You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Azure Key Vault Store gets most of its functionality from the Key-Value store. In order to convert the triple: (key, set, value) to something that will work with a Key Value store, the Key Value store uses the set as its key when there is a set, and then creates an object out of the key and value, and then stores that object as a value against the "set" key. You get structure like: { "set" : { "key1": "value1", "key2": "value2" } }. The problem lies with Config Sets with a depth of 2 or more. The "/" is the separator for Config Sets, and so if I have a ConfigSet with a depth of 2 like "Org/Project", the key that the Key Value Store will use will be: Org/Project. The reason this is a problem is that "/" is an invalid character for a key name (secret name) in Azure Key Vault.
So, Azure Key Vault will work as a Key Value store -- only as long as you only have Config Sets of Depth < 2.
I don't know much about typescript, but it seems to do this, you will need to implement a "key" conversion function that the base Key Value Store class calls to transform the key, with the the base class implementation simply returning the key as is, and all derived classes that need to tweak the Config Set would implement their tweak. I think you will also need to store a special key-value pair in the object - with the unmodified ConfigSet path value so that you can recreate the true triple on read/get.
To Reproduce
Create an Azure KeyVault
Try to upsert a config to with a ConfigSet of depth >= 2
Context
No response
The text was updated successfully, but these errors were encountered:
Current Behavior
The Azure Key Vault Store gets most of its functionality from the Key-Value store. In order to convert the triple: (key, set, value) to something that will work with a Key Value store, the Key Value store uses the set as its key when there is a set, and then creates an object out of the key and value, and then stores that object as a value against the "set" key. You get structure like: { "set" : { "key1": "value1", "key2": "value2" } }. The problem lies with Config Sets with a depth of 2 or more. The "/" is the separator for Config Sets, and so if I have a ConfigSet with a depth of 2 like "Org/Project", the key that the Key Value Store will use will be: Org/Project. The reason this is a problem is that "/" is an invalid character for a key name (secret name) in Azure Key Vault.
So, Azure Key Vault will work as a Key Value store -- only as long as you only have Config Sets of Depth < 2.
Expected Behavior
I expected the "/" to have been converted to "-" the only allowable non AlphaNumeric according to: https://github.com/Azure/PSRule.Rules.Azure/blob/main/docs/en/rules/Azure.KeyVault.SecretName.md
I don't know much about typescript, but it seems to do this, you will need to implement a "key" conversion function that the base Key Value Store class calls to transform the key, with the the base class implementation simply returning the key as is, and all derived classes that need to tweak the Config Set would implement their tweak. I think you will also need to store a special key-value pair in the object - with the unmodified ConfigSet path value so that you can recreate the true triple on read/get.
To Reproduce
Create an Azure KeyVault
Try to upsert a config to with a ConfigSet of depth >= 2
Context
No response
The text was updated successfully, but these errors were encountered: