Skip to content

Commit

Permalink
Merge pull request #51 from Keyfactor/empty_parameter_error_fix
Browse files Browse the repository at this point in the history 
Merge pull request #43 from Keyfactor/release-3.1
  • Loading branch information
@doebrowsk
doebrowsk authored Dec 11, 2024
2 parents 4116a89 + 82b3e76 commit 8cf092c
Show file tree
Hide file tree
Showing 8 changed files with 129 additions and 81 deletions.
85 changes: 58 additions & 27 deletions AzureKeyVault/AzureClient.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ private Uri AzureCloudEndpoint

case "china":
return AzureAuthorityHosts.AzureChina;
case "germany":
return AzureAuthorityHosts.AzureGermany;
//case "germany":
// return AzureAuthorityHosts.AzureGermany; // germany is no longer a valid azure authority host as of 2021
case "government":
return AzureAuthorityHosts.AzureGovernment;
default:
Expand Down Expand Up @@ -79,7 +79,7 @@ private protected virtual CertificateClient CertClient
{
logger.LogTrace("Using a service principal to authenticate, generating the credentials");
cred = new ClientSecretCredential(VaultProperties.TenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, new ClientSecretCredentialOptions() { AuthorityHost = AzureCloudEndpoint, AdditionallyAllowedTenants = { "*" } });
logger.LogTrace("generated credentials", cred);
logger.LogTrace("generated credentials");
}
_certClient = new CertificateClient(new Uri(VaultProperties.VaultURL), credential: cred);

Expand All @@ -106,13 +106,13 @@ internal protected virtual ArmClient getArmClient(string tenantId)
}
else
{
logger.LogTrace("getting credentials for a service principal identity");
logger.LogTrace($"getting credentials for a service principal identity with id {VaultProperties.ClientId} in Azure Tenant {credentialOptions.TenantId}");
credential = new ClientSecretCredential(tenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, credentialOptions);
logger.LogTrace("got credentials for service principal identity", credential);
logger.LogTrace("got credentials for service principal identity");
}

_mgmtClient = new ArmClient(credential);
logger.LogTrace("created management client", _mgmtClient);
logger.LogTrace("created management client");
return _mgmtClient;
}

Expand Down Expand Up @@ -149,7 +149,7 @@ public virtual async Task<KeyVaultResource> CreateVault()
{
try
{
logger.LogInformation($"Begin create vault in Subscription {VaultProperties.SubscriptionId} with storepath = {VaultProperties.StorePath}");
logger.LogTrace($"Begin create vault in Subscription {VaultProperties.SubscriptionId} with storepath = {VaultProperties.StorePath}");

logger.LogTrace($"getting subscription info for provided subscription id {VaultProperties.SubscriptionId}");

Expand All @@ -170,7 +170,7 @@ public virtual async Task<KeyVaultResource> CreateVault()
}
catch (Exception ex)
{
logger.LogError($"error retrieving default Azure Location: {ex.Message}", ex);
logger.LogError($"error retrieving default Azure Location: {ex.Message}");
throw;
}
}
Expand All @@ -189,10 +189,9 @@ public virtual async Task<KeyVaultResource> CreateVault()
}
catch (Exception ex)
{
logger.LogError("Error when trying to create Azure Keyvault", ex);
logger.LogError($"Error when trying to create Azure Keyvault {ex.Message}");
throw;
}

}

public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(string certName, string contents, string pfxPassword)
Expand Down Expand Up @@ -228,7 +227,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(
}
catch (Exception ex)
{
logger.LogError(ex.Message);
logger.LogError($"There was an error importing the certificate: {ex.Message}");
throw;
}
}
Expand All @@ -244,7 +243,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> GetCertificate(string a
if (rEx.ErrorCode == "CertificateNotFound")
{
// the request was successful, the cert does not exist.
logger.LogTrace("The certificate was not found.");
logger.LogTrace($"The certificate with alias {alias} was not found: {rEx.Message}");
return null;
}
}
Expand All @@ -263,38 +262,68 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn
AsyncPageable<CertificateProperties> inventory = null;
try
{
logger.LogTrace("calling GetPropertiesOfCertificates() on the Certificate Client", CertClient);
logger.LogTrace("calling GetPropertiesOfCertificates() on the Certificate Client");
inventory = CertClient.GetPropertiesOfCertificatesAsync();

logger.LogTrace("got a response", inventory);
logger.LogTrace($"got a pageable response");
}
catch (Exception ex)
{
logger.LogError($"Error performing inventory. {ex.Message}", ex);
throw;
}

logger.LogTrace("retrieving each certificate from the response");
logger.LogTrace("iterating over result pages for complete list..");

var fullInventoryList = new List<CertificateProperties>();
var failedCount = 0;
Exception innerException = null;

await foreach (var cert in inventory) {
logger.LogTrace($"adding cert with ID: {cert.Id} to the list.");
fullInventoryList.Add(cert); // convert to list from pages
}

logger.LogTrace($"compiled full inventory list of {fullInventoryList.Count()} certificate(s)");

await foreach (var certificate in inventory)
foreach (var certificate in fullInventoryList)
{
logger.LogTrace("getting details for the individual certificate", certificate);
var cert = await CertClient.GetCertificateAsync(certificate.Name);
logger.LogTrace("got certificate response", cert);
logger.LogTrace($"getting details for the individual certificate with id: {certificate.Id} and name: {certificate.Name}");
try
{
var cert = await CertClient.GetCertificateAsync(certificate.Name);
logger.LogTrace($"got certificate details");

inventoryItems.Add(new CurrentInventoryItem()
inventoryItems.Add(new CurrentInventoryItem()
{
Alias = cert.Value.Name,
PrivateKeyEntry = true,
ItemStatus = OrchestratorInventoryItemStatus.Unknown,
UseChainLevel = true,
Certificates = new List<string>() { Convert.ToBase64String(cert.Value.Cer) }
});
}
catch (Exception ex)
{
Alias = cert.Value.Name,
PrivateKeyEntry = true,
ItemStatus = OrchestratorInventoryItemStatus.Unknown,
UseChainLevel = true,
Certificates = new string[] { Convert.ToBase64String(cert.Value.Cer) }
});
failedCount++;
innerException = ex;
logger.LogError($"Failed to retreive details for certificate {certificate.Name}. Exception: {ex.Message}");
// continuing with inventory instead of throwing, in case there's an issue with a single certificate
}
}

if (failedCount == fullInventoryList.Count()) {
throw new Exception("Unable to retreive details for certificates.", innerException);
}

if (failedCount > 0) {
logger.LogWarning($"{failedCount} of {fullInventoryList.Count()} certificates were not able to be retreieved. Please review the errors.");
}

return inventoryItems;
}

public virtual async Task<(List<string>, List<string>)> GetVaults()
public virtual (List<string>, List<string>) GetVaults()
{
var vaultNames = new List<string>();
var warnings = new List<string>();
Expand Down Expand Up @@ -333,6 +362,8 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn
var subId = splitId[1];
var resourceGroupName = splitId[3];
var vaultName = splitId.Last();
var vaultStorePath = $"{subId}:{resourceGroupName}:{vaultName}";
logger.LogTrace($"found keyvault, using storepath {vaultStorePath}");
vaultNames.Add($"{subId}:{resourceGroupName}:{vaultName}");
}
}
Expand Down
35 changes: 15 additions & 20 deletions AzureKeyVault/AzureKeyVault.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<TargetFramework>netcoreapp3.1</TargetFramework>
<AssemblyName>Keyfactor.Extensions.Orchestrators.AKV</AssemblyName>
<RootNamespace>Keyfactor.Extensions.Orchestrator.AzureKeyVault</RootNamespace>
<CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
<CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
<SignAssembly>false</SignAssembly>
<Copyright />
<PackageLicenseExpression>https://apache.org/licenses/LICENSE-2.0</PackageLicenseExpression>
Expand All @@ -18,30 +18,25 @@
</PropertyGroup>

<ItemGroup>
<None Remove="C:\Users\jvanwanzeele\.nuget\packages\keyfactor.extensions.pam.utilities\1.0.2\contentFiles\any\any\Keyfactor.Extensions.Pam.Config.exe.config" />
<None Remove="C:\Users\jvanwanzeele\.nuget\packages\keyfactor.extensions.pam.utilities\1.0.2\contentFiles\any\any\Keyfactor.Extensions.Pam.Utilities.dll.config" />
</ItemGroup>

<ItemGroup>
<PackageReference Include="Azure.Core" Version="1.40.0" />
<PackageReference Include="Azure.Identity" Version="1.12.0" />
<PackageReference Include="Azure.ResourceManager" Version="1.12.0" />
<PackageReference Include="Azure.ResourceManager.KeyVault" Version="1.2.3" />
<PackageReference Include="Azure.ResourceManager.Resources" Version="1.7.3" />
<PackageReference Include="Azure.Security.KeyVault.Administration" Version="4.4.0" />
<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.6.0" />
<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
<PackageReference Include="Azure.Storage.Blobs" Version="12.20.0" />
<PackageReference Include="CSS.Common" Version="1.7.0" />
<PackageReference Include="Keyfactor.Common" Version="2.3.7" />
<PackageReference Include="Keyfactor.Extensions.Pam.Utilities" Version="1.0.2" />
<PackageReference Include="Azure.Core" Version="1.44.1" />
<PackageReference Include="Azure.Identity" Version="1.13.1" />
<PackageReference Include="Azure.ResourceManager" Version="1.13.0" />
<PackageReference Include="Azure.ResourceManager.KeyVault" Version="1.3.0" />
<PackageReference Include="Azure.ResourceManager.Resources" Version="1.9.0" />
<PackageReference Include="Azure.Security.KeyVault.Administration" Version="4.5.0" />
<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.7.0" />
<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.7.0" />
<PackageReference Include="Azure.Storage.Blobs" Version="12.22.2" />
<PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
<PackageReference Include="Keyfactor.Orchestrators.Common" Version="3.2.0" />
<PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
<PackageReference Include="Keyfactor.Platform.IPAMProvider" Version="1.0.0" />
<PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.61.3" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.61.3" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.66.1" />
<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.66.1" />
<PackageReference Include="System.Drawing.Common" Version="6.0.0" />
<PackageReference Include="System.Linq" Version="4.3.0" />
<PackageReference Include="System.Linq.Async" Version="6.0.1" />
</ItemGroup>

<ItemGroup>
Expand Down
Loading

0 comments on commit 8cf092c

Please sign in to comment.