exclude disabled secrets when getting kayvault secrets (Azure#14407)

Co-authored-by: unknown <fenzho@FZHOU.fareast.corp.microsoft.com>
AzureSDKAutomation · Aug 26, 2020 · 361f94d · 361f94d
1 parent 18e6ea8
commit 361f94d
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 19 deletions.
diff --git a/...zure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/KeyVaultOperation.java b/...zure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/KeyVaultOperation.java
@@ -11,6 +11,7 @@
 import com.azure.core.util.paging.ContinuablePagedIterable;
 import com.azure.security.keyvault.secrets.SecretClient;
 import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
+import com.azure.security.keyvault.secrets.models.SecretProperties;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
@@ -125,6 +126,7 @@ private void refreshProperties() {
                 .orElseGet(Stream::empty)
                 .map(PagedResponse::getElements)
                 .flatMap(i -> StreamSupport.stream(i.spliterator(), false))
+                .filter(SecretProperties::isEnabled)
                 .map(p -> secretClient.getSecret(p.getName(), p.getVersion()))
                 .filter(Objects::nonNull)
                 .collect(Collectors.toMap(

diff --git a/...ing-boot/src/test/java/com/microsoft/azure/keyvault/spring/KeyVaultOperationUnitTest.java b/...ing-boot/src/test/java/com/microsoft/azure/keyvault/spring/KeyVaultOperationUnitTest.java
@@ -6,15 +6,25 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.when;
 
+import com.azure.core.http.HttpHeaders;
+import com.azure.core.http.HttpRequest;
+import com.azure.core.http.rest.PagedFlux;
+import com.azure.core.http.rest.PagedIterable;
+import com.azure.core.http.rest.PagedResponse;
+import com.azure.core.util.IterableStream;
 import com.azure.security.keyvault.secrets.SecretClient;
 import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
+import com.azure.security.keyvault.secrets.models.SecretProperties;
+import java.io.IOException;
 import java.util.Arrays;
 import java.util.LinkedHashMap;
 import java.util.List;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
 
 @RunWith(MockitoJUnitRunner.class)
 public class KeyVaultOperationUnitTest {
@@ -36,27 +46,27 @@ public class KeyVaultOperationUnitTest {
     private static final String TEST_AZURE_KEYVAULT_NAME = "acme-myproject-person-firstname";
 
     private static final List<String> TEST_SPRING_RELAXED_BINDING_NAMES = Arrays.asList(
-            TEST_SPRING_RELAXED_BINDING_NAME_0,
-            TEST_SPRING_RELAXED_BINDING_NAME_1,
-            TEST_SPRING_RELAXED_BINDING_NAME_2,
-            TEST_SPRING_RELAXED_BINDING_NAME_3
+        TEST_SPRING_RELAXED_BINDING_NAME_0,
+        TEST_SPRING_RELAXED_BINDING_NAME_1,
+        TEST_SPRING_RELAXED_BINDING_NAME_2,
+        TEST_SPRING_RELAXED_BINDING_NAME_3
     );
 
     @Mock
     private SecretClient keyVaultClient;
     private KeyVaultOperation keyVaultOperation;
 
-    public void setupSecretBundle(String id, String value, List<String> secretKeysConfig) {
+    public void setupSecretBundle(List<String> secretKeysConfig) {
         keyVaultOperation = new KeyVaultOperation(
-                keyVaultClient,
-                0,
-                secretKeysConfig,
-                false);
+            keyVaultClient,
+            0,
+            secretKeysConfig,
+            false);
     }
 
     @Test
     public void testGetWithNoSpecficSecretKeys() {
-        setupSecretBundle(TEST_PROPERTY_NAME_1, TEST_PROPERTY_NAME_1, null);
+        setupSecretBundle(null);
 
         final LinkedHashMap<String, String> properties = new LinkedHashMap<>();
         properties.put("testpropertyname1", TEST_PROPERTY_NAME_1);
@@ -67,7 +77,7 @@ public void testGetWithNoSpecficSecretKeys() {
 
     @Test
     public void testGetAndMissWhenSecretsProvided() {
-        setupSecretBundle(TEST_PROPERTY_NAME_1, TEST_PROPERTY_NAME_1, SECRET_KEYS_CONFIG);
+        setupSecretBundle(SECRET_KEYS_CONFIG);
 
         final LinkedHashMap<String, String> properties = new LinkedHashMap<>();
         properties.put("key1", "value1");
@@ -84,15 +94,15 @@ public void testGetAndHitWhenSecretsProvided() {
         when(keyVaultClient.getSecret("key2")).thenReturn(new KeyVaultSecret("key2", "key2"));
         when(keyVaultClient.getSecret("key3")).thenReturn(new KeyVaultSecret("key3", "key3"));
 
-        setupSecretBundle(SECRET_KEY_1, SECRET_KEY_1, SECRET_KEYS_CONFIG);
+        setupSecretBundle(SECRET_KEYS_CONFIG);
 
         assertThat(keyVaultOperation.getProperty(SECRET_KEY_1)).isEqualToIgnoringCase(SECRET_KEY_1);
     }
 
     @Test
     public void testList() {
         //test list with no specific secret keys
-        setupSecretBundle(TEST_PROPERTY_NAME_1, TEST_PROPERTY_NAME_1, null);
+        setupSecretBundle(null);
         final LinkedHashMap<String, String> properties = new LinkedHashMap<>();
         properties.put(TEST_PROPERTY_NAME_1, TEST_PROPERTY_NAME_1);
         keyVaultOperation.setProperties(properties);
@@ -104,7 +114,7 @@ public void testList() {
         when(keyVaultClient.getSecret("key1")).thenReturn(new KeyVaultSecret("key1", "key1"));
         when(keyVaultClient.getSecret("key2")).thenReturn(new KeyVaultSecret("key2", "key2"));
         when(keyVaultClient.getSecret("key3")).thenReturn(new KeyVaultSecret("key3", "key3"));
-        setupSecretBundle(TEST_PROPERTY_NAME_1, TEST_PROPERTY_NAME_1, SECRET_KEYS_CONFIG);
+        setupSecretBundle(SECRET_KEYS_CONFIG);
         final String[] specificResult = keyVaultOperation.getPropertyNames();
         assertThat(specificResult.length).isEqualTo(3);
         assertThat(specificResult[0]).isEqualTo(SECRET_KEYS_CONFIG.get(0));
@@ -113,27 +123,87 @@ public void testList() {
     @Test
     public void setTestSpringRelaxedBindingNames() {
         //test list with no specific secret keys
-        setupSecretBundle(TEST_AZURE_KEYVAULT_NAME, TEST_AZURE_KEYVAULT_NAME, null);
+        setupSecretBundle(null);
         LinkedHashMap<String, String> properties = new LinkedHashMap<>();
         properties.put("acme-myproject-person-firstname", TEST_AZURE_KEYVAULT_NAME);
         keyVaultOperation.setProperties(properties);
         TEST_SPRING_RELAXED_BINDING_NAMES
-                .forEach(n -> assertThat(keyVaultOperation.getProperty(n)).isEqualTo(TEST_AZURE_KEYVAULT_NAME));
+            .forEach(n -> assertThat(keyVaultOperation.getProperty(n)).isEqualTo(TEST_AZURE_KEYVAULT_NAME));
 
         //test list with specific secret key configs
-        setupSecretBundle(TEST_AZURE_KEYVAULT_NAME, TEST_AZURE_KEYVAULT_NAME, Arrays.asList(TEST_AZURE_KEYVAULT_NAME));
+        setupSecretBundle(Arrays.asList(TEST_AZURE_KEYVAULT_NAME));
         properties = new LinkedHashMap<>();
         properties.put(TEST_AZURE_KEYVAULT_NAME, TEST_AZURE_KEYVAULT_NAME);
         keyVaultOperation.setProperties(properties);
         TEST_SPRING_RELAXED_BINDING_NAMES
-                .forEach(n -> assertThat(keyVaultOperation.getProperty(n)).isEqualTo(TEST_AZURE_KEYVAULT_NAME));
+            .forEach(n -> assertThat(keyVaultOperation.getProperty(n)).isEqualTo(TEST_AZURE_KEYVAULT_NAME));
 
-        setupSecretBundle(TEST_AZURE_KEYVAULT_NAME, TEST_AZURE_KEYVAULT_NAME, SECRET_KEYS_CONFIG);
+        setupSecretBundle(SECRET_KEYS_CONFIG);
         properties = new LinkedHashMap<>();
         properties.put("key1", "key1");
         properties.put("key2", "key2");
         properties.put("key3", "key3");
         keyVaultOperation.setProperties(properties);
         TEST_SPRING_RELAXED_BINDING_NAMES.forEach(n -> assertThat(keyVaultOperation.getProperty(n)).isEqualTo(null));
     }
+
+    @Test
+    public void getSecretsWithoutDisabled() {
+        KeyVaultSecret enableSecret = new KeyVaultSecret("key1", "value1");
+        enableSecret.getProperties().setEnabled(true);
+
+        KeyVaultSecret disableSecret = new KeyVaultSecret("key2", "value2");
+        disableSecret.getProperties().setEnabled(false);
+
+        List<SecretProperties> properties = Arrays.asList(enableSecret.getProperties(), disableSecret.getProperties());
+        OnePageResponse<SecretProperties> secretResponse = new OnePageResponse<>(properties);
+        when(keyVaultClient.getSecret("key1", null)).thenReturn(enableSecret);
+        when(keyVaultClient.listPropertiesOfSecrets())
+            .thenReturn(new PagedIterable<>(new PagedFlux<>(() -> Mono.just(secretResponse))));
+        setupSecretBundle(null);
+        assertThat(keyVaultOperation.getPropertyNames().length == 1);
+        assertThat(keyVaultOperation.getProperty("key1")).isNotNull();
+        assertThat(keyVaultOperation.getProperty("key2")).isNull();
+
+    }
+
+    static class OnePageResponse<T> implements PagedResponse<T> {
+
+        List<T> properties = null;
+
+        OnePageResponse(List<T> properties) {
+            this.properties = properties;
+        }
+
+        @Override
+        public IterableStream<T> getElements() {
+            Flux<T> flux = Flux.fromIterable(properties);
+            return new IterableStream<T>(flux);
+        }
+
+        @Override
+        public String getContinuationToken() {
+            return null;
+        }
+
+        @Override
+        public int getStatusCode() {
+            return 0;
+        }
+
+        @Override
+        public HttpHeaders getHeaders() {
+            return null;
+        }
+
+        @Override
+        public HttpRequest getRequest() {
+            return null;
+        }
+
+        @Override
+        public void close() throws IOException {
+
+        }
+    }
 }