Keyfactor
diff --git a/‎AzureKeyVault/AzureClient.cs‎
Lines changed: 58 additions & 27 deletions b/‎AzureKeyVault/AzureClient.cs‎
Lines changed: 58 additions & 27 deletions
diff --git a/‎AzureKeyVault/AzureKeyVault.csproj‎
Lines changed: 15 additions & 20 deletions b/‎AzureKeyVault/AzureKeyVault.csproj‎
Lines changed: 15 additions & 20 deletions
@@ -37,8 +37,8 @@ private Uri AzureCloudEndpoint
 
                     case "china":
                         return AzureAuthorityHosts.AzureChina;
-                    case "germany":
-                        return AzureAuthorityHosts.AzureGermany;
+                    //case "germany":
+                    //    return AzureAuthorityHosts.AzureGermany; // germany is no longer a valid azure authority host as of 2021
                     case "government":
                         return AzureAuthorityHosts.AzureGovernment;
                     default:
@@ -79,7 +79,7 @@ private protected virtual CertificateClient CertClient
                 {
                     logger.LogTrace("Using a service principal to authenticate, generating the credentials");
                     cred = new ClientSecretCredential(VaultProperties.TenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, new ClientSecretCredentialOptions() { AuthorityHost = AzureCloudEndpoint, AdditionallyAllowedTenants = { "*" } });
-                    logger.LogTrace("generated credentials", cred);
+                    logger.LogTrace("generated credentials");
                 }
                 _certClient = new CertificateClient(new Uri(VaultProperties.VaultURL), credential: cred);
 
@@ -106,13 +106,13 @@ internal protected virtual ArmClient getArmClient(string tenantId)
             }
             else
             {
-                logger.LogTrace("getting credentials for a service principal identity");
+                logger.LogTrace($"getting credentials for a service principal identity with id {VaultProperties.ClientId} in Azure Tenant {credentialOptions.TenantId}");
                 credential = new ClientSecretCredential(tenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, credentialOptions);
-                logger.LogTrace("got credentials for service principal identity", credential);
+                logger.LogTrace("got credentials for service principal identity");
             }
 
             _mgmtClient = new ArmClient(credential);
-            logger.LogTrace("created management client", _mgmtClient);
+            logger.LogTrace("created management client");
             return _mgmtClient;
         }
 
@@ -149,7 +149,7 @@ public virtual async Task<KeyVaultResource> CreateVault()
         {
             try
             {
-                logger.LogInformation($"Begin create vault in Subscription {VaultProperties.SubscriptionId} with storepath = {VaultProperties.StorePath}");
+                logger.LogTrace($"Begin create vault in Subscription {VaultProperties.SubscriptionId} with storepath = {VaultProperties.StorePath}");
 
                 logger.LogTrace($"getting subscription info for provided subscription id {VaultProperties.SubscriptionId}");
 
@@ -170,7 +170,7 @@ public virtual async Task<KeyVaultResource> CreateVault()
                     }
                     catch (Exception ex)
                     {
-                        logger.LogError($"error retrieving default Azure Location: {ex.Message}", ex);
+                        logger.LogError($"error retrieving default Azure Location: {ex.Message}");
                         throw;
                     }
                 }
@@ -189,10 +189,9 @@ public virtual async Task<KeyVaultResource> CreateVault()
             }
             catch (Exception ex)
             {
-                logger.LogError("Error when trying to create Azure Keyvault", ex);
+                logger.LogError($"Error when trying to create Azure Keyvault {ex.Message}");
                 throw;
             }
-
         }
 
         public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(string certName, string contents, string pfxPassword)
@@ -228,7 +227,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(
             }
             catch (Exception ex)
             {
-                logger.LogError(ex.Message);
+                logger.LogError($"There was an error importing the certificate: {ex.Message}");
                 throw;
             }
         }
@@ -244,7 +243,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> GetCertificate(string a
                 if (rEx.ErrorCode == "CertificateNotFound")
                 {
                     // the request was successful, the cert does not exist.
-                    logger.LogTrace("The certificate was not found.");
+                    logger.LogTrace($"The certificate with alias {alias} was not found: {rEx.Message}");
                     return null;
                 }
             }
@@ -263,38 +262,68 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn
             AsyncPageable<CertificateProperties> inventory = null;
             try
             {
-                logger.LogTrace("calling GetPropertiesOfCertificates() on the Certificate Client", CertClient);
+                logger.LogTrace("calling GetPropertiesOfCertificates() on the Certificate Client");
                 inventory = CertClient.GetPropertiesOfCertificatesAsync();
 
-                logger.LogTrace("got a response", inventory);
+                logger.LogTrace($"got a pageable response");
             }
             catch (Exception ex)
             {
                 logger.LogError($"Error performing inventory.  {ex.Message}", ex);
                 throw;
             }
 
-            logger.LogTrace("retrieving each certificate from the response");
+            logger.LogTrace("iterating over result pages for complete list..");
+
+            var fullInventoryList = new List<CertificateProperties>();
+            var failedCount = 0;
+            Exception innerException = null;
+            
+            await foreach (var cert in inventory) {
+                logger.LogTrace($"adding cert with ID: {cert.Id} to the list.");
+                fullInventoryList.Add(cert); // convert to list from pages
+            }
+
+            logger.LogTrace($"compiled full inventory list of {fullInventoryList.Count()} certificate(s)");
 
-            await foreach (var certificate in inventory)
+            foreach (var certificate in fullInventoryList)
             {
-                logger.LogTrace("getting details for the individual certificate", certificate);
-                var cert = await CertClient.GetCertificateAsync(certificate.Name);
-                logger.LogTrace("got certificate response", cert);
+                logger.LogTrace($"getting details for the individual certificate with id: {certificate.Id} and name: {certificate.Name}");
+                try
+                {
+                    var cert = await CertClient.GetCertificateAsync(certificate.Name);
+                    logger.LogTrace($"got certificate details");
 
-                inventoryItems.Add(new CurrentInventoryItem()
+                    inventoryItems.Add(new CurrentInventoryItem()
+                    {
+                        Alias = cert.Value.Name,
+                        PrivateKeyEntry = true,
+                        ItemStatus = OrchestratorInventoryItemStatus.Unknown,
+                        UseChainLevel = true,
+                        Certificates =  new List<string>() { Convert.ToBase64String(cert.Value.Cer) }
+                    });
+                }
+                catch (Exception ex)
                 {
-                    Alias = cert.Value.Name,
-                    PrivateKeyEntry = true,
-                    ItemStatus = OrchestratorInventoryItemStatus.Unknown,
-                    UseChainLevel = true,
-                    Certificates = new string[] { Convert.ToBase64String(cert.Value.Cer) }
-                });
+                    failedCount++;
+                    innerException = ex;
+                    logger.LogError($"Failed to retreive details for certificate {certificate.Name}.  Exception: {ex.Message}");                    
+                    // continuing with inventory instead of throwing, in case there's an issue with a single certificate
+                }
+            }
+
+            if (failedCount == fullInventoryList.Count()) {
+                throw new Exception("Unable to retreive details for certificates.", innerException);
             }
+
+            if (failedCount > 0) {
+                logger.LogWarning($"{failedCount} of {fullInventoryList.Count()} certificates were not able to be retreieved.  Please review the errors.");
+            }
+
             return inventoryItems;
         }
 
-        public virtual async Task<(List<string>, List<string>)> GetVaults()
+        public virtual (List<string>, List<string>) GetVaults()
         {
             var vaultNames = new List<string>();
             var warnings = new List<string>();
@@ -333,6 +362,8 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn
                             var subId = splitId[1];
                             var resourceGroupName = splitId[3];
                             var vaultName = splitId.Last();
+                            var vaultStorePath = $"{subId}:{resourceGroupName}:{vaultName}";
+                            logger.LogTrace($"found keyvault, using storepath {vaultStorePath}");
                             vaultNames.Add($"{subId}:{resourceGroupName}:{vaultName}");
                         }
                     }
 
@@ -4,7 +4,7 @@
 		<TargetFramework>netcoreapp3.1</TargetFramework>
     <AssemblyName>Keyfactor.Extensions.Orchestrators.AKV</AssemblyName>
     <RootNamespace>Keyfactor.Extensions.Orchestrator.AzureKeyVault</RootNamespace>
-	  <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
+		<CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
 	  <SignAssembly>false</SignAssembly>
 	  <Copyright />
 	  <PackageLicenseExpression>https://apache.org/licenses/LICENSE-2.0</PackageLicenseExpression>
@@ -18,30 +18,25 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-	  <None Remove="C:\Users\jvanwanzeele\.nuget\packages\keyfactor.extensions.pam.utilities\1.0.2\contentFiles\any\any\Keyfactor.Extensions.Pam.Config.exe.config" />
-	  <None Remove="C:\Users\jvanwanzeele\.nuget\packages\keyfactor.extensions.pam.utilities\1.0.2\contentFiles\any\any\Keyfactor.Extensions.Pam.Utilities.dll.config" />
-	</ItemGroup>
-
-	<ItemGroup>
-		<PackageReference Include="Azure.Core" Version="1.40.0" />
-		<PackageReference Include="Azure.Identity" Version="1.12.0" />
-		<PackageReference Include="Azure.ResourceManager" Version="1.12.0" />
-		<PackageReference Include="Azure.ResourceManager.KeyVault" Version="1.2.3" />
-		<PackageReference Include="Azure.ResourceManager.Resources" Version="1.7.3" />
-		<PackageReference Include="Azure.Security.KeyVault.Administration" Version="4.4.0" />
-		<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.6.0" />
-		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
-		<PackageReference Include="Azure.Storage.Blobs" Version="12.20.0" />
-		<PackageReference Include="CSS.Common" Version="1.7.0" />
-		<PackageReference Include="Keyfactor.Common" Version="2.3.7" />
-		<PackageReference Include="Keyfactor.Extensions.Pam.Utilities" Version="1.0.2" />
+		<PackageReference Include="Azure.Core" Version="1.44.1" />
+		<PackageReference Include="Azure.Identity" Version="1.13.1" />
+		<PackageReference Include="Azure.ResourceManager" Version="1.13.0" />
+		<PackageReference Include="Azure.ResourceManager.KeyVault" Version="1.3.0" />
+		<PackageReference Include="Azure.ResourceManager.Resources" Version="1.9.0" />
+		<PackageReference Include="Azure.Security.KeyVault.Administration" Version="4.5.0" />
+		<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.7.0" />
+		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.7.0" />
+		<PackageReference Include="Azure.Storage.Blobs" Version="12.22.2" />
 		<PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
 		<PackageReference Include="Keyfactor.Orchestrators.Common" Version="3.2.0" />
 		<PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.7.0" />
 		<PackageReference Include="Keyfactor.Platform.IPAMProvider" Version="1.0.0" />
 		<PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
-		<PackageReference Include="Microsoft.Identity.Client" Version="4.61.3" />
-		<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.61.3" />
+		<PackageReference Include="Microsoft.Identity.Client" Version="4.66.1" />
+		<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.66.1" />
+		<PackageReference Include="System.Drawing.Common" Version="6.0.0" />
+		<PackageReference Include="System.Linq" Version="4.3.0" />
+		<PackageReference Include="System.Linq.Async" Version="6.0.1" />
 	</ItemGroup>
 
 	<ItemGroup>
Original file line number	Diff line number	Diff line change
`@@ -37,8 +37,8 @@ private Uri AzureCloudEndpoint`
`37`	`37`
`38`	`38`	`case "china":`
`39`	`39`	`return AzureAuthorityHosts.AzureChina;`
`40`		`- case "germany":`
`41`		`- return AzureAuthorityHosts.AzureGermany;`
	`40`	`+ //case "germany":`
	`41`	`+ // return AzureAuthorityHosts.AzureGermany; // germany is no longer a valid azure authority host as of 2021`
`42`	`42`	`case "government":`
`43`	`43`	`return AzureAuthorityHosts.AzureGovernment;`
`44`	`44`	`default:`
`@@ -79,7 +79,7 @@ private protected virtual CertificateClient CertClient`
`79`	`79`	`{`
`80`	`80`	`logger.LogTrace("Using a service principal to authenticate, generating the credentials");`
`81`	`81`	`cred = new ClientSecretCredential(VaultProperties.TenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, new ClientSecretCredentialOptions() { AuthorityHost = AzureCloudEndpoint, AdditionallyAllowedTenants = { "*" } });`
`82`		`- logger.LogTrace("generated credentials", cred);`
	`82`	`+ logger.LogTrace("generated credentials");`
`83`	`83`	`}`
`84`	`84`	`_certClient = new CertificateClient(new Uri(VaultProperties.VaultURL), credential: cred);`
`85`	`85`
`@@ -106,13 +106,13 @@ internal protected virtual ArmClient getArmClient(string tenantId)`
`106`	`106`	`}`
`107`	`107`	`else`
`108`	`108`	`{`
`109`		`- logger.LogTrace("getting credentials for a service principal identity");`
	`109`	`+ logger.LogTrace($"getting credentials for a service principal identity with id {VaultProperties.ClientId} in Azure Tenant {credentialOptions.TenantId}");`
`110`	`110`	`credential = new ClientSecretCredential(tenantId, VaultProperties.ClientId, VaultProperties.ClientSecret, credentialOptions);`
`111`		`- logger.LogTrace("got credentials for service principal identity", credential);`
	`111`	`+ logger.LogTrace("got credentials for service principal identity");`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`_mgmtClient = new ArmClient(credential);`
`115`		`- logger.LogTrace("created management client", _mgmtClient);`
	`115`	`+ logger.LogTrace("created management client");`
`116`	`116`	`return _mgmtClient;`
`117`	`117`	`}`
`118`	`118`
`@@ -149,7 +149,7 @@ public virtual async Task<KeyVaultResource> CreateVault()`
`149`	`149`	`{`
`150`	`150`	`try`
`151`	`151`	`{`
`152`		`- logger.LogInformation($"Begin create vault in Subscription {VaultProperties.SubscriptionId} with storepath = {VaultProperties.StorePath}");`
	`152`	`+ logger.LogTrace($"Begin create vault in Subscription {VaultProperties.SubscriptionId} with storepath = {VaultProperties.StorePath}");`
`153`	`153`
`154`	`154`	`logger.LogTrace($"getting subscription info for provided subscription id {VaultProperties.SubscriptionId}");`
`155`	`155`
`@@ -170,7 +170,7 @@ public virtual async Task<KeyVaultResource> CreateVault()`
`170`	`170`	`}`
`171`	`171`	`catch (Exception ex)`
`172`	`172`	`{`
`173`		`- logger.LogError($"error retrieving default Azure Location: {ex.Message}", ex);`
	`173`	`+ logger.LogError($"error retrieving default Azure Location: {ex.Message}");`
`174`	`174`	`throw;`
`175`	`175`	`}`
`176`	`176`	`}`
`@@ -189,10 +189,9 @@ public virtual async Task<KeyVaultResource> CreateVault()`
`189`	`189`	`}`
`190`	`190`	`catch (Exception ex)`
`191`	`191`	`{`
`192`		`- logger.LogError("Error when trying to create Azure Keyvault", ex);`
	`192`	`+ logger.LogError($"Error when trying to create Azure Keyvault {ex.Message}");`
`193`	`193`	`throw;`
`194`	`194`	`}`
`195`		`-`
`196`	`195`	`}`
`197`	`196`
`198`	`197`	`public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(string certName, string contents, string pfxPassword)`
`@@ -228,7 +227,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> ImportCertificateAsync(`
`228`	`227`	`}`
`229`	`228`	`catch (Exception ex)`
`230`	`229`	`{`
`231`		`- logger.LogError(ex.Message);`
	`230`	`+ logger.LogError($"There was an error importing the certificate: {ex.Message}");`
`232`	`231`	`throw;`
`233`	`232`	`}`
`234`	`233`	`}`
`@@ -244,7 +243,7 @@ public virtual async Task<KeyVaultCertificateWithPolicy> GetCertificate(string a`
`244`	`243`	`if (rEx.ErrorCode == "CertificateNotFound")`
`245`	`244`	`{`
`246`	`245`	`// the request was successful, the cert does not exist.`
`247`		`- logger.LogTrace("The certificate was not found.");`
	`246`	`+ logger.LogTrace($"The certificate with alias {alias} was not found: {rEx.Message}");`
`248`	`247`	`return null;`
`249`	`248`	`}`
`250`	`249`	`}`
`@@ -263,38 +262,68 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn`
`263`	`262`	`AsyncPageable<CertificateProperties> inventory = null;`
`264`	`263`	`try`
`265`	`264`	`{`
`266`		`- logger.LogTrace("calling GetPropertiesOfCertificates() on the Certificate Client", CertClient);`
	`265`	`+ logger.LogTrace("calling GetPropertiesOfCertificates() on the Certificate Client");`
`267`	`266`	`inventory = CertClient.GetPropertiesOfCertificatesAsync();`
`268`	`267`
`269`		`- logger.LogTrace("got a response", inventory);`
	`268`	`+ logger.LogTrace($"got a pageable response");`
`270`	`269`	`}`
`271`	`270`	`catch (Exception ex)`
`272`	`271`	`{`
`273`	`272`	`logger.LogError($"Error performing inventory. {ex.Message}", ex);`
`274`	`273`	`throw;`
`275`	`274`	`}`
`276`	`275`
`277`		`- logger.LogTrace("retrieving each certificate from the response");`
	`276`	`+ logger.LogTrace("iterating over result pages for complete list..");`
	`277`	`+`
	`278`	`+ var fullInventoryList = new List<CertificateProperties>();`
	`279`	`+ var failedCount = 0;`
	`280`	`+ Exception innerException = null;`
	`281`	`+`
	`282`	`+ await foreach (var cert in inventory) {`
	`283`	`+ logger.LogTrace($"adding cert with ID: {cert.Id} to the list.");`
	`284`	`+ fullInventoryList.Add(cert); // convert to list from pages`
	`285`	`+ }`
	`286`	`+`
	`287`	`+ logger.LogTrace($"compiled full inventory list of {fullInventoryList.Count()} certificate(s)");`
`278`	`288`
`279`		`- await foreach (var certificate in inventory)`
	`289`	`+ foreach (var certificate in fullInventoryList)`
`280`	`290`	`{`
`281`		`- logger.LogTrace("getting details for the individual certificate", certificate);`
`282`		`- var cert = await CertClient.GetCertificateAsync(certificate.Name);`
`283`		`- logger.LogTrace("got certificate response", cert);`
	`291`	`+ logger.LogTrace($"getting details for the individual certificate with id: {certificate.Id} and name: {certificate.Name}");`
	`292`	`+ try`
	`293`	`+ {`
	`294`	`+ var cert = await CertClient.GetCertificateAsync(certificate.Name);`
	`295`	`+ logger.LogTrace($"got certificate details");`
`284`	`296`
`285`		`- inventoryItems.Add(new CurrentInventoryItem()`
	`297`	`+ inventoryItems.Add(new CurrentInventoryItem()`
	`298`	`+ {`
	`299`	`+ Alias = cert.Value.Name,`
	`300`	`+ PrivateKeyEntry = true,`
	`301`	`+ ItemStatus = OrchestratorInventoryItemStatus.Unknown,`
	`302`	`+ UseChainLevel = true,`
	`303`	`+ Certificates = new List<string>() { Convert.ToBase64String(cert.Value.Cer) }`
	`304`	`+ });`
	`305`	`+ }`
	`306`	`+ catch (Exception ex)`
`286`	`307`	`{`
`287`		`- Alias = cert.Value.Name,`
`288`		`- PrivateKeyEntry = true,`
`289`		`- ItemStatus = OrchestratorInventoryItemStatus.Unknown,`
`290`		`- UseChainLevel = true,`
`291`		`- Certificates = new string[] { Convert.ToBase64String(cert.Value.Cer) }`
`292`		`- });`
	`308`	`+ failedCount++;`
	`309`	`+ innerException = ex;`
	`310`	`+ logger.LogError($"Failed to retreive details for certificate {certificate.Name}. Exception: {ex.Message}");`
	`311`	`+ // continuing with inventory instead of throwing, in case there's an issue with a single certificate`
	`312`	`+ }`
	`313`	`+ }`
	`314`	`+`
	`315`	`+ if (failedCount == fullInventoryList.Count()) {`
	`316`	`+ throw new Exception("Unable to retreive details for certificates.", innerException);`
`293`	`317`	`}`
	`318`	`+`
	`319`	`+ if (failedCount > 0) {`
	`320`	`+ logger.LogWarning($"{failedCount} of {fullInventoryList.Count()} certificates were not able to be retreieved. Please review the errors.");`
	`321`	`+ }`
	`322`	`+`
`294`	`323`	`return inventoryItems;`
`295`	`324`	`}`
`296`	`325`
`297`		`- public virtual async Task<(List<string>, List<string>)> GetVaults()`
	`326`	`+ public virtual (List<string>, List<string>) GetVaults()`
`298`	`327`	`{`
`299`	`328`	`var vaultNames = new List<string>();`
`300`	`329`	`var warnings = new List<string>();`
`@@ -333,6 +362,8 @@ public virtual async Task<IEnumerable<CurrentInventoryItem>> GetCertificatesAsyn`
`333`	`362`	`var subId = splitId[1];`
`334`	`363`	`var resourceGroupName = splitId[3];`
`335`	`364`	`var vaultName = splitId.Last();`
	`365`	`+ var vaultStorePath = $"{subId}:{resourceGroupName}:{vaultName}";`
	`366`	`+ logger.LogTrace($"found keyvault, using storepath {vaultStorePath}");`
`336`	`367`	`vaultNames.Add($"{subId}:{resourceGroupName}:{vaultName}");`
`337`	`368`	`}`
`338`	`369`	`}`