Skip to content

Commit

Permalink
[KV] Use shared test-resources.json (Azure#21940)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mccoyp @hildurhodd
mccoyp authored and hildurhodd committed Jan 4, 2022
1 parent 0d92023 commit e01ae1d
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 88 deletions.
4 changes: 2 additions & 2 deletions sdk/keyvault/azure-keyvault-keys/tests/_test_case.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,9 +144,9 @@ def create_crypto_client(self, key, **kwargs):
def _get_attestation_uri(self):
playback_uri = "https://fakeattestation.azurewebsites.net"
if self.is_live:
real_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URI")
real_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URL")
if real_uri is None:
pytest.skip("No AZURE_KEYVAULT_ATTESTATION_URI environment variable")
pytest.skip("No AZURE_KEYVAULT_ATTESTATION_URL environment variable")
self._scrub_url(real_uri, playback_uri)
return real_uri
return playback_uri
Expand Down
155 changes: 69 additions & 86 deletions sdk/keyvault/test-resources.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
},
"testApplicationOid": {
"type": "string",
"defaultValue": "b3653439-8136-4cd5-aac3-2a9460871ca6",
"metadata": {
"description": "The client OID to grant access to test resources."
}
Expand Down Expand Up @@ -66,38 +65,29 @@
"description": "Whether to enable deployment of Managed HSM. The default is false."
}
},
"keyVaultDomainSuffix": {
"type": "string",
"defaultValue": ".vault.azure.net",
"metadata": {
"description": "Domain suffix for sovereign clouds, requies the preceeding '.'. The default uses the public Azure Cloud (.vault.azure.net)"
}
},
"keyVaultSku": {
"type": "string",
"defaultValue": "premium",
"metadata": {
"description": "Key Vault SKU to deploy. The default is 'premium'"
}
},
"attestationUri": {
"attestationImage": {
"type": "string",
"defaultValue": "https://skrattestation.azurewebsites.net/",
"defaultValue": "keyvault-mock-attestation:latest",
"metadata": {
"description": "Test attestation service for Secure Key Release."
"description": "The container image name and tag to use for the attestation mock service."
}
},
"storageEndpointSuffix": {
"type": "string",
"defaultValue": "core.windows.net",
"metadata": {
"description": "The url suffix to use when accessing the storage data plane."
}
}
},
"variables": {
"attestationFarm": "[concat(parameters('baseName'), 'farm')]",
"attestationSite": "[concat(parameters('baseName'), 'site')]",
"attestationUri": "[concat('DOCKER|azsdkengsys.azurecr.io/', parameters('attestationImage'))]",
"kvApiVersion": "2019-09-01",
"azureKeyVaultUrl": "[format('https://{0}{1}', parameters('baseName'), parameters('keyVaultDomainSuffix'))]",
"kvName": "[parameters('baseName')]",
"kvAdminDefinitionId": "00482a5a-887f-4fb3-b363-3b7fe8e74483",
"kvAdminAssignmentName": "[guid(resourceGroup().id, variables('kvAdminDefinitionId'), parameters('testApplicationOid'))]",
"hsmApiVersion": "2021-04-01-preview",
"hsmName": "[concat(parameters('baseName'), 'hsm')]",
"mgmtApiVersion": "2019-04-01",
Expand All @@ -122,74 +112,30 @@
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "[variables('kvApiVersion')]",
"name": "[parameters('baseName')]",
"name": "[variables('kvName')]",
"location": "[parameters('location')]",
"properties": {
"sku": {
"family": "A",
"name": "[parameters('keyVaultSku')]"
},
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[parameters('testApplicationOid')]",
"permissions": {
"keys": [
"get",
"list",
"update",
"create",
"import",
"delete",
"recover",
"backup",
"restore",
"decrypt",
"encrypt",
"unwrapKey",
"wrapKey",
"verify",
"sign",
"purge",
"rotate",
"release"
],
"secrets": [
"get",
"list",
"set",
"delete",
"recover",
"backup",
"restore",
"purge"
],
"certificates": [
"get",
"list",
"update",
"create",
"import",
"delete",
"recover",
"backup",
"restore",
"managecontacts",
"manageissuers",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"purge"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"enableSoftDelete": true
"enableSoftDelete": true,
"enableRbacAuthorization": true,
"softDeleteRetentionInDays": 7
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2020-04-01-preview",
"name": "[variables('kvAdminAssignmentName')]",
"properties": {
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('kvAdminDefinitionId'))]",
"principalId": "[parameters('testApplicationOid')]",
"scope": "[resourceGroup().id]"
}
},
{
Expand All @@ -207,9 +153,9 @@
"initialAdminObjectIds": "[union(array(parameters('testApplicationOid')), array(parameters('provisionerApplicationOid')))]",
"enablePurgeProtection": false,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 7,
"publicNetworkAccess": "Enabled",
"networkAcls": "[variables('networkAcls')]",
"softDeleteRetentionInDays": 7
"networkAcls": "[variables('networkAcls')]"
}
},
{
Expand Down Expand Up @@ -260,12 +206,53 @@
"properties": {
"publicAccess": "None"
}
},
{

"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-12-01",
"name": "[variables('attestationFarm')]",
"condition": "[parameters('enableHsm')]",
"location": "[parameters('location')]",
"kind": "linux",
"sku": {
"name": "B1"
},
"properties": {
"reserved": true
}
},
{

"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "[variables('attestationSite')]",
"condition": "[parameters('enableHsm')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]"
],
"location": "[parameters('location')]",
"properties": {
"httpsOnly": true,
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]",
"siteConfig": {
"name": "[variables('attestationSite')]",
"alwaysOn": true,
"linuxFxVersion": "[variables('attestationUri')]",
"appSettings": [
{
"name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
"value": "false"
}
]
}
}
}
],
"outputs": {
"AZURE_KEYVAULT_URL": {
"type": "string",
"value": "[variables('azureKeyVaultUrl')]"
"value": "[reference(variables('kvName')).vaultUri]"
},
"AZURE_MANAGEDHSM_URL": {
"type": "string",
Expand All @@ -280,10 +267,6 @@
"type": "string",
"value": "[parameters('testApplicationOid')]"
},
"KEYVAULT_STORAGE_ENDPOINT_SUFFIX": {
"type": "string",
"value": "[parameters('storageEndpointSuffix')]"
},
"BLOB_STORAGE_ACCOUNT_NAME": {
"type": "string",
"value": "[variables('primaryAccountName')]"
Expand All @@ -296,10 +279,10 @@
"type": "string",
"value": "[variables('blobContainerName')]"
},
"AZURE_KEYVAULT_ATTESTATION_URI": {
"AZURE_KEYVAULT_ATTESTATION_URL": {
"type": "string",
"condition": "[parameters('enableHsm')]",
"value": "[parameters('attestationUri')]"
"value": "[format('https://{0}/', reference(variables('attestationSite')).defaultHostName)]"
}
}
}

0 comments on commit e01ae1d

Please sign in to comment.