This repository has been archived by the owner on Jun 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
authentication_sample.js
119 lines (100 loc) · 4.28 KB
/
authentication_sample.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See LICENSE in the project root for
* license information.
*/
'use strict';
const util = require('util');
import { DefaultAzureCredential } from "@azure/identity";
const { SecretClient } = require('@azure/keyvault-secrets');
const { DefaultAzureCredential } = require('@azure/identity');
const { KeyVaultManagementClient } = require('@azure/arm-keyvault');
const { ResourceManagementClient } = require('@azure/arm-resources');
const random_id = require('./random_id');
// Sample config
const azureLocation = process.env['AZURE_LOCATION'] || 'westus';
const groupName = process.env['AZURE_RESOURCE_GROUP'] || 'azure-sample-group';
// Make sure the required environment variables are set.
_validateEnvironmentVariables();
// Service principal details for running the sample
const subscriptionId = process.env['AZURE_SUBSCRIPTION_ID'];
const tenantId = process.env['AZURE_TENANT_ID'];
const clientId = process.env['AZURE_CLIENT_ID'];
const objectId = process.env['AZURE_CLIENT_OID'];
const secret = process.env['AZURE_CLIENT_SECRET'];
// Random sample keyvault name
const kvName = random_id();
function authUsingAAD(vaultUri) {
console.log("Using AAD to authenticate to '" + vaultUri + "'");
const credentials = new DefaultAzureCredential();
const secretClient = new SecretClient(vaultUri, credentials);
// Using the key vault client, create and retrieve a sample secret.
console.log("Setting secret 'test-secret'");
secretClient.setSecret('test-secret', 'test-secret-value')
.then( (kvSecretBundle) => {
console.log("Secret id: '" + kvSecretBundle.properties.id + "'.");
return secretClient.getSecret('test-secret');
})
.then( (bundle) => {
console.log("Successfully retrieved 'test-secret'");
console.log(bundle);
})
.catch( (err) => {
console.log(err);
});
}
// Sample setup: uses the resource management client to create a sample resource group
// Then creates a key vault in this group and calls the authentication sample with the URI of the new vault.
function runSample(demoCallback) {
var resourceClient;
var kvManagementClient;
const credentials = new DefaultAzureCredential();
resourceClient = new ResourceManagementClient(credentials, subscriptionId);
kvManagementClient = new KeyVaultManagementClient(credentials, subscriptionId);
// Create sample resource group.
console.log("Creating resource group: " + groupName);
await resourceClient.resourceGroups.createOrUpdate(groupName, { location: azureLocation });
const kvParams = {
location: azureLocation,
properties: {
sku: {
name: 'standard'
},
accessPolicies: [
{
tenantId: tenantId,
objectId: objectId,
permissions: {
secrets: ['all'],
}
}
],
enabledForDeployment: false,
tenantId: tenantId
},
tags: {}
};
console.log("Creating key vault: " + kvName);
// Create the sample key vault using the KV management client.
await kvManagementClient.vaults.beginCreateOrUpdateAndWait(groupName, kvName, kvParams)
.catch ( (err) => {
console.log(err);
});
console.log("Vault created with URI '" + result.properties.vaultUri + "'");
demoCallback(result.properties.vaultUri);
}
// Small util to validate that we have the correct environment variables set.
function _validateEnvironmentVariables() {
var envs = [];
if (!process.env['AZURE_SUBSCRIPTION_ID']) envs.push('AZURE_SUBSCRIPTION_ID');
if (!process.env['AZURE_TENANT_ID']) envs.push('AZURE_TENANT_ID');
if (!process.env['AZURE_CLIENT_ID']) envs.push('AZURE_CLIENT_ID');
if (!process.env['AZURE_CLIENT_OID']) envs.push('AZURE_CLIENT_OID');
if (!process.env['AZURE_CLIENT_SECRET']) envs.push('AZURE_CLIENT_SECRET');
if (envs.length > 0) {
throw new Error(util.format('please set/export the following environment variables: %s', envs.toString()));
}
}
// Main entry point.
console.log('Running authentication sample using AAD.');
runSample(authUsingAAD);