Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Key Vault Health check package and Unit tests project #19

Merged
merged 7 commits into from
Dec 13, 2018

Conversation

CarlosLanderas
Copy link
Contributor

@CarlosLanderas CarlosLanderas commented Dec 6, 2018

Azure Key Vault health check that allows to configure a secret collection to be verified against the Azure Service

Usage:

Default usage with Managed Service Identity:

services.AddHealthChecks()
               .AddAzureKeyVault(setup =>
               {
                   setup
                   .UseKeyVaultUrl("https://[vaultname].vault.azure.net/")                  
                   .AddSecret("surname");
               });

Usage usage client id and client secret:

  services.AddHealthChecks()
               .AddAzureKeyVault(setup =>
               {
                   setup
                   .UseKeyVaultUrl("https://[vaultname].vault.azure.net/")    
                   .UseClientSecrets("clientid", "clientsecret")
                   .AddSecret("surname");
               });

Sample error for a not found secret using UI.Client response writer

{
    "status": "Unhealthy",
    "totalDuration": "00:00:01.0434203",
    "entries": {
        "azurekeyvault": {
            "data": {},
            "description": "surname secret error - Operation returned an invalid status code 'NotFound'",
            "duration": "00:00:01.0403080",
            "exception": "surname secret error - Operation returned an invalid status code 'NotFound'",
            "status": "Unhealthy"
        }
    }
}

@@ -77,11 +80,12 @@
<HealthCheckDynamoDb>2.2.0</HealthCheckDynamoDb>
<HealthCheckDocumentDb>2.2.0</HealthCheckDocumentDb>
<HealthCheckAzureStorage>2.2.0</HealthCheckAzureStorage>
<HealthCheckAzureServiceBus>2.2.0</HealthCheckAzureServiceBus>
<HealthCheckAzureServiceBus>2.2.1</HealthCheckAzureServiceBus>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why a new version on service bus

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because health checks contructor validations changed. It does not make sense to check only for null and not for empty string when initializing configuration towards an azure service


public AzureKeyVaultHealthCheck(AzureKeyVaultOptions keyVaultOptions)
{
if (string.IsNullOrEmpty(keyVaultOptions.KeyVaultUrlBase)) throw new ArgumentNullException(keyVaultOptions.KeyVaultUrlBase);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add backets

}
public async Task<HealthCheckResult> CheckHealthAsync(HealthCheckContext context, CancellationToken cancellationToken = default)
{
string currentSecret = string.Empty;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

var

}

return HealthCheckResult.Healthy();

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove blank lines

return new HealthCheckResult(context.Registration.FailureStatus, exception: secretException);
}
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blank lines

string name = default, HealthStatus? failureStatus = default, IEnumerable<string> tags = default)
{
var azureKeyVaultOptions = new AzureKeyVaultOptions();

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blank line

@@ -13,8 +13,11 @@ public class AzureEventHubHealthCheck
private readonly string _eventHubName;
public AzureEventHubHealthCheck(string connectionString, string eventHubName)
{
_connectionString = connectionString ?? throw new ArgumentNullException(nameof(connectionString));
_eventHubName = eventHubName ?? throw new ArgumentNullException(nameof(eventHubName));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably mix features on different package is not a good idea for tracking project. Can you split in two different pull requests

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New tests can't pass without this changes to the package. :/


registration.Name.Should().Be("azurekeyvault");
check.GetType().Should().Be(typeof(AzureKeyVaultHealthCheck));

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blank lines


registration.Name.Should().Be("azurequeue");
check.GetType().Should().Be(typeof(AzureServiceBusQueueHealthCheck));

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blank lines

{
var services = new ServiceCollection();
services.AddHealthChecks()
.AddAzureServiceBusQueue("", "");
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use string.empty

@unaizorrilla
Copy link
Collaborator

Hi Carlos,
Thanks for summitting this PR, I review this and you need to fix some minor issues. Thanks for starting the new tests project for check registered healthchecks.

Some items to review:

  • Please add support for Azure MSI into the KeyVaultPackage
  • Review minor issues (backets and blank lines)
  • Split into two PR the fix for Servicebus HealthChecks preconditions changes

@CarlosLanderas CarlosLanderas force-pushed the azure-keyvault-healthcheck branch from 99e8b44 to 560b44a Compare December 9, 2018 16:15
@CarlosLanderas CarlosLanderas changed the title Azure Key Vault Health check package Azure Key Vault Health check package and Unit tests project Dec 9, 2018
@omerlh
Copy link

omerlh commented Dec 13, 2018

What about checking also keys that should exist?

@CarlosLanderas
Copy link
Contributor Author

That is on the PR as well. Using the AddSecret fluent api

@omerlh
Copy link

omerlh commented Dec 13, 2018

I was talking about KeyVault encryption keys - it's a different feature of KeyVault. I looked on the code, look like it's not checked...

@CarlosLanderas
Copy link
Contributor Author

That's not added. The idea was checking the existing secrets that the application might need. Feel free to add it if you consider :)

@omerlh
Copy link

omerlh commented Dec 13, 2018

Can I add it to the existing PR? Or on a different one?

@CarlosLanderas
Copy link
Contributor Author

You can use the existing one

@omerlh
Copy link

omerlh commented Dec 13, 2018

How can I build the project on mac? Should I set env var like NetStandardTargetVersion?

@unaizorrilla unaizorrilla merged commit 6e95b81 into master Dec 13, 2018
@unaizorrilla
Copy link
Collaborator

Hi @omerlh

Right now on master, you can create a new PR for new features if you want!

@unaizorrilla
Copy link
Collaborator

Hi @CarlosLanderas

Thanks for this, PR is merged on master with some minor details

@CarlosLanderas CarlosLanderas deleted the azure-keyvault-healthcheck branch June 30, 2019 18:31
@sungam3r sungam3r mentioned this pull request Jul 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants