File: ConformanceTests.cs
Web Access
Project: src\tests\Aspire.Azure.Security.KeyVault.Tests\Aspire.Azure.Security.KeyVault.Tests.csproj (Aspire.Azure.Security.KeyVault.Tests)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using Aspire.Components.ConformanceTests;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
using Microsoft.DotNet.RemoteExecutor;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Xunit;
 
namespace Aspire.Azure.Security.KeyVault.Tests;
 
public class ConformanceTests : ConformanceTests<SecretClient, AzureSecurityKeyVaultSettings>
{
    // Roles: Key Vault Secrets User
    public const string VaultUri = "https://aspiretests.vault.azure.net/";
 
    private static readonly Lazy<bool> s_canConnectToServer = new(GetCanConnect);
 
    protected override ServiceLifetime ServiceLifetime => ServiceLifetime.Singleton;
 
    protected override string ActivitySourceName => "Azure.Security.KeyVault.Secrets.SecretClient";
 
    protected override string[] RequiredLogCategories => new string[] { "Azure.Core" };
 
    protected override bool SupportsKeyedRegistrations => true;
 
    protected override bool CanConnectToServer => s_canConnectToServer.Value;
 
    protected override string ValidJsonConfig => """
        {
          "Aspire": {
            "Azure": {
              "Security": {
                "KeyVault": {
                  "VaultUri": "http://YOUR_URI",
                  "DisableHealthChecks": true,
                  "DisableTracing": false,
                  "ClientOptions": {
                    "DisableChallengeResourceVerification": true,
                    "Retry": {
                      "Mode": "Exponential",
                      "Delay": "00:03"
                    }
                  }
                }
              }
            }
          }
        }
        """{
          "Aspire": {
            "Azure": {
              "Security": {
                "KeyVault": {
                  "VaultUri": "http://YOUR_URI",
                  "DisableHealthChecks": true,
                  "DisableTracing": false,
                  "ClientOptions": {
                    "DisableChallengeResourceVerification": true,
                    "Retry": {
                      "Mode": "Exponential",
                      "Delay": "00:03"
                    }
                  }
                }
              }
            }
          }
        }
        """;
 
    protected override (string json, string error)[] InvalidJsonToErrorMessage => new[]
        {
            ("""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "YOUR_URI"}}}}}"""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "YOUR_URI"}}}}}""", "Value does not match format \"uri\""),
            ("""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "http://YOUR_URI", "DisableHealthChecks": "true"}}}}}"""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "http://YOUR_URI", "DisableHealthChecks": "true"}}}}}""", "Value is \"string\" but should be \"boolean\""),
            ("""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "http://YOUR_URI", "ClientOptions": {"Retry": {"Mode": "Fast"}}}}}}}"""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "http://YOUR_URI", "ClientOptions": {"Retry": {"Mode": "Fast"}}}}}}}""", "Value should match one of the values specified by the enum"),
            ("""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "http://YOUR_URI", "ClientOptions": {"Retry": {"NetworkTimeout": "3S"}}}}}}}"""{"Aspire": { "Azure": { "Security":{ "KeyVault": { "VaultUri": "http://YOUR_URI", "ClientOptions": {"Retry": {"NetworkTimeout": "3S"}}}}}}}""", "The string value is not a match for the indicated regular expression")
        };
 
    protected override void PopulateConfiguration(ConfigurationManager configuration, string? key = null)
        => configuration.AddInMemoryCollection(new KeyValuePair<string, string?>[]
        {
            new(CreateConfigKey("Aspire:Azure:Security:KeyVault", key, "VaultUri"), VaultUri),
            new(CreateConfigKey("Aspire:Azure:Security:KeyVault", key, "ClientOptions:Retry:MaxRetries"), "0")
        });
 
    protected override void RegisterComponent(HostApplicationBuilder builder, Action<AzureSecurityKeyVaultSettings>? configure = null, string? key = null)
    {
        if (key is null)
        {
            builder.AddAzureKeyVaultClient("secrets", ConfigureCredentials);
        }
        else
        {
            builder.AddKeyedAzureKeyVaultClient(key, ConfigureCredentials);
        }
 
        void ConfigureCredentials(AzureSecurityKeyVaultSettings settings)
        {
            if (CanConnectToServer)
            {
                settings.Credential = new DefaultAzureCredential();
            }
            configure?.Invoke(settings);
        }
    }
 
    protected override void SetHealthCheck(AzureSecurityKeyVaultSettings options, bool enabled)
    // Disable Key Vault health check tests until https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks/issues/2279 is fixed
    //    => options.DisableHealthChecks = !enabled;
        => throw new NotImplementedException();
 
    protected override void SetMetrics(AzureSecurityKeyVaultSettings options, bool enabled)
        => throw new NotImplementedException();
 
    protected override void SetTracing(AzureSecurityKeyVaultSettings options, bool enabled)
        => options.DisableTracing = !enabled;
 
    protected override void TriggerActivity(SecretClient service)
        => service.GetSecret("IsAlive");
 
    [Fact]
    public void TracingEnablesTheRightActivitySource()
        => RemoteExecutor.Invoke(() => ActivitySourceTest(key: null)).Dispose();
 
    [Fact]
    public void TracingEnablesTheRightActivitySource_Keyed()
        => RemoteExecutor.Invoke(() => ActivitySourceTest(key: "key")).Dispose();
 
    private static bool GetCanConnect()
    {
        SecretClientOptions clientOptions = new();
        clientOptions.Retry.MaxRetries = 0; // don't enable retries (test runs few times faster)
        SecretClient secretClient = new(new Uri(VaultUri), new DefaultAzureCredential(), clientOptions);
 
        try
        {
            return secretClient.GetSecret("IsAlive").Value.Value == "true";
        }
        catch (Exception)
        {
            return false;
        }
    }
}