def _add_secrets_to_vault(vault_name, secrets, confirm, **kwargs):
try:
print("Vault management requires authentication")
kv_mgmt = BHKeyVaultMgmtClient(**kwargs)
vault_uri = kv_mgmt.get_vault_uri(vault_name)
print(f"Vault {vault_name} found.")
except CloudError:
mssg = f"Vault {vault_name} not found. Create new vault (y/n)?"
if _prompt_yn(mssg, confirm):
print("Creating {vault_name}. Please wait...")
new_vault = kv_mgmt.create_vault(vault_name=vault_name)
vault_uri = new_vault.properties.vault_uri
print("New vault {vault_name} created")
if not vault_uri:
print("Vault name was not created. Aborting.")
return
mssg = f"Add secrets to vault {vault_name} (y/n)?"
print("Adding secrets to vault requires authentication")
if _prompt_yn(mssg, confirm):
kv_client = BHKeyVaultClient(vault_name=vault_name, **kwargs)
for sec_name, sec_value in secrets.items():
print(f"setting {sec_name}")
kv_client.set_secret(secret_name=sec_name, value=sec_value)
print("Done")
print("Secrets in vault:\n", "\n".join(kv_client.secrets))
def test_kv_mgmt_client(self, az_core, auth_context, kv_mgmt):
AzCredentials = namedtuple("AzCredentials", ["legacy", "modern"])
LegacyCreds = namedtuple("legacycreds", ["token"])
az_core.return_value = AzCredentials(LegacyCreds(ACC_TOKEN), "cred")
expiry_time = datetime.now() + timedelta(1)
auth_context.return_value = mock_auth_context_methods(expiry_time)
kv_mgmt.return_value = KeyVaultMgmtMock()
kv_sec_client = SecretClientTest()
kv_settings = get_kv_settings("msticpyconfig-kv.yaml")
vault_mgmt = BHKeyVaultMgmtClient(
tenant_id=kv_settings.tenantid,
subscription_id=kv_settings.subscriptionid,
resource_group=kv_settings.resourcegroup,
azure_region=kv_settings.azureregion,
)
vault_mgmt.create_vault("mynewvault")
vault_mgmt.create_vault("myothervault")
self.assertIn("mynewvault", vault_mgmt.list_vaults())
self.assertIn("myothervault", vault_mgmt.list_vaults())
self.assertEqual(
vault_mgmt.get_vault_uri("mynewvault"), "https://mynewvault.vault.azure.net"
)
kv_settings = get_kv_settings("msticpyconfig-kv.yaml")
kv_settings["azureregion"] = None
with self.assertRaises(MsticpyKeyVaultConfigError):
nr_vault_mgmt = BHKeyVaultMgmtClient(
tenant_id=kv_settings.tenantid,
subscription_id=kv_settings.subscriptionid,
resource_group=kv_settings.resourcegroup,
settings=kv_settings,
)
nr_vault_mgmt.create_vault("mynewvault")