyncDefaultAzureCredential() # Create clients vault_url = self.get_from_env("AZURE_KEYVAULT_URL") self.client = SecretClient(vault_url, self.credential, **self._client_kwargs) self.async_client = AsyncSecretClient(vault_url, self.async_credential, **self._client_kwargs) self.secret_names = ["livekvtestlistperfsecret{}".format(i) for i in range(self.args.list_size)] async def global_setup(self): """The global setup is run only once.""" await super().global_setup() create = [self.async_client.set_secret(name, "secret-value") for name in self.secret_names] await asyncio.wait(create) async def global_cleanup(self): """The global cleanup is run only once.""" delete = [self.async_client.delete_secret(name) for name in self.secret_names] await asyncio.wait(delete) purge = [self.async_client.purge_deleted_secret(name) for name in self.secret_names] await asyncio.wait(purge) await super().global_cleanup() async def close(self): """This is run after cleanup.""" await self.async_client.close() await self.async_credential.close() await super().close() def run_sync(self): """The synchronous perf test.""" secret_properties = self.client.list_properties_of_secrets() # enumerate secrets to exercise paging code list(secret_properties) async def run_async(self): """The asynchronous perf test.""" secret_properties = self.async_client.list_properties_of_secrets() # enumerate secrets to exercise paging code async for _ in secret_properties: pass @staticmethod def add_arguments(parser): super(ListSecretsTest, ListSecretsTest).add_arguments(parser) parser.add_argument( '--list-size', nargs='?', type=int, help='Number of secrets to list. Defaults to 10', default=10 )
class ListSecretsTest(PerfStressTest): def __init__(self, arguments): super().__init__(arguments) # Auth configuration self.credential = DefaultAzureCredential() self.async_credential = AsyncDefaultAzureCredential() # Create clients vault_url = self.get_from_env("AZURE_KEYVAULT_URL") self.client = SecretClient(vault_url, self.credential, **self._client_kwargs) self.async_client = AsyncSecretClient(vault_url, self.async_credential, **self._client_kwargs) self.secret_names = [ "livekvtestlistperfsecret{}".format(i) for i in range(self.args.count) ] async def global_setup(self): """The global setup is run only once.""" # Validate that vault contains 0 secrets (including soft-deleted secrets), since additional secrets # (including soft-deleted) impact performance. async for secret in self.async_client.list_properties_of_secrets(): raise Exception( "KeyVault %s must contain 0 secrets (including soft-deleted) before starting perf test" % self.async_client.vault_url) async for secret in self.async_client.list_deleted_secrets(): raise Exception( "KeyVault %s must contain 0 secrets (including soft-deleted) before starting perf test" % self.async_client.vault_url) await super().global_setup() create = [ self.async_client.set_secret(name, "secret-value") for name in self.secret_names ] await asyncio.wait(create) async def global_cleanup(self): """The global cleanup is run only once.""" delete = [ self.async_client.delete_secret(name) for name in self.secret_names ] await asyncio.wait(delete) purge = [ self.async_client.purge_deleted_secret(name) for name in self.secret_names ] await asyncio.wait(purge) await super().global_cleanup() async def close(self): """This is run after cleanup.""" await self.async_client.close() await self.async_credential.close() await super().close() def run_sync(self): """The synchronous perf test.""" secret_properties = self.client.list_properties_of_secrets() # enumerate secrets to exercise paging code list(secret_properties) async def run_async(self): """The asynchronous perf test.""" secret_properties = self.async_client.list_properties_of_secrets() # enumerate secrets to exercise paging code async for _ in secret_properties: pass @staticmethod def add_arguments(parser): super(ListSecretsTest, ListSecretsTest).add_arguments(parser) parser.add_argument("--count", nargs="?", type=int, help="Number of secrets to list. Defaults to 10", default=10)
async def run_sample(): # Instantiate a secret client that will be used to call the service. # Notice that the client is using default Azure credentials. # To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID', # 'AZURE_CLIENT_SECRET' and 'AZURE_TENANT_ID' are set with the service principal credentials. VAULT_URL = os.environ["VAULT_URL"] credential = DefaultAzureCredential() client = SecretClient(vault_url=VAULT_URL, credential=credential) try: # Let's create secrets holding storage and bank accounts credentials. If the secret # already exists in the Key Vault, then a new version of the secret is created. print("\n.. Create Secret") bank_secret = await client.set_secret("listOpsBankSecretName", "listOpsSecretValue1") storage_secret = await client.set_secret("listOpsStorageSecretName", "listOpsSecretValue2") print("Secret with name '{0}' was created.".format(bank_secret.name)) print("Secret with name '{0}' was created.".format( storage_secret.name)) # You need to check if any of the secrets are sharing same values. # Let's list the secrets and print their values. # List operations don 't return the secrets with value information. # So, for each returned secret we call get_secret to get the secret with its value information. print("\n.. List secrets from the Key Vault") secrets = client.list_properties_of_secrets() async for secret in secrets: retrieved_secret = await client.get_secret(secret.name) print("Secret with name '{0}' with value '{1}' was found.".format( retrieved_secret.name, retrieved_secret.value)) # The bank account password got updated, so you want to update the secret in Key Vault to ensure it reflects the # new password. Calling set_secret on an existing secret creates a new version of the secret in the Key Vault # with the new value. updated_secret = await client.set_secret(bank_secret.name, "newSecretValue") print("Secret with name '{0}' was updated with new value '{1}'".format( updated_secret.name, updated_secret.value)) # You need to check all the different values your bank account password secret had previously. Lets print all # the versions of this secret. print("\n.. List versions of the secret using its name") secret_versions = client.list_properties_of_secret_versions( bank_secret.name) async for secret in secret_versions: print("Bank Secret with name '{0}' has version: '{1}'".format( secret.name, secret.version)) # The bank account and storage accounts got closed. Let's delete bank and storage accounts secrets. print("\n.. Deleting secrets...") await client.delete_secret(bank_secret.name) await client.delete_secret(storage_secret.name) # You can list all the deleted and non-purged secrets, assuming Key Vault is soft-delete enabled. print("\n.. List deleted secrets from the Key Vault") deleted_secrets = client.list_deleted_secrets() async for deleted_secret in deleted_secrets: print("Secret with name '{0}' has recovery id '{1}'".format( deleted_secret.name, deleted_secret.recovery_id)) except HttpResponseError as e: if "(NotSupported)" in e.message: print( "\n{0} Please enable soft-delete on Key Vault to perform this operation." .format(e.message)) else: print("\nrun_sample has caught an error. {0}".format(e.message)) finally: print("\nrun_sample done") await credential.close() await client.close()
class AzureHandler(Handler): class Settings(BaseSettings): client_id: UUID client_secret: SecretStr keyvault_url: HttpUrl storage_blob_url: HttpUrl tenant_id: UUID storage_name: str storage_share_name: str storage_sas: SecretStr def __init__(self, env_file) -> None: self.settings = AzureHandler.Settings(_env_file=env_file) self.credential = ClientSecretCredential( str(self.settings.tenant_id), str(self.settings.client_id), self.settings.client_secret.get_secret_value(), ) # Create File and KeyVault Secret Clients self.secret_index = {} self.secretsclient = SecretClient(self.settings.keyvault_url, self.credential) self.fileclient = FileService( self.settings.storage_name, sas_token=self.settings.storage_sas.get_secret_value(), ) try: self.fileclient.create_share("lootmarshal") self.fileclient.create_directory("lootmarshal", "binary_dumps") asyncio.create_task(self.build_secret_index()) except Exception as e: raise e async def validate(self) -> bool: try: if not len(self.fileclient.list_shares(num_results=1)): raise Exception( "Azure FileService Client could not list shares! Verify authentication." ) [p async for p in self.secretsclient.list_properties_of_secrets()] return True except Exception as e: raise e async def build_secret_index(self): while True: try: self.secret_index = [{ "name": p.name, "content_type": p.content_type, "tags": p.tags } async for p in self.secretsclient.list_properties_of_secrets( )] except Exception as e: raise e await asyncio.sleep(10) def write_file(self, directory: str, name: str, file: bytes): name = f"{name}_{time.strftime('%Y%m%d-%H%M%S')}" logging.info( f"Writing {name} ({len(file)} bytes) to {directory}/{name}.") self.fileclient.create_file_from_bytes( self.settings.storage_share_name, directory, name, file) async def read_secret(self, name) -> dict: try: secret = await self.secretsclient.get_secret(name) formatted = { "name": secret.name, "value": secret.value, "content_type": secret.properties.content_type, "tags": secret.properties.tags, } return formatted except Exception as e: raise HTTPException(status_code=404, detail=str(e)) async def write_secret(self, name, value, content_type, tags): try: return await self.secretsclient.set_secret( name, value, content_type=content_type, tags=tags) except Exception as e: raise HTTPException(status_code=404, detail=str(e)) async def list_secrets(self): try: secret_list = [] async for props in self.secretsclient.list_properties_of_secrets(): secret = await self.secretsclient.get_secret(props.name) formatted = { "name": secret.name, "value": secret.value, "content_type": secret.properties.content_type, "tags": secret.properties.tags, } secret_list.append(formatted) return json.dumps(secret_list, indent=4) except Exception as e: raise HTTPException(status_code=404, detail=str(e))