Skip to content

Commit

Permalink
[Key Vault] Test keys library against managed HSM (#17458)
Browse files Browse the repository at this point in the history
  • Loading branch information
mccoyp authored Mar 29, 2021
1 parent e46f410 commit 70bf0f0
Show file tree
Hide file tree
Showing 129 changed files with 47,237 additions and 18,951 deletions.
3 changes: 2 additions & 1 deletion sdk/keyvault/azure-keyvault-keys/dev_requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@
-e ../azure-mgmt-keyvault
-e ../../../tools/azure-sdk-tools
../azure-keyvault-nspkg
aiohttp>=3.0; python_version >= '3.5'
aiohttp>=3.0; python_version >= '3.5'
parameterized>=0.7.3
17 changes: 17 additions & 0 deletions sdk/keyvault/azure-keyvault-keys/platform-matrix.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"include": [
{
"Agent": {
"ubuntu-18.04": {
"OSVmImage": "MMSUbuntu18.04",
"Pool": "azsdk-pool-mms-ubuntu-1804-general"
}
},
"HSM": {
"ArmTemplateParameters": "@{ enableHsm = $true }"
},
"PythonVersion": "3.9",
"CoverageArg": ""
}
]
}
74 changes: 74 additions & 0 deletions sdk/keyvault/azure-keyvault-keys/tests/_test_case.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
import os

from azure.keyvault.keys._shared import HttpChallengeCache
from devtools_testutils import AzureTestCase
from parameterized import parameterized
import pytest
from six.moves.urllib_parse import urlparse


def suffixed_test_name(testcase_func, param_num, param):
suffix = "mhsm" if param.kwargs.get("is_hsm") else "vault"
return "{}_{}".format(testcase_func.__name__, parameterized.to_safe_name(suffix))


class KeysTestCase(AzureTestCase):
def setUp(self, *args, **kwargs):
vault_playback_url = "https://vaultname.vault.azure.net"
hsm_playback_url = "https://managedhsmname.managedhsm.azure.net"

if self.is_live:
self.vault_url = os.environ["AZURE_KEYVAULT_URL"]
self._scrub_url(real_url=self.vault_url, playback_url=vault_playback_url)

self.managed_hsm_url = os.environ.get("AZURE_MANAGEDHSM_URL")
if self.managed_hsm_url:
self._scrub_url(real_url=self.managed_hsm_url, playback_url=hsm_playback_url)
else:
self.vault_url = vault_playback_url
self.managed_hsm_url = hsm_playback_url

self._set_mgmt_settings_real_values()
super(KeysTestCase, self).setUp(*args, **kwargs)

def tearDown(self):
HttpChallengeCache.clear()
assert len(HttpChallengeCache._cache) == 0
super(KeysTestCase, self).tearDown()

def create_key_client(self, vault_uri, **kwargs):
if kwargs.pop("is_async", False):
from azure.keyvault.keys.aio import KeyClient
credential = self.get_credential(KeyClient, is_async=True)
else:
from azure.keyvault.keys import KeyClient
credential = self.get_credential(KeyClient)
return self.create_client_from_credential(KeyClient, credential=credential, vault_url=vault_uri, **kwargs)

def create_crypto_client(self, key,**kwargs):
if kwargs.pop("is_async", False):
from azure.keyvault.keys.crypto.aio import CryptographyClient
credential = self.get_credential(CryptographyClient, is_async=True)
else:
from azure.keyvault.keys.crypto import CryptographyClient
credential = self.get_credential(CryptographyClient)
return self.create_client_from_credential(CryptographyClient, credential=credential, key=key, **kwargs)

def _scrub_url(self, real_url, playback_url):
real = urlparse(real_url)
playback = urlparse(playback_url)
self.scrubber.register_name_pair(real.netloc, playback.netloc)

def _set_mgmt_settings_real_values(self):
if self.is_live:
os.environ["AZURE_TENANT_ID"] = os.environ["KEYVAULT_TENANT_ID"]
os.environ["AZURE_CLIENT_ID"] = os.environ["KEYVAULT_CLIENT_ID"]
os.environ["AZURE_CLIENT_SECRET"] = os.environ["KEYVAULT_CLIENT_SECRET"]

def _skip_if_not_configured(self, is_hsm):
if self.is_live and is_hsm and self.managed_hsm_url is None:
pytest.skip("No HSM endpoint for live testing")
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
interactions:
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
Content-Length:
- '0'
Content-Type:
- application/json
User-Agent:
- azsdk-python-keyvault-keys/4.4.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://managedhsmname.managedhsm.azure.net/keys/livekvtesteckey33180f9c/create?api-version=7.2-preview
response:
body:
string: ''
headers:
cache-control:
- no-cache
content-length:
- '0'
content-security-policy:
- default-src 'self'
content-type:
- application/json; charset=utf-8
strict-transport-security:
- max-age=31536000; includeSubDomains
www-authenticate:
- Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47",
resource="https://managedhsm.azure.net"
x-content-type-options:
- nosniff
x-frame-options:
- SAMEORIGIN
x-ms-server-latency:
- '1'
status:
code: 401
message: Unauthorized
- request:
body: '{"kty": "EC-HSM"}'
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
Content-Length:
- '17'
Content-Type:
- application/json
User-Agent:
- azsdk-python-keyvault-keys/4.4.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://managedhsmname.managedhsm.azure.net/keys/livekvtesteckey33180f9c/create?api-version=7.2-preview
response:
body:
string: '{"attributes":{"created":1616194950,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1616194950},"key":{"crv":"P-256","key_ops":["verify","sign"],"kid":"https://managedhsmname.managedhsm.azure.net/keys/livekvtesteckey33180f9c/38f9028c28e24b9b80fe3b2800c5950d","kty":"EC-HSM","x":"aD-Od-CpwDHTx3T9XEPYR3-KxdmZg_wtFekJBlrAaSM","y":"exOWHTfjEM5Qwg6GAF09KXJpwN7Ov8LN_ZxxIlqpK9I"}}'
headers:
cache-control:
- no-cache
content-length:
- '433'
content-security-policy:
- default-src 'self'
content-type:
- application/json; charset=utf-8
strict-transport-security:
- max-age=31536000; includeSubDomains
x-content-type-options:
- nosniff
x-frame-options:
- SAMEORIGIN
x-ms-keyvault-network-info:
- addr=172.92.159.124
x-ms-keyvault-region:
- eastus2
x-ms-server-latency:
- '261'
status:
code: 200
message: OK
- request:
body: null
headers:
Accept:
- application/json
Accept-Encoding:
- gzip, deflate
Connection:
- keep-alive
User-Agent:
- azsdk-python-keyvault-keys/4.4.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://managedhsmname.managedhsm.azure.net/keys/livekvtesteckey33180f9c/38f9028c28e24b9b80fe3b2800c5950d?api-version=7.2-preview
response:
body:
string: '{"attributes":{"created":1616194950,"enabled":true,"exportable":false,"recoverableDays":90,"recoveryLevel":"Recoverable+Purgeable","updated":1616194950},"key":{"crv":"P-256","key_ops":["verify","sign"],"kid":"https://managedhsmname.managedhsm.azure.net/keys/livekvtesteckey33180f9c/38f9028c28e24b9b80fe3b2800c5950d","kty":"EC-HSM","x":"aD-Od-CpwDHTx3T9XEPYR3-KxdmZg_wtFekJBlrAaSM","y":"exOWHTfjEM5Qwg6GAF09KXJpwN7Ov8LN_ZxxIlqpK9I"}}'
headers:
cache-control:
- no-cache
content-length:
- '433'
content-security-policy:
- default-src 'self'
content-type:
- application/json; charset=utf-8
strict-transport-security:
- max-age=31536000; includeSubDomains
x-content-type-options:
- nosniff
x-frame-options:
- SAMEORIGIN
x-ms-build-version:
- 1.0.20210306-1-6fb7c19a-develop
x-ms-keyvault-network-info:
- addr=172.92.159.124
x-ms-keyvault-region:
- eastus2
x-ms-server-latency:
- '126'
status:
code: 200
message: OK
version: 1
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ interactions:
Content-Type:
- application/json
User-Agent:
- azsdk-python-keyvault-keys/4.3.2 Python/3.5.3 (Windows-10-10.0.19041-SP0)
- azsdk-python-keyvault-keys/4.4.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://vaultname.vault.azure.net/keys/livekvtesteckeye9470d88/create?api-version=7.2-preview
uri: https://vaultname.vault.azure.net/keys/livekvtesteckey433d1013/create?api-version=7.2-preview
response:
body:
string: '{"error":{"code":"Unauthorized","message":"Request is missing a Bearer
Expand All @@ -28,7 +28,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- Sat, 06 Feb 2021 02:20:10 GMT
- Fri, 19 Mar 2021 23:02:35 GMT
expires:
- '-1'
pragma:
Expand All @@ -41,11 +41,11 @@ interactions:
x-content-type-options:
- nosniff
x-ms-keyvault-network-info:
- conn_type=Ipv4;addr=174.127.232.53;act_addr_fam=InterNetwork;
- conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork;
x-ms-keyvault-region:
- northeurope
- eastus2
x-ms-keyvault-service-version:
- 1.2.164.0
- 1.2.205.0
x-powered-by:
- ASP.NET
status:
Expand All @@ -65,12 +65,12 @@ interactions:
Content-Type:
- application/json
User-Agent:
- azsdk-python-keyvault-keys/4.3.2 Python/3.5.3 (Windows-10-10.0.19041-SP0)
- azsdk-python-keyvault-keys/4.4.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0)
method: POST
uri: https://vaultname.vault.azure.net/keys/livekvtesteckeye9470d88/create?api-version=7.2-preview
uri: https://vaultname.vault.azure.net/keys/livekvtesteckey433d1013/create?api-version=7.2-preview
response:
body:
string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtesteckeye9470d88/41b7345af65e4e29b0ad3c16103c5cb1","kty":"EC","key_ops":["sign","verify"],"crv":"P-256","x":"xLeGJutfYRgRELSvq0-Yg-q5UmCVaJ8HyBQVi9s98Uk","y":"0MHnZ8jZjyGtp_WUdooqXwqn843uvWUL83SxCrY6nlg"},"attributes":{"enabled":true,"created":1612578012,"updated":1612578012,"recoveryLevel":"Recoverable+Purgeable","recoverableDays":90}}'
string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtesteckey433d1013/c2cbc14fdb0b405f9b4507100f85c84b","kty":"EC","key_ops":["sign","verify"],"crv":"P-256","x":"STISs3_goj91mOlIpNqFxzE1Kj2BPLKR640BCYKu9Fk","y":"CtMP7wzlWetR6NOzwJvpcKL2pRnUB7ziHsiNc763izQ"},"attributes":{"enabled":true,"created":1616194955,"updated":1616194955,"recoveryLevel":"Recoverable+Purgeable","recoverableDays":90}}'
headers:
cache-control:
- no-cache
Expand All @@ -79,7 +79,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- Sat, 06 Feb 2021 02:20:11 GMT
- Fri, 19 Mar 2021 23:02:35 GMT
expires:
- '-1'
pragma:
Expand All @@ -89,11 +89,11 @@ interactions:
x-content-type-options:
- nosniff
x-ms-keyvault-network-info:
- conn_type=Ipv4;addr=174.127.232.53;act_addr_fam=InterNetwork;
- conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork;
x-ms-keyvault-region:
- northeurope
- eastus2
x-ms-keyvault-service-version:
- 1.2.164.0
- 1.2.205.0
x-powered-by:
- ASP.NET
status:
Expand All @@ -109,12 +109,12 @@ interactions:
Connection:
- keep-alive
User-Agent:
- azsdk-python-keyvault-keys/4.3.2 Python/3.5.3 (Windows-10-10.0.19041-SP0)
- azsdk-python-keyvault-keys/4.4.0b4 Python/3.5.3 (Windows-10-10.0.19041-SP0)
method: GET
uri: https://vaultname.vault.azure.net/keys/livekvtesteckeye9470d88/41b7345af65e4e29b0ad3c16103c5cb1?api-version=7.2-preview
uri: https://vaultname.vault.azure.net/keys/livekvtesteckey433d1013/c2cbc14fdb0b405f9b4507100f85c84b?api-version=7.2-preview
response:
body:
string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtesteckeye9470d88/41b7345af65e4e29b0ad3c16103c5cb1","kty":"EC","key_ops":["sign","verify"],"crv":"P-256","x":"xLeGJutfYRgRELSvq0-Yg-q5UmCVaJ8HyBQVi9s98Uk","y":"0MHnZ8jZjyGtp_WUdooqXwqn843uvWUL83SxCrY6nlg"},"attributes":{"enabled":true,"created":1612578012,"updated":1612578012,"recoveryLevel":"Recoverable+Purgeable","recoverableDays":90}}'
string: '{"key":{"kid":"https://vaultname.vault.azure.net/keys/livekvtesteckey433d1013/c2cbc14fdb0b405f9b4507100f85c84b","kty":"EC","key_ops":["sign","verify"],"crv":"P-256","x":"STISs3_goj91mOlIpNqFxzE1Kj2BPLKR640BCYKu9Fk","y":"CtMP7wzlWetR6NOzwJvpcKL2pRnUB7ziHsiNc763izQ"},"attributes":{"enabled":true,"created":1616194955,"updated":1616194955,"recoveryLevel":"Recoverable+Purgeable","recoverableDays":90}}'
headers:
cache-control:
- no-cache
Expand All @@ -123,7 +123,7 @@ interactions:
content-type:
- application/json; charset=utf-8
date:
- Sat, 06 Feb 2021 02:20:12 GMT
- Fri, 19 Mar 2021 23:02:36 GMT
expires:
- '-1'
pragma:
Expand All @@ -133,11 +133,11 @@ interactions:
x-content-type-options:
- nosniff
x-ms-keyvault-network-info:
- conn_type=Ipv4;addr=174.127.232.53;act_addr_fam=InterNetwork;
- conn_type=Ipv4;addr=172.92.159.124;act_addr_fam=InterNetwork;
x-ms-keyvault-region:
- northeurope
- eastus2
x-ms-keyvault-service-version:
- 1.2.164.0
- 1.2.205.0
x-powered-by:
- ASP.NET
status:
Expand Down
Loading

0 comments on commit 70bf0f0

Please sign in to comment.