Skip to content

Commit e8b655d

Browse files
mccoypmccoyp
authored
[KV] Use shared test-resources.json (Azure#21940)
1 parent aa0f563 commit e8b655d

File tree

2 files changed

+71
-88
lines changed

2 files changed

+71
-88
lines changed

sdk/keyvault/azure-keyvault-keys/tests/_test_case.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -144,9 +144,9 @@ def create_crypto_client(self, key, **kwargs):
144144
def _get_attestation_uri(self):
145145
playback_uri = "https://fakeattestation.azurewebsites.net"
146146
if self.is_live:
147-
real_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URI")
147+
real_uri = os.environ.get("AZURE_KEYVAULT_ATTESTATION_URL")
148148
if real_uri is None:
149-
pytest.skip("No AZURE_KEYVAULT_ATTESTATION_URI environment variable")
149+
pytest.skip("No AZURE_KEYVAULT_ATTESTATION_URL environment variable")
150150
self._scrub_url(real_uri, playback_uri)
151151
return real_uri
152152
return playback_uri

sdk/keyvault/test-resources.json

Lines changed: 69 additions & 86 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@
1818
},
1919
"testApplicationOid": {
2020
"type": "string",
21-
"defaultValue": "b3653439-8136-4cd5-aac3-2a9460871ca6",
2221
"metadata": {
2322
"description": "The client OID to grant access to test resources."
2423
}
@@ -66,38 +65,29 @@
6665
"description": "Whether to enable deployment of Managed HSM. The default is false."
6766
}
6867
},
69-
"keyVaultDomainSuffix": {
70-
"type": "string",
71-
"defaultValue": ".vault.azure.net",
72-
"metadata": {
73-
"description": "Domain suffix for sovereign clouds, requies the preceeding '.'. The default uses the public Azure Cloud (.vault.azure.net)"
74-
}
75-
},
7668
"keyVaultSku": {
7769
"type": "string",
7870
"defaultValue": "premium",
7971
"metadata": {
8072
"description": "Key Vault SKU to deploy. The default is 'premium'"
8173
}
8274
},
83-
"attestationUri": {
75+
"attestationImage": {
8476
"type": "string",
85-
"defaultValue": "https://skrattestation.azurewebsites.net/",
77+
"defaultValue": "keyvault-mock-attestation:latest",
8678
"metadata": {
87-
"description": "Test attestation service for Secure Key Release."
79+
"description": "The container image name and tag to use for the attestation mock service."
8880
}
89-
},
90-
"storageEndpointSuffix": {
91-
"type": "string",
92-
"defaultValue": "core.windows.net",
93-
"metadata": {
94-
"description": "The url suffix to use when accessing the storage data plane."
95-
}
9681
}
9782
},
9883
"variables": {
84+
"attestationFarm": "[concat(parameters('baseName'), 'farm')]",
85+
"attestationSite": "[concat(parameters('baseName'), 'site')]",
86+
"attestationUri": "[concat('DOCKER|azsdkengsys.azurecr.io/', parameters('attestationImage'))]",
9987
"kvApiVersion": "2019-09-01",
100-
"azureKeyVaultUrl": "[format('https://{0}{1}', parameters('baseName'), parameters('keyVaultDomainSuffix'))]",
88+
"kvName": "[parameters('baseName')]",
89+
"kvAdminDefinitionId": "00482a5a-887f-4fb3-b363-3b7fe8e74483",
90+
"kvAdminAssignmentName": "[guid(resourceGroup().id, variables('kvAdminDefinitionId'), parameters('testApplicationOid'))]",
10191
"hsmApiVersion": "2021-04-01-preview",
10292
"hsmName": "[concat(parameters('baseName'), 'hsm')]",
10393
"mgmtApiVersion": "2019-04-01",
@@ -122,74 +112,30 @@
122112
{
123113
"type": "Microsoft.KeyVault/vaults",
124114
"apiVersion": "[variables('kvApiVersion')]",
125-
"name": "[parameters('baseName')]",
115+
"name": "[variables('kvName')]",
126116
"location": "[parameters('location')]",
127117
"properties": {
128118
"sku": {
129119
"family": "A",
130120
"name": "[parameters('keyVaultSku')]"
131121
},
132122
"tenantId": "[parameters('tenantId')]",
133-
"accessPolicies": [
134-
{
135-
"tenantId": "[parameters('tenantId')]",
136-
"objectId": "[parameters('testApplicationOid')]",
137-
"permissions": {
138-
"keys": [
139-
"get",
140-
"list",
141-
"update",
142-
"create",
143-
"import",
144-
"delete",
145-
"recover",
146-
"backup",
147-
"restore",
148-
"decrypt",
149-
"encrypt",
150-
"unwrapKey",
151-
"wrapKey",
152-
"verify",
153-
"sign",
154-
"purge",
155-
"rotate",
156-
"release"
157-
],
158-
"secrets": [
159-
"get",
160-
"list",
161-
"set",
162-
"delete",
163-
"recover",
164-
"backup",
165-
"restore",
166-
"purge"
167-
],
168-
"certificates": [
169-
"get",
170-
"list",
171-
"update",
172-
"create",
173-
"import",
174-
"delete",
175-
"recover",
176-
"backup",
177-
"restore",
178-
"managecontacts",
179-
"manageissuers",
180-
"getissuers",
181-
"listissuers",
182-
"setissuers",
183-
"deleteissuers",
184-
"purge"
185-
]
186-
}
187-
}
188-
],
189123
"enabledForDeployment": false,
190124
"enabledForDiskEncryption": false,
191125
"enabledForTemplateDeployment": false,
192-
"enableSoftDelete": true
126+
"enableSoftDelete": true,
127+
"enableRbacAuthorization": true,
128+
"softDeleteRetentionInDays": 7
129+
}
130+
},
131+
{
132+
"type": "Microsoft.Authorization/roleAssignments",
133+
"apiVersion": "2020-04-01-preview",
134+
"name": "[variables('kvAdminAssignmentName')]",
135+
"properties": {
136+
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('kvAdminDefinitionId'))]",
137+
"principalId": "[parameters('testApplicationOid')]",
138+
"scope": "[resourceGroup().id]"
193139
}
194140
},
195141
{
@@ -207,9 +153,9 @@
207153
"initialAdminObjectIds": "[union(array(parameters('testApplicationOid')), array(parameters('provisionerApplicationOid')))]",
208154
"enablePurgeProtection": false,
209155
"enableSoftDelete": true,
156+
"softDeleteRetentionInDays": 7,
210157
"publicNetworkAccess": "Enabled",
211-
"networkAcls": "[variables('networkAcls')]",
212-
"softDeleteRetentionInDays": 7
158+
"networkAcls": "[variables('networkAcls')]"
213159
}
214160
},
215161
{
@@ -260,12 +206,53 @@
260206
"properties": {
261207
"publicAccess": "None"
262208
}
209+
},
210+
{
211+
212+
"type": "Microsoft.Web/serverfarms",
213+
"apiVersion": "2020-12-01",
214+
"name": "[variables('attestationFarm')]",
215+
"condition": "[parameters('enableHsm')]",
216+
"location": "[parameters('location')]",
217+
"kind": "linux",
218+
"sku": {
219+
"name": "B1"
220+
},
221+
"properties": {
222+
"reserved": true
223+
}
224+
},
225+
{
226+
227+
"type": "Microsoft.Web/sites",
228+
"apiVersion": "2020-12-01",
229+
"name": "[variables('attestationSite')]",
230+
"condition": "[parameters('enableHsm')]",
231+
"dependsOn": [
232+
"[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]"
233+
],
234+
"location": "[parameters('location')]",
235+
"properties": {
236+
"httpsOnly": true,
237+
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]",
238+
"siteConfig": {
239+
"name": "[variables('attestationSite')]",
240+
"alwaysOn": true,
241+
"linuxFxVersion": "[variables('attestationUri')]",
242+
"appSettings": [
243+
{
244+
"name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
245+
"value": "false"
246+
}
247+
]
248+
}
249+
}
263250
}
264251
],
265252
"outputs": {
266253
"AZURE_KEYVAULT_URL": {
267254
"type": "string",
268-
"value": "[variables('azureKeyVaultUrl')]"
255+
"value": "[reference(variables('kvName')).vaultUri]"
269256
},
270257
"AZURE_MANAGEDHSM_URL": {
271258
"type": "string",
@@ -280,10 +267,6 @@
280267
"type": "string",
281268
"value": "[parameters('testApplicationOid')]"
282269
},
283-
"KEYVAULT_STORAGE_ENDPOINT_SUFFIX": {
284-
"type": "string",
285-
"value": "[parameters('storageEndpointSuffix')]"
286-
},
287270
"BLOB_STORAGE_ACCOUNT_NAME": {
288271
"type": "string",
289272
"value": "[variables('primaryAccountName')]"
@@ -296,10 +279,10 @@
296279
"type": "string",
297280
"value": "[variables('blobContainerName')]"
298281
},
299-
"AZURE_KEYVAULT_ATTESTATION_URI": {
282+
"AZURE_KEYVAULT_ATTESTATION_URL": {
300283
"type": "string",
301284
"condition": "[parameters('enableHsm')]",
302-
"value": "[parameters('attestationUri')]"
285+
"value": "[format('https://{0}/', reference(variables('attestationSite')).defaultHostName)]"
303286
}
304287
}
305288
}

0 commit comments

Comments
 (0)