test: Add Azure test

cloudencrypt/azure.go

@@ -4,10 +4,12 @@ import (
 	"context"
 	"crypto/rand"
 	"fmt"
-	"strings"
+	"math"
+	"math/big"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
 	"github.com/pkg/errors"
 )
 
@@ -18,16 +20,24 @@ const (
 
 // AzureEncryptor Implements Encryptor by saving the value as a secret in Azure's Key Vault.
 type AzureEncryptor struct {
-	client       *keyvault.BaseClient
+	client       *azsecrets.Client
 	vaultBaseURL string
 	secretPrefix string
 }
 
 func NewAzureEncryptor(ctx context.Context, vaultBaseURL, secretPrefix string) (*AzureEncryptor, error) {
-	client := keyvault.New()
+	cred, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		return nil, err
+	}
+
+	client, err := azsecrets.NewClient(vaultBaseURL, cred, nil)
+	if err != nil {
+		return nil, err
+	}
 
 	return &AzureEncryptor{
-		client:       &client,
+		client:       client,
 		vaultBaseURL: vaultBaseURL,
 		secretPrefix: secretPrefix,
 	}, nil
@@ -48,34 +58,35 @@ func (encryptor *AzureEncryptor) Encrypt(ctx context.Context, value []byte, meta
 	}
 	secretValueString := string(secretValue)
 
-	random, err := rand.Int(rand.Reader, nil)
+	random, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
 	if err != nil {
 		return nil, errors.Wrapf(err, "can't generate random int: %s", err.Error())
 	}
 	secretName := fmt.Sprintf("%s-%d-%d", encryptor.secretPrefix, time.Now().Unix(), random)
 
-	secret, err := encryptor.client.SetSecret(
+	_, err = encryptor.client.SetSecret(
 		ctx,
-		encryptor.vaultBaseURL,
 		secretName,
-		keyvault.SecretSetParameters{
+		azsecrets.SetSecretParameters{
 			Value: &secretValueString,
 		},
+		nil,
 	)
 	if err != nil {
 		return nil, errors.Wrapf(err, "azure set secret failed: %s", err.Error())
 	}
 
-	return []byte(*secret.ID), nil
+	return []byte(secretName), nil
 }
 
 func (encryptor *AzureEncryptor) Decrypt(ctx context.Context, encryptedValue []byte, metadata ...MetadataKV) ([]byte, error) {
-	parts := strings.Split(string(encryptedValue), "/")
-	if len(parts) != 4 {
-		return nil, errors.New("unable to parse secret id")
-	}
+	//parts := strings.Split(string(encryptedValue), "/")
+	//if len(parts) != 4 {
+	//	fmt.Println(string(encryptedValue))
+	//	return nil, errors.New("unable to parse secret id")
+	//}
 
-	secret, err := encryptor.client.GetSecret(ctx, encryptor.vaultBaseURL, parts[2], parts[3])
+	secret, err := encryptor.client.GetSecret(ctx, string(encryptedValue), "", nil)
 	if err != nil {
 		return nil, errors.Wrapf(err, "azure get secret failed: %s", err.Error())
 	}

cloudencrypt/azure_test.go

@@ -0,0 +1,49 @@
+package cloudencrypt
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_AzureEncryptor(t *testing.T) {
+	t.Parallel()
+
+	ctx := context.Background()
+
+	err := os.Setenv("AZURE_TENANT_ID", os.Getenv("TEST_AZURE_TENANT_ID"))
+	require.NoError(t, err)
+
+	err = os.Setenv("AZURE_CLIENT_ID", os.Getenv("TEST_AZURE_CLIENT_ID"))
+	require.NoError(t, err)
+
+	err = os.Setenv("AZURE_CLIENT_SECRET", os.Getenv("TEST_AZURE_CLIENT_SECRET"))
+	require.NoError(t, err)
+
+	vaultURL := os.Getenv("TEST_AZURE_KEY_VAULT_URL")
+	if vaultURL == "" {
+		require.Fail(t, "TEST_AZURE_KEY_VAULT_URL is empty")
+	}
+
+	encryptor, err := NewAzureEncryptor(ctx, vaultURL, "jt-")
+	require.NoError(t, err)
+
+	meta := MetadataKV{
+		Key:   "metakey",
+		Value: "metavalue",
+	}
+
+	encrypted, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
+	require.NoError(t, err)
+
+	_, err = encryptor.Decrypt(ctx, encrypted)
+	assert.ErrorContains(t, err, "decryption failed")
+
+	decrypted, err := encryptor.Decrypt(ctx, encrypted, meta)
+	assert.NoError(t, err)
+
+	assert.Equal(t, []byte("Lorem ipsum"), decrypted)
+}

go.mod

@@ -4,7 +4,8 @@ go 1.23.2
 
 require (
 	cloud.google.com/go/kms v1.20.0
-	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0
 	github.com/aws/aws-sdk-go-v2/config v1.28.1
 	github.com/aws/aws-sdk-go-v2/service/kms v1.37.2
 	github.com/dgraph-io/ristretto/v2 v2.0.0-alpha
@@ -20,14 +21,10 @@ require (
 	cloud.google.com/go/compute/metadata v0.5.0 // indirect
 	cloud.google.com/go/iam v1.2.1 // indirect
 	cloud.google.com/go/longrunning v0.6.1 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
-	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
@@ -46,24 +43,27 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
 	go.opentelemetry.io/otel v1.29.0 // indirect
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
-	golang.org/x/net v0.29.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	google.golang.org/api v0.197.0 // indirect
 	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect