use of com.microsoft.azure.management.keyvault.Vault in project azure-sdk-for-java by Azure.
the class CertificatesTests method canCRDCertificate.
@Test
@Ignore("Test is failing fix it, this is based on Existing RG and settings.")
public void canCRDCertificate() throws Exception {
Vault vault = keyVaultManager.vaults().getByResourceGroup(RG_NAME, "bananagraphwebapp319com");
AppServiceCertificate certificate = appServiceManager.certificates().define("bananacert").withRegion(Region.US_WEST).withExistingResourceGroup(RG_NAME).withExistingCertificateOrder(appServiceManager.certificateOrders().getByResourceGroup(RG_NAME, "graphwebapp319")).create();
Assert.assertNotNull(certificate);
// CREATE
certificate = appServiceManager.certificates().define(CERTIFICATE_NAME).withRegion(Region.US_EAST).withExistingResourceGroup(RG_NAME).withPfxFile(new File("/Users/jianghlu/Documents/code/certs/myserver.pfx")).withPfxPassword("StrongPass!123").create();
Assert.assertNotNull(certificate);
}
use of com.microsoft.azure.management.keyvault.Vault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method createOrUpdateVault.
public static void createOrUpdateVault(Azure azureClient, AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (azureClient == null || keyVaultClient == null || certVault == null || certVault.name == null || certVault.hostName == null || certVault.resourceGroupName == null || certVault.region == null || (certVault.servicePrincipalId == null && certVault.userId == null)) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name, hostName, resourceGroupName, region and userName/servicePrincipalId cannot be null");
}
try {
Vault vault = null;
try {
if (certVault.id != null) {
vault = azureClient.vaults().getById(certVault.id);
} else {
for (ResourceGroup group : azureClient.resourceGroups().list()) {
for (Vault vaultItem : azureClient.vaults().listByResourceGroup(group.name())) {
if (vaultItem.name().equals(certVault.name)) {
vault = vaultItem;
break;
}
}
if (vault != null)
break;
}
}
} catch (CloudException e) {
if (e.body().code().equals("ResourceNotFound") || e.body().code().equals("ResourceGroupNotFound")) {
// Vault does no exist
vault = null;
} else {
throw e;
}
}
if (vault == null) {
// Vault does not exist so this is the create op
Vault.DefinitionStages.WithGroup withGroup = azureClient.vaults().define(certVault.name).withRegion(certVault.region);
Vault.DefinitionStages.WithAccessPolicy withAccessPolicy;
if (certVault.resourceGroupName.contains("@")) {
// use existing resource group as selected by the user
withAccessPolicy = withGroup.withExistingResourceGroup(certVault.resourceGroupName.split("@")[0]);
certVault.resourceGroupName = certVault.resourceGroupName.split("@")[0];
} else {
withAccessPolicy = withGroup.withNewResourceGroup(certVault.resourceGroupName);
}
Vault.DefinitionStages.WithCreate withCreate = certVault.servicePrincipalId != null ? withAccessPolicy.defineAccessPolicy().forServicePrincipal(certVault.servicePrincipalId).allowSecretAllPermissions().attach() : withAccessPolicy.defineAccessPolicy().forUser(certVault.userId).allowSecretAllPermissions().attach();
withCreate.withTag("dockerhost", "true").create();
} else {
// If original owner is an AD user, we might fail to set vault permissions
try {
setVaultPermissionsAll(azureClient, certVault);
} catch (Exception e) {
DefaultLoader.getUIHelper().logError(String.format("WARN: Can't set permissions to %s: %s\n", vault.vaultUri(), e.getMessage()), e);
}
}
vault = azureClient.vaults().getByResourceGroup(certVault.resourceGroupName, certVault.name);
String vaultUri = vault.vaultUri();
// add a retry policy to make sure it got created and it is readable
for (int sleepMs = 5000; sleepMs <= 2000000; sleepMs += 5000) {
try {
keyVaultClient.listSecrets(vaultUri);
break;
} catch (Exception e) {
try {
if (DEBUG)
System.out.format("WARN: can't find %s (sleepMs: %d)\n", vaultUri, sleepMs);
if (DEBUG)
System.out.println(e.getMessage());
// DefaultLoader.getUIHelper().logError(String.format("WARN: Can't connect to %s: %s (sleepMs: %d)\n", vaultUri, e.getMessage(), sleepMs), e);
try {
// Windows only - flush local DNS to reflect the new Key Vault URI
if (System.getProperty("os.name").toLowerCase().contains("win")) {
Process p = Runtime.getRuntime().exec("cmd /c ipconfig /flushdns");
}
} catch (Exception ignored) {
}
Thread.sleep(5000);
} catch (Exception ignored) {
}
}
}
Map<String, String> secretsMap = getSecretsMap(certVault);
// TODO: remove this after enabling parallel secrets write from above
for (Map.Entry<String, String> entry : secretsMap.entrySet()) {
try {
if (entry.getValue() != null && !entry.getValue().isEmpty()) {
keyVaultClient.setSecret(new SetSecretRequest.Builder(vaultUri, entry.getKey(), entry.getValue()).build());
}
} catch (Exception e) {
DefaultLoader.getUIHelper().logError(String.format("WARN: Unexpected error writing to %s: %s\n", vaultUri, e.getMessage()), e);
System.out.format("ERROR: can't write %s secret %s: %s\n", vaultUri, entry.getKey(), entry.getValue());
System.out.println(e.getMessage());
}
}
if (keyVaultClient.listSecrets(vaultUri).size() > 0 && certVault.hostName != null && !certVault.hostName.isEmpty()) {
keyVaultClient.setSecret(new SetSecretRequest.Builder(vaultUri, SECRETENTRY_DOCKERHOSTNAMES, certVault.hostName).build());
} else {
// something unexpected went wrong... delete the vault
if (DEBUG)
System.out.println("ERROR: something went wrong");
throw new RuntimeException("Key vault has no secrets");
}
} catch (Exception e) {
DefaultLoader.getUIHelper().logError(String.format("WARN: Unexpected error creating Azure Key Vault %s - %s\n", certVault.name, e.getMessage()), e);
throw new AzureDockerException(e.getMessage());
}
}
use of com.microsoft.azure.management.keyvault.Vault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (certVault == null || keyVaultClient == null || certVault.uri == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
String vaultUri = certVault.uri;
try {
SecretBundle secret = keyVaultClient.getSecret(vaultUri, SECRETENTRY_DOCKERHOSTNAMES);
if (secret != null) {
certVault.hostName = secret.value();
} else {
certVault.hostName = null;
return null;
}
} catch (Exception e) {
return null;
}
//Execute Key Vault Secret read in parallel
Map<String, String> secretNamesAndValueMap = new HashMap<>();
Observable.from(DOCKERHOST_SECRETS).flatMap(secretName -> {
return Observable.create(new Observable.OnSubscribe<Pair<String, String>>() {
@Override
public void call(Subscriber<? super Pair<String, String>> subscriber) {
keyVaultClient.getSecretAsync(vaultUri, secretName, new ServiceCallback<SecretBundle>() {
@Override
public void failure(Throwable throwable) {
subscriber.onCompleted();
}
@Override
public void success(SecretBundle secretBundle) {
if (secretBundle != null) {
subscriber.onNext(new Pair<>(secretName, secretBundle.value()));
}
subscriber.onCompleted();
}
});
}
}).subscribeOn(Schedulers.io());
}, 5).subscribeOn(Schedulers.io()).toBlocking().subscribe(new Action1<Pair<String, String>>() {
@Override
public void call(Pair<String, String> secretNameAndValue) {
secretNamesAndValueMap.put(secretNameAndValue.first(), secretNameAndValue.second());
}
});
String currentSecretValue;
currentSecretValue = secretNamesAndValueMap.get("vmUsername");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmUsername = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("vmPwd");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmPwd = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshPubKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshPubKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCACert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCACert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCAKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCAKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerKey = currentSecretValue;
}
return certVault;
}
use of com.microsoft.azure.management.keyvault.Vault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(Azure azureClient, AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (azureClient == null || certVault == null || keyVaultClient == null || certVault.name == null || certVault.resourceGroupName == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
Vault vault;
try {
vault = azureClient.vaults().getByResourceGroup(certVault.resourceGroupName, certVault.name);
certVault.uri = vault.vaultUri();
} catch (Exception e) {
throw new AzureDockerException(e.getMessage());
}
return getVault(certVault, keyVaultClient);
}
use of com.microsoft.azure.management.keyvault.Vault in project azure-sdk-for-java by Azure.
the class ManageKeyVault method runSample.
/**
* Main function which runs the actual sample.
* @param azure instance of the azure client
* @param clientId client id
* @return true if sample runs successfully
*/
public static boolean runSample(Azure azure, String clientId) {
final String vaultName1 = SdkContext.randomResourceName("vault1", 20);
final String vaultName2 = SdkContext.randomResourceName("vault2", 20);
final String rgName = SdkContext.randomResourceName("rgNEMV", 24);
try {
//============================================================
// Create a key vault with empty access policy
System.out.println("Creating a key vault...");
Vault vault1 = azure.vaults().define(vaultName1).withRegion(Region.US_WEST).withNewResourceGroup(rgName).withEmptyAccessPolicy().create();
System.out.println("Created key vault");
Utils.print(vault1);
//============================================================
// Authorize an application
System.out.println("Authorizing the application associated with the current service principal...");
vault1 = vault1.update().defineAccessPolicy().forServicePrincipal(clientId).allowKeyAllPermissions().allowSecretPermissions(SecretPermissions.GET).allowSecretPermissions(SecretPermissions.LIST).attach().apply();
System.out.println("Updated key vault");
Utils.print(vault1);
//============================================================
// Update a key vault
System.out.println("Update a key vault to enable deployments and add permissions to the application...");
vault1 = vault1.update().withDeploymentEnabled().withTemplateDeploymentEnabled().updateAccessPolicy(vault1.accessPolicies().get(0).objectId()).allowSecretAllPermissions().parent().apply();
System.out.println("Updated key vault");
// Print the network security group
Utils.print(vault1);
//============================================================
// Create another key vault
Vault vault2 = azure.vaults().define(vaultName2).withRegion(Region.US_EAST).withExistingResourceGroup(rgName).defineAccessPolicy().forServicePrincipal(clientId).allowKeyPermissions(KeyPermissions.LIST).allowKeyPermissions(KeyPermissions.GET).allowKeyPermissions(KeyPermissions.DECRYPT).allowSecretPermissions(SecretPermissions.GET).attach().create();
System.out.println("Created key vault");
// Print the network security group
Utils.print(vault2);
//============================================================
// List key vaults
System.out.println("Listing key vaults...");
for (Vault vault : azure.vaults().listByResourceGroup(rgName)) {
Utils.print(vault);
}
//============================================================
// Delete key vaults
System.out.println("Deleting the key vaults");
azure.vaults().deleteById(vault1.id());
azure.vaults().deleteById(vault2.id());
System.out.println("Deleted the key vaults");
return true;
} catch (Exception e) {
System.err.println(e.getMessage());
} finally {
try {
System.out.println("Deleting Resource Group: " + rgName);
azure.resourceGroups().deleteByName(rgName);
System.out.println("Deleted Resource Group: " + rgName);
} catch (NullPointerException npe) {
System.out.println("Did not create any resources in Azure. No clean up is necessary");
} catch (Exception g) {
g.printStackTrace();
}
}
return false;
}
Aggregations