def _add_secrets_to_vault(vault_name, secrets, confirm, **kwargs): try: print("Vault management requires authentication") kv_mgmt = BHKeyVaultMgmtClient(**kwargs) vault_uri = kv_mgmt.get_vault_uri(vault_name) print(f"Vault {vault_name} found.") except CloudError: mssg = f"Vault {vault_name} not found. Create new vault (y/n)?" if _prompt_yn(mssg, confirm): print("Creating {vault_name}. Please wait...") new_vault = kv_mgmt.create_vault(vault_name=vault_name) vault_uri = new_vault.properties.vault_uri print("New vault {vault_name} created") if not vault_uri: print("Vault name was not created. Aborting.") return mssg = f"Add secrets to vault {vault_name} (y/n)?" print("Adding secrets to vault requires authentication") if _prompt_yn(mssg, confirm): kv_client = BHKeyVaultClient(vault_name=vault_name, **kwargs) for sec_name, sec_value in secrets.items(): print(f"setting {sec_name}") kv_client.set_secret(secret_name=sec_name, value=sec_value) print("Done") print("Secrets in vault:\n", "\n".join(kv_client.secrets))
def test_kv_mgmt_client(self, az_core, auth_context, kv_mgmt): AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"]) LegacyCreds = namedtuple("legacycreds", ["token"]) az_core.return_value = AzCredentials(LegacyCreds(ACC_TOKEN), "cred") expiry_time = datetime.now() + timedelta(1) auth_context.return_value = mock_auth_context_methods(expiry_time) kv_mgmt.return_value = KeyVaultMgmtMock() kv_sec_client = SecretClientTest() kv_settings = get_kv_settings("msticpyconfig-kv.yaml") vault_mgmt = BHKeyVaultMgmtClient( tenant_id=kv_settings.tenantid, subscription_id=kv_settings.subscriptionid, resource_group=kv_settings.resourcegroup, azure_region=kv_settings.azureregion, ) vault_mgmt.create_vault("mynewvault") vault_mgmt.create_vault("myothervault") self.assertIn("mynewvault", vault_mgmt.list_vaults()) self.assertIn("myothervault", vault_mgmt.list_vaults()) self.assertEqual( vault_mgmt.get_vault_uri("mynewvault"), "https://mynewvault.vault.azure.net" ) kv_settings = get_kv_settings("msticpyconfig-kv.yaml") kv_settings["azureregion"] = None with self.assertRaises(MsticpyKeyVaultConfigError): nr_vault_mgmt = BHKeyVaultMgmtClient( tenant_id=kv_settings.tenantid, subscription_id=kv_settings.subscriptionid, resource_group=kv_settings.resourcegroup, settings=kv_settings, ) nr_vault_mgmt.create_vault("mynewvault")