Skip to content

Commit

Permalink
- added checks for deleted vaults
Browse files Browse the repository at this point in the history
  • Loading branch information
@jan-schutte
jan-schutte committed Sep 5, 2023
1 parent 2d3557f commit 4e986f2
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 40 deletions.
4 changes: 1 addition & 3 deletions src/Nox.Cli.Plugins/Nox.Cli.Plugin.Arm/ArmCreateKeyVault_v1.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,9 +137,7 @@ public Task EndAsync()
{
await vaultResponse.Value.UpdateAccessPolicyAsync(AccessPolicyUpdateKind.Add, new KeyVaultAccessPolicyParameters(new KeyVaultAccessPolicyProperties(new[]
{
//Add the


//Add the access policy for Nox.Cli
new KeyVaultAccessPolicy(new Guid("88155c28-f750-4013-91d3-8347ddb3daa7"), "5387ffe4-19f2-4d90-a6c0-3eaf510e2baf", new IdentityAccessPermissions
{
Secrets = { new IdentityAccessSecretPermission("all") }
Expand Down
33 changes: 5 additions & 28 deletions src/Nox.Cli.Plugins/Nox.Cli.Plugin.Arm/ArmDeleteKeyVault_v1.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,36 +77,13 @@ public async Task<IDictionary<string, object>> ProcessAsync(INoxWorkflowContext
{
var resourceGroup = resourceGroupResponse.Value;
var vaults = resourceGroup.GetKeyVaults();
try
var vaultResponse = await vaults.GetAsync(_kvName);
if (vaultResponse.HasValue)
{
var vaultResponse = await vaults.GetAsync(_kvName);
if (vaultResponse.HasValue)
{
var vault = vaultResponse.Value;
await vault.DeleteAsync(WaitUntil.Completed);
ctx.SetState(ActionState.Success);
}
var vault = vaultResponse.Value;
await vault.DeleteAsync(WaitUntil.Completed);
ctx.SetState(ActionState.Success);
}
catch
{
//ignore
}

try
{
var deletedKvResponse = await _sub.GetDeletedKeyVaultAsync(resourceGroup.Data.Location, _kvName);
if (deletedKvResponse.HasValue)
{
var deletedKv = deletedKvResponse.Value;
await deletedKv.PurgeDeletedAsync(WaitUntil.Completed);
}
}
catch(Exception ex)
{
//ignore
throw;
}

ctx.SetState(ActionState.Success);
}
else
Expand Down
31 changes: 22 additions & 9 deletions src/Nox.Cli.Plugins/Nox.Cli.Plugin.Arm/ArmFindKeyVault_v1.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@ public NoxActionMetaData Discover()
Id = "is-found",
Description = "Indicates if the Azure Key Vault exists"
},
["is-deleted"] = new NoxActionOutput {
Id = "is-deleted",
Description = "Indicates if the Azure Key Vault has been soft deleted."
},

["key-vault"] = new NoxActionOutput {
Id = "key-vault",
Expand Down Expand Up @@ -84,32 +88,41 @@ public async Task<IDictionary<string, object>> ProcessAsync(INoxWorkflowContext
try
{
outputs["is-found"] = false;
outputs["is-deleted"] = false;

var resourceGroups = _sub.GetResourceGroups();
var resourceGroupResponse = await resourceGroups.GetAsync(_rgName);
if (resourceGroupResponse.HasValue)
{
var vaults = resourceGroupResponse.Value.GetKeyVaults();
var resourceGroup = resourceGroupResponse.Value;
var vaults = resourceGroup.GetKeyVaults();
try
{
var vaultResponse = await vaults.GetAsync(_kvName);
if (vaultResponse.HasValue)
{
outputs["is-found"] = true;
outputs["key-vault"] = vaultResponse.Value;
await vaultResponse.Value.UpdateAccessPolicyAsync(AccessPolicyUpdateKind.Add, new KeyVaultAccessPolicyParameters(new KeyVaultAccessPolicyProperties(new[]
{
new KeyVaultAccessPolicy(new Guid("88155c28-f750-4013-91d3-8347ddb3daa7"), "5387ffe4-19f2-4d90-a6c0-3eaf510e2baf", new IdentityAccessPermissions
{
Secrets = { new IdentityAccessSecretPermission("all") }
})
})));

}
}
catch
{
//ignore - key vault does not exist
}

//Check in deleted vaults
try
{
var deletedKvResponse = await _sub.GetDeletedKeyVaultAsync(resourceGroup.Data.Location, _kvName);
if (deletedKvResponse.HasValue)
{
outputs["is-deleted"] = true;
}
}
catch
{
//ignore
}

ctx.SetState(ActionState.Success);
}
Expand Down

0 comments on commit 4e986f2

Please sign in to comment.