Add option to use multiple KeyVaults

kirkone · kirkone · commit f26b927f248d · 2019-11-22T16:37:04.000+01:00
There now can be multiple KeyVault Uris. for example
```
{
  "KeyVault":{
    "Uri": [
      "sample1.vault.azure.net/",
      "sample2.vault.azure.net/"
    ]
  }
}
```

+semver: feature
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -22,7 +22,10 @@
             "env": {
                 "ASPNETCORE_ENVIRONMENT": "Development",
                 "EASYCONFIG__apiUrl": "https://codez.one/api",
-                "EASYCONFIG__test__value": "blubb"
+                "EASYCONFIG__test__value": "blubb",
+                //"KeyVault__Uri": "peng"
+                //"KeyVault__Uri__0": "peng",
+                //"KeyVault__Uri__1": "puff"
             },
             "sourceFileMap": {
                 "/Views": "${workspaceFolder}/Views"
diff --git a/src/EasyConfig.SiteExtension/PrefixKeyVaultSecretManager.cs b/src/EasyConfig.SiteExtension/PrefixKeyVaultSecretManager.cs
@@ -0,0 +1,34 @@
+namespace EasyConfig.SiteExtension
+{
+    using Microsoft.Azure.KeyVault.Models;
+    using Microsoft.Extensions.Configuration;
+    using Microsoft.Extensions.Configuration.AzureKeyVault;
+
+    public class PrefixKeyVaultSecretManager : IKeyVaultSecretManager
+    {
+        private readonly string prefix;
+        private readonly bool removePrefix;
+
+        public PrefixKeyVaultSecretManager(
+            string prefix = "EASYCONFIG",
+            bool removePrefix = false
+        )
+        {
+            this.prefix = $"{prefix}--";
+            this.removePrefix = removePrefix;
+        }
+
+        public bool Load(SecretItem secret) => secret.Identifier.Name.StartsWith(this.prefix);
+
+        public string GetKey(SecretBundle secret)
+        {
+            var secretIdentifier = secret.SecretIdentifier.Name;
+
+            if (this.removePrefix)
+            {
+                secretIdentifier = secretIdentifier.Substring(this.prefix.Length);
+            }
+            return secretIdentifier.Replace("--", ConfigurationPath.KeyDelimiter);
+        }
+    }
+}
diff --git a/src/EasyConfig.SiteExtension/Program.cs b/src/EasyConfig.SiteExtension/Program.cs
@@ -1,10 +1,10 @@
 namespace EasyConfig.SiteExtension
 {
+    using System.Collections.Generic;
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.Azure.KeyVault;
     using Microsoft.Azure.Services.AppAuthentication;
     using Microsoft.Extensions.Configuration;
-    using Microsoft.Extensions.Configuration.AzureKeyVault;
     using Microsoft.Extensions.Hosting;
 
     public class Program
@@ -20,27 +20,57 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>
                         //Build the config from sources we have
                         var config = builder.Build();
 
+                        var uriList = new List<string>();
+
                         // Get the uri for the Vault from configuration
-                        var keyVaultUri = config["KeyVault:Uri"];
+                        // Try to get a string from configutation
+                        // This will happen when the config looks like:
+                        // {
+                        //     "KeyVault":{
+                        //         "Uri": "sample.vault.azure.net/"
+                        //     }
+                        // }
+                        var uriString = config["KeyVault:Uri"];
+                        if (!string.IsNullOrWhiteSpace(uriString))
+                        {
+                            uriList.Add(uriString);
+                        }
+                        // This will happen when the config looks like:
+                        // {
+                        //     "KeyVault":{
+                        //         "Uri": [
+                        //             "sample1.vault.azure.net/",
+                        //             "sample2.vault.azure.net/"
+                        //         ]
+                        //     }
+                        // }
+                        else
+                        {
+                            uriList = config.GetSection("KeyVault:Uri").Get<List<string>>();
+                        }
+
 
                         // Add KeyVault only if the uri is not empty
-                        if (!string.IsNullOrWhiteSpace(keyVaultUri))
+                        if (uriList?.Count > 0)
                         {
-                            //Create Managed Service Identity token provider
+                            // Create Managed Service Identity token provider
                             var azureServiceTokenProvider = new AzureServiceTokenProvider();
 
-                            //Create the Key Vault client
+                            // Create the Key Vault client
                             var keyVaultClient = new KeyVaultClient(
                                 new KeyVaultClient.AuthenticationCallback(
                                 azureServiceTokenProvider.KeyVaultTokenCallback)
                             );
 
-                            //Add Key Vault to configuration pipeline
-                            _ = builder.AddAzureKeyVault(
-                                keyVaultUri,
-                                keyVaultClient,
-                                new DefaultKeyVaultSecretManager()
-                            );
+                            foreach (var uri in uriList)
+                            {
+                                // Add Key Vault to configuration pipeline
+                                _ = builder.AddAzureKeyVault(
+                                    uri,
+                                    keyVaultClient,
+                                    new PrefixKeyVaultSecretManager()
+                                );
+                            }
                         }
                     }
                 );
