[New Azure Integration Pkgs] Port configuration provider to use the new Azure.Security.KeyVault.Secrets

eng/Dependencies.props

@@ -58,6 +58,8 @@ and are generated based on the last package release.
   <ItemGroup Label="External dependencies" Condition="'$(DotNetBuildFromSource)' != 'true'">
     <LatestPackageReference Include="BenchmarkDotNet" Version="0.10.13" />
     <LatestPackageReference Include="Microsoft.AspNet.WebApi.Client" Version="5.2.6" />
+    <LatestPackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.0.0" />
+    <LatestPackageReference Include="Azure.Identity" Version="1.0.0" />
     <LatestPackageReference Include="Microsoft.Azure.KeyVault" Version="2.3.2" />
     <LatestPackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.0.3" />
     <LatestPackageReference Include="Microsoft.TypeScript.MSBuild" Version="2.9.2" />

eng/GenAPI.exclusions.txt

@@ -0,0 +1,12 @@
+# Workaround namespace conflicts with Azure.* and Microsoft.Extensions.Azure.*
+M:Microsoft.Extensions.Configuration.AzureKeyVaultConfigurationExtensions.AddAzureKeyVault(Microsoft.Extensions.Configuration.IConfigurationBuilder,Azure.Security.KeyVault.Secrets.SecretClient,Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager)
+M:Microsoft.Extensions.Configuration.AzureKeyVaultConfigurationExtensions.AddAzureKeyVault(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Uri,Azure.Core.TokenCredential)
+M:Microsoft.Extensions.Configuration.AzureKeyVaultConfigurationExtensions.AddAzureKeyVault(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Uri,Azure.Core.TokenCredential,Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager)
+M:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.AzureKeyVaultConfigurationOptions.#ctor(System.Uri,Azure.Core.TokenCredential)
+P:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.AzureKeyVaultConfigurationOptions.Client
+M:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.AzureKeyVaultConfigurationOptions.set_Client(Azure.Security.KeyVault.Secrets.SecretClient)
+T:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager
+M:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager.GetKey(Azure.Security.KeyVault.Secrets.KeyVaultSecret)
+M:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager.Load(Azure.Security.KeyVault.Secrets.SecretProperties)
+M:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.DefaultKeyVaultSecretManager.GetKey(Azure.Security.KeyVault.Secrets.KeyVaultSecret)
+M:Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.DefaultKeyVaultSecretManager.Load(Azure.Security.KeyVault.Secrets.SecretProperties)

eng/ProjectReferences.props

@@ -10,6 +10,7 @@
     <ProjectReferenceProvider Include="Microsoft.Extensions.Caching.SqlServer" ProjectPath="$(RepoRoot)src\Caching\SqlServer\src\Microsoft.Extensions.Caching.SqlServer.csproj" RefProjectPath="$(RepoRoot)src\Caching\SqlServer\ref\Microsoft.Extensions.Caching.SqlServer.csproj" />
     <ProjectReferenceProvider Include="Microsoft.Extensions.Caching.StackExchangeRedis" ProjectPath="$(RepoRoot)src\Caching\StackExchangeRedis\src\Microsoft.Extensions.Caching.StackExchangeRedis.csproj" RefProjectPath="$(RepoRoot)src\Caching\StackExchangeRedis\ref\Microsoft.Extensions.Caching.StackExchangeRedis.csproj" />
     <ProjectReferenceProvider Include="Microsoft.Extensions.Configuration.Abstractions" ProjectPath="$(RepoRoot)src\Configuration\Config.Abstractions\src\Microsoft.Extensions.Configuration.Abstractions.csproj" RefProjectPath="$(RepoRoot)src\Configuration\Config.Abstractions\ref\Microsoft.Extensions.Configuration.Abstractions.csproj" />
+    <ProjectReferenceProvider Include="Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets" ProjectPath="$(RepoRoot)src\Configuration\Config.Azure.KeyVault.Secrets\src\Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.csproj" RefProjectPath="$(RepoRoot)src\Configuration\Config.Azure.KeyVault.Secrets\ref\Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.csproj" />
     <ProjectReferenceProvider Include="Microsoft.Extensions.Configuration.AzureKeyVault" ProjectPath="$(RepoRoot)src\Configuration\Config.AzureKeyVault\src\Microsoft.Extensions.Configuration.AzureKeyVault.csproj" RefProjectPath="$(RepoRoot)src\Configuration\Config.AzureKeyVault\ref\Microsoft.Extensions.Configuration.AzureKeyVault.csproj" />
     <ProjectReferenceProvider Include="Microsoft.Extensions.Configuration.Binder" ProjectPath="$(RepoRoot)src\Configuration\Config.Binder\src\Microsoft.Extensions.Configuration.Binder.csproj" RefProjectPath="$(RepoRoot)src\Configuration\Config.Binder\ref\Microsoft.Extensions.Configuration.Binder.csproj" />
     <ProjectReferenceProvider Include="Microsoft.Extensions.Configuration.CommandLine" ProjectPath="$(RepoRoot)src\Configuration\Config.CommandLine\src\Microsoft.Extensions.Configuration.CommandLine.csproj" RefProjectPath="$(RepoRoot)src\Configuration\Config.CommandLine\ref\Microsoft.Extensions.Configuration.CommandLine.csproj" />

eng/Versions.props

@@ -14,6 +14,7 @@
     <AssemblyVersion Condition="'$(IsReferenceAssemblyProject)' != 'true'">$(VersionPrefix).0</AssemblyVersion>
     <!-- Blazor WASM packages will not RTM with 3.1 -->
     <BlazorWASMPreReleaseVersionLabel>preview4</BlazorWASMPreReleaseVersionLabel>
+    <AzureKeyVaultSecretsPreReleaseVersionLabel>preview1</AzureKeyVaultSecretsPreReleaseVersionLabel>
     <!--
       We do not support changing reference assemblies in a patch. This ignores
       the patch version number to ensure assembly version of ref assemblies stays constant

eng/targets/ReferenceAssembly.targets

@@ -52,6 +52,7 @@
 
       <_RefSourceOutputPath>$([System.IO.Directory]::GetParent('$(MSBuildProjectDirectory)'))/ref/</_RefSourceOutputPath>
       <_RefSourceFileName>$(AssemblyName).$(_RefSourceFileTFM).cs</_RefSourceFileName>
+      <_ManualRefSourceFileName>$(AssemblyName).Manual.cs</_ManualRefSourceFileName>
       <_RefSourceFileOutputPath>$(_RefSourceOutputPath)$(_RefSourceFileName)</_RefSourceFileOutputPath>
     </PropertyGroup>
 
@@ -81,10 +82,16 @@
     </ItemGroup>
 
     <PropertyGroup>
+      <_ManualReferenceAssemblyContent />
+        <_ManualReferenceAssemblyContent Condition="Exists('$(_RefSourceOutputPath)$(_ManualRefSourceFileName)')">
+      <![CDATA[
+    <Compile Include="$(_ManualRefSourceFileName)" />]]>
+      </_ManualReferenceAssemblyContent>
+
       <ReferencesContent>
       <![CDATA[
   <ItemGroup Condition="'%24(TargetFramework)' == '$(_RefProjectFileTFM)'">
-    <Compile Include="$(_RefSourceFileName)" />
+    <Compile Include="$(_RefSourceFileName)" />]]>$(_ManualReferenceAssemblyContent)<![CDATA[
     @(FilteredOriginalReferences->'<Reference Include="%(Identity)"  />', '%0A    ')
   </ItemGroup>
 ]]>

src/Configuration/Config.Azure.KeyVault.Secrets/Directory.Build.props

@@ -0,0 +1,10 @@
+<Project>
+  <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory)..\, Directory.Build.props))\Directory.Build.props" />
+
+  <PropertyGroup>
+    <!-- These projects depend on a 3rd party source. -->
+    <ExcludeFromSourceBuild>true</ExcludeFromSourceBuild>
+    <PreReleaseVersionLabel>$(AzureKeyVaultSecretsPreReleaseVersionLabel)</PreReleaseVersionLabel>
+    <DotNetFinalVersionKind />
+  </PropertyGroup>
+</Project>

src/Configuration/Config.Azure.KeyVault.Secrets/ref/Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.Manual.cs

@@ -0,0 +1,30 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.Extensions.Configuration
+{
+    public static partial class AzureKeyVaultConfigurationExtensions
+    {
+        public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddAzureKeyVault(this Microsoft.Extensions.Configuration.IConfigurationBuilder configurationBuilder, global::Azure.Security.KeyVault.Secrets.SecretClient client, Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager manager) { throw null; }
+        public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddAzureKeyVault(this Microsoft.Extensions.Configuration.IConfigurationBuilder configurationBuilder, System.Uri vault, global::Azure.Core.TokenCredential credential) { throw null; }
+        public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddAzureKeyVault(this Microsoft.Extensions.Configuration.IConfigurationBuilder configurationBuilder, System.Uri vault, global::Azure.Core.TokenCredential credential, Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager manager) { throw null; }
+    }
+}
+namespace Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets
+{
+    public partial class AzureKeyVaultConfigurationOptions
+    {
+        public AzureKeyVaultConfigurationOptions(System.Uri vault, global::Azure.Core.TokenCredential credential) { }
+        public global::Azure.Security.KeyVault.Secrets.SecretClient Client { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
+    }
+    public partial class DefaultKeyVaultSecretManager : Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager
+    {
+        public virtual string GetKey(global::Azure.Security.KeyVault.Secrets.KeyVaultSecret secret) { throw null; }
+        public virtual bool Load(global::Azure.Security.KeyVault.Secrets.SecretProperties secret) { throw null; }
+    }
+    public partial interface IKeyVaultSecretManager
+    {
+        string GetKey(global::Azure.Security.KeyVault.Secrets.KeyVaultSecret secret);
+        bool Load(global::Azure.Security.KeyVault.Secrets.SecretProperties secret);
+    }
+}

src/Configuration/Config.Azure.KeyVault.Secrets/ref/Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.csproj

@@ -0,0 +1,14 @@
+<!-- This file is automatically generated. -->
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFrameworks>netstandard2.0</TargetFrameworks>
+  </PropertyGroup>
+  <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
+    <Compile Include="Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.netstandard2.0.cs" />
+    <Compile Include="Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.Manual.cs" />
+    <Reference Include="Azure.Security.KeyVault.Secrets"  />
+    <Reference Include="Azure.Identity"  />
+    <Reference Include="Microsoft.Extensions.Configuration"  />
+    <Reference Include="Microsoft.Extensions.Configuration.FileExtensions"  />
+  </ItemGroup>
+</Project>

src/Configuration/Config.Azure.KeyVault.Secrets/ref/Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.netstandard2.0.cs

@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.Extensions.Configuration
+{
+    public static partial class AzureKeyVaultConfigurationExtensions
+    {
+        public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddAzureKeyVault(this Microsoft.Extensions.Configuration.IConfigurationBuilder configurationBuilder, Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.AzureKeyVaultConfigurationOptions options) { throw null; }
+        public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddAzureKeyVault(this Microsoft.Extensions.Configuration.IConfigurationBuilder configurationBuilder, System.Uri vault) { throw null; }
+        public static Microsoft.Extensions.Configuration.IConfigurationBuilder AddAzureKeyVault(this Microsoft.Extensions.Configuration.IConfigurationBuilder configurationBuilder, System.Uri vault, Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager manager) { throw null; }
+    }
+}
+namespace Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets
+{
+    public partial class AzureKeyVaultConfigurationOptions
+    {
+        public AzureKeyVaultConfigurationOptions() { }
+        public Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets.IKeyVaultSecretManager Manager { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
+        public System.TimeSpan? ReloadInterval { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } }
+    }
+    public partial class DefaultKeyVaultSecretManager
+    {
+        public DefaultKeyVaultSecretManager() { }
+    }
+}

src/Configuration/Config.Azure.KeyVault.Secrets/samples/EnvironmentSecretManager.cs

@@ -0,0 +1,34 @@
+using Azure.Security.KeyVault.Secrets;
+using Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets;
+
+namespace ConsoleApplication
+{
+    public class EnvironmentSecretManager : DefaultKeyVaultSecretManager
+    {
+        private readonly string _environmentPrefix;
+
+        public EnvironmentSecretManager(string environment)
+        {
+            _environmentPrefix = environment + "-";
+        }
+
+        public override bool Load(SecretProperties secret)
+        {
+            return HasEnvironmentPrefix(secret.Name);
+        }
+
+        public override string GetKey(KeyVaultSecret secret)
+        {
+            var keyName = base.GetKey(secret);
+
+            return HasEnvironmentPrefix(keyName)
+                ? keyName.Substring(_environmentPrefix.Length)
+                : keyName;
+        }
+
+        private bool HasEnvironmentPrefix(string name)
+        {
+            return name.StartsWith(_environmentPrefix);
+        }
+    }
+}

src/Configuration/Config.Azure.KeyVault.Secrets/samples/KeyVaultSecretsSample.csproj

@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>$(DefaultNetCoreTargetFramework);net472</TargetFrameworks>
+    <DebugType>portable</DebugType>
+    <OutputType>Exe</OutputType>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="settings.json" CopyToOutputDirectory="PreserveNewest" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.Extensions.Configuration.Azure.KeyVault.Secrets" />
+    <Reference Include="Microsoft.Extensions.Configuration.Json" />
+  </ItemGroup>
+
+</Project>

src/Configuration/Config.Azure.KeyVault.Secrets/samples/Program.cs

@@ -0,0 +1,37 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using Azure.Identity;
+using Microsoft.Extensions.Configuration;
+
+namespace ConsoleApplication
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            var builder = new ConfigurationBuilder();
+            builder.AddJsonFile("settings.json");
+
+            var config = builder.Build();
+
+            var store = new X509Store(StoreLocation.CurrentUser);
+            store.Open(OpenFlags.ReadOnly);
+            var cert = store.Certificates.Find(X509FindType.FindByThumbprint, config["CertificateThumbprint"], false);
+
+            builder.AddAzureKeyVault(
+                new Uri(config["Vault"]),
+                new ClientCertificateCredential(
+                    config["TenantId"],
+                    config["ClientId"],
+                cert.OfType<X509Certificate2>().Single()),
+                new EnvironmentSecretManager("Development"));
+            store.Close();
+
+            config = builder.Build();
+
+            Console.WriteLine(config["ConnectionString"]);
+        }
+    }
+}

src/Configuration/Config.Azure.KeyVault.Secrets/samples/settings.json

@@ -0,0 +1,5 @@
+{
+  "CertificateThumbprint": "",
+  "Vault": "",
+  "ClientId": ""
+}