NamedValues solve reference in parameters file (#846)

* Fetch secret values on request, solve reference named values in parameters file
* Add NamedValues parameters extraction tests
* Add secret values when extractSecret is true and paramNamedValues is false
* Added test for extract secrets with named values

Co-authored-by: Farhad Alizada <falizada@microsoft.com>

Author: f-alizada

src/ArmTemplates/Common/API/Clients/Abstractions/INamedValuesClient.cs

@@ -13,5 +13,7 @@ namespace Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.API.Clien
     public interface INamedValuesClient
     {
         Task<List<NamedValueTemplateResource>> GetAllAsync(ExtractorParameters extractorParameters);
+
+        Task<NamedValuesSecretValue> ListNamedValueSecretValueAsync(string namedValueId, ExtractorParameters extractorParameters);
     }
 }

src/ArmTemplates/Common/API/Clients/NamedValues/NamedValuesClient.cs

@@ -7,6 +7,7 @@
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.API.Clients.Abstractions;
+using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.API.Models;
 using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Constants;
 using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Templates.NamedValues;
 using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Extractor.Models;
@@ -17,11 +18,12 @@ namespace Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.API.Clien
     public class NamedValuesClient : ApiClientBase, INamedValuesClient
     {
         const string GetNamedValuesRequest = "{0}/subscriptions/{1}/resourceGroups/{2}/providers/Microsoft.ApiManagement/service/{3}/namedValues?api-version={4}";
-        readonly ITemplateResourceDataProcessor<NamedValueTemplateResource> templateResourceDataProcessor;
+        const string GetNamedValueSecretValueRequest = "{0}/subscriptions/{1}/resourceGroups/{2}/providers/Microsoft.ApiManagement/service/{3}/namedValues/{4}/listValue?api-version={5}";
+        readonly INamedValuesDataProcessor namedValuesDataProcessor;
 
-        public NamedValuesClient(IHttpClientFactory httpClientFactory, ITemplateResourceDataProcessor<NamedValueTemplateResource> templateResourceDataProcessor) : base(httpClientFactory)
+        public NamedValuesClient(IHttpClientFactory httpClientFactory, INamedValuesDataProcessor namedValuesDataProcessor) : base(httpClientFactory)
         {
-            this.templateResourceDataProcessor = templateResourceDataProcessor;
+            this.namedValuesDataProcessor = namedValuesDataProcessor;
         }
 
         public async Task<List<NamedValueTemplateResource>> GetAllAsync(ExtractorParameters extractorParameters)
@@ -32,8 +34,42 @@ public async Task<List<NamedValueTemplateResource>> GetAllAsync(ExtractorParamet
                this.BaseUrl, azSubId, extractorParameters.ResourceGroup, extractorParameters.SourceApimName, GlobalConstants.ApiVersion);
 
             var namedValuesTemplateResources = await this.GetPagedResponseAsync<NamedValueTemplateResource>(azToken, requestUrl);
-            this.templateResourceDataProcessor.ProcessData(namedValuesTemplateResources);
+            this.namedValuesDataProcessor.ProcessData(namedValuesTemplateResources);
+            await this.FetchSecretsValue(namedValuesTemplateResources, extractorParameters);
             return namedValuesTemplateResources;
         }
+
+        public async Task<NamedValuesSecretValue> ListNamedValueSecretValueAsync(string namedValueId, ExtractorParameters extractorParameters)
+        {
+            var (azToken, azSubId) = await this.Auth.GetAccessToken();
+
+            var requestUrl = string.Format(GetNamedValueSecretValueRequest,
+               this.BaseUrl, azSubId, extractorParameters.ResourceGroup, extractorParameters.SourceApimName, namedValueId, GlobalConstants.ApiVersion);
+
+            return await this.GetResponseAsync<NamedValuesSecretValue>(azToken, requestUrl, useCache: false, method: ClientHttpMethod.POST);
+        }
+
+        async Task FetchSecretsValue(List<NamedValueTemplateResource> namedValues, ExtractorParameters extractorParameters)
+        {
+            if (namedValues == null || namedValues.Count== 0)
+            {
+                return ;
+            }
+
+            if (!extractorParameters.ExtractSecrets)
+            {
+                return ;
+            }
+
+            foreach(var namedValue in namedValues)
+            {
+                if (namedValue.Properties.Secret && namedValue.Properties.KeyVault == null)
+                {
+                    var namaedValueSecretData = await this.ListNamedValueSecretValueAsync(namedValue.OriginalName, extractorParameters);
+                    namedValue.Properties.OriginalValue = namaedValueSecretData?.Value;
+                    namedValue.Properties.Value = namaedValueSecretData?.Value;
+                }
+            }
+        }
     }
 }

src/ArmTemplates/Common/Templates/NamedValues/NamedValueProperties.cs

@@ -4,15 +4,26 @@
 // --------------------------------------------------------------------------
 
 using System.Collections.Generic;
+using Newtonsoft.Json;
 
 namespace Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Templates.NamedValues
 {
     public class NamedValueProperties
     {
+        [JsonIgnore]
+        public string OriginalValue { get; set; }
+
+        [JsonIgnore]
+        public string OriginalKeyVaultSecretIdentifierValue { get; set; }
+
         public IList<string> Tags { get; set; }
+
         public bool Secret { get; set; }
+
         public string DisplayName { get; set; }
+
         public string Value { get; set; }
+
         public NamedValueResourceKeyVaultProperties KeyVault { get; set; }
     }
 }

src/ArmTemplates/Common/Templates/NamedValues/NamedValuesSecretValue.cs

@@ -0,0 +1,12 @@
+// --------------------------------------------------------------------------
+//  Copyright (c) Microsoft Corporation. All rights reserved.
+//  Licensed under the MIT License.
+// --------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Templates.NamedValues
+{
+    public class NamedValuesSecretValue
+    {
+        public string Value { get; set; }
+    }
+}

src/ArmTemplates/Extractor/EntityExtractors/NamedValuesExtractor.cs

@@ -77,21 +77,7 @@ public async Task<Template<NamedValuesResources>> GenerateNamedValuesTemplateAsy
                 namedValueResource.ApiVersion = GlobalConstants.ApiVersion;
                 namedValueResource.Scale = null;
 
-                if (extractorParameters.ParameterizeNamedValue)
-                {
-                    namedValueResource.Properties.Value = $"[parameters('{ParameterNames.NamedValues}').{NamingHelper.GenerateValidParameterName(namedValueResource.OriginalName, ParameterPrefix.Property)}]";
-                }
-
-                //Hide the value field if it is a keyvault named value
-                if (namedValueResource.Properties.KeyVault != null)
-                {
-                    namedValueResource.Properties.Value = null;
-                }
-
-                if (namedValueResource.Properties.KeyVault != null && extractorParameters.ParamNamedValuesKeyVaultSecrets)
-                {
-                    namedValueResource.Properties.KeyVault.SecretIdentifier = $"[parameters('{ParameterNames.NamedValueKeyVaultSecrets}').{NamingHelper.GenerateValidParameterName(namedValueResource.OriginalName, ParameterPrefix.Property)}]";
-                }
+                this.ModifyNamedValuesOutput(namedValueResource, extractorParameters);
 
                 if (string.IsNullOrEmpty(singleApiName))
                 {
@@ -179,5 +165,24 @@ bool DoesLoggerReferenceNamedValue(
             }
             return false;
         }
+
+        void ModifyNamedValuesOutput(NamedValueTemplateResource namedValueResource, ExtractorParameters extractorParameters)
+        {
+            if (extractorParameters.ParameterizeNamedValue)
+            {
+                namedValueResource.Properties.Value = $"[parameters('{ParameterNames.NamedValues}').{NamingHelper.GenerateValidParameterName(namedValueResource.OriginalName, ParameterPrefix.Property)}]";
+            }
+
+            //Hide the value field if it is a keyvault named value
+            if (namedValueResource.Properties.KeyVault != null)
+            {
+                namedValueResource.Properties.Value = null;
+            }
+
+            if (namedValueResource.Properties.KeyVault != null && extractorParameters.ParamNamedValuesKeyVaultSecrets)
+            {
+                namedValueResource.Properties.KeyVault.SecretIdentifier = $"[parameters('{ParameterNames.NamedValueKeyVaultSecrets}').{NamingHelper.GenerateValidParameterName(namedValueResource.OriginalName, ParameterPrefix.Property)}]";
+            }
+        }
     }
 }

src/ArmTemplates/Extractor/EntityExtractors/ParametersExtractor.cs

@@ -185,23 +185,30 @@ void AddNamedValuesParameters()
                 var keyVaultNamedValues = new Dictionary<string, string>();
                 foreach (var namedValue in namedValuesResources.NamedValues)
                 {
+                    // secret/plain values
                     if (extractorParameters.ParameterizeNamedValue && namedValue?.Properties.KeyVault == null)
                     {
-                        var propertyValue = namedValue.Properties.Value;
                         var validPName = NamingHelper.GenerateValidParameterName(namedValue.OriginalName, ParameterPrefix.Property);
-                        namedValuesParameters.Add(validPName, propertyValue);
+                        namedValuesParameters.Add(validPName, namedValue?.Properties.OriginalValue);
                     }
 
+                    //key vault values
                     if (extractorParameters.ParamNamedValuesKeyVaultSecrets && namedValue?.Properties.KeyVault is not null)
                     {
-                        var propertyValue = namedValue.Properties.KeyVault.SecretIdentifier;
                         var validPName = NamingHelper.GenerateValidParameterName(namedValue.OriginalName, ParameterPrefix.Property);
-                        keyVaultNamedValues.Add(validPName, propertyValue);
+                        keyVaultNamedValues.Add(validPName, namedValue.Properties.OriginalKeyVaultSecretIdentifierValue);
                     }
                 }
 
-                parameters.Add(ParameterNames.NamedValues, new TemplateObjectParameterProperties() { Value = namedValuesParameters });
-                parameters.Add(ParameterNames.NamedValueKeyVaultSecrets, new TemplateObjectParameterProperties() { Value = keyVaultNamedValues });
+                if (extractorParameters.ParameterizeNamedValue)
+                {
+                    parameters.Add(ParameterNames.NamedValues, new TemplateObjectParameterProperties() { Value = namedValuesParameters });
+                }
+
+                if (extractorParameters.ParamNamedValuesKeyVaultSecrets)
+                {
+                    parameters.Add(ParameterNames.NamedValueKeyVaultSecrets, new TemplateObjectParameterProperties() { Value = keyVaultNamedValues });
+                }
             }
 
             async Task AddSecretValuesParameters()

src/ArmTemplates/Extractor/Utilities/DataProcessors/Absctraction/INamedValuesDataProcessor.cs

@@ -0,0 +1,16 @@
+// --------------------------------------------------------------------------
+//  Copyright (c) Microsoft Corporation. All rights reserved.
+//  Licensed under the MIT License.
+// --------------------------------------------------------------------------
+
+using System.Collections.Generic;
+using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Templates.NamedValues;
+
+namespace Microsoft.Azure.Management.ApiManagement.ArmTemplates.Extractor.Utilities.DataProcessors.Absctraction
+{
+    public interface INamedValuesDataProcessor
+    {
+        void ProcessData(List<NamedValueTemplateResource> templateResources);
+        void ProcessSingleData(NamedValueTemplateResource templateResource);
+    }
+}

src/ArmTemplates/Extractor/Utilities/DataProcessors/NamedValuesDataProcessor.cs

@@ -0,0 +1,41 @@
+// --------------------------------------------------------------------------
+//  Copyright (c) Microsoft Corporation. All rights reserved.
+//  Licensed under the MIT License.
+// --------------------------------------------------------------------------
+
+using System.Collections.Generic;
+using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Extensions;
+using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Common.Templates.NamedValues;
+using Microsoft.Azure.Management.ApiManagement.ArmTemplates.Extractor.Utilities.DataProcessors.Absctraction;
+
+namespace Microsoft.Azure.Management.ApiManagement.ArmTemplates.Extractor.Utilities.DataProcessors
+{
+    public class NamedValuesDataProcessor : INamedValuesDataProcessor
+    {
+        public void ProcessData(List<NamedValueTemplateResource> templateResources)
+        {
+            if (templateResources.IsNullOrEmpty())
+            {
+                return;
+            }
+
+            foreach (var templateResource in templateResources)
+            {
+                this.ProcessSingleData(templateResource);
+            }
+        }
+
+        public void ProcessSingleData(NamedValueTemplateResource templateResource)
+        {
+            if (templateResource == null)
+            {
+                return;
+            }
+            
+            templateResource.OriginalName = templateResource.Name;
+            templateResource.Properties.OriginalValue = templateResource.Properties?.Value;
+
+            templateResource.Properties.OriginalKeyVaultSecretIdentifierValue = templateResource.Properties.KeyVault?.SecretIdentifier;
+        }
+    }
+}

src/ArmTemplates/ServiceExtensions.cs

@@ -74,6 +74,7 @@ static void SetupDataProcessors(IServiceCollection services)
             services.AddScoped<IProductApiDataProcessor, ProductApiDataProcessor>();
             services.AddScoped<IApiDataProcessor, ApiDataProcessor>();
             services.AddScoped<IApiOperationDataProcessor, ApiOperationDataProcessor>();
+            services.AddScoped<INamedValuesDataProcessor, NamedValuesDataProcessor>();
             services.AddScoped(typeof(ITemplateResourceDataProcessor<>), typeof(TemplateResourceDataProcessor<>));
         }
 

tests/ArmTemplates.Tests/Extractor/Scenarios/NamedValuesExtractorTests.cs

@@ -98,5 +98,56 @@ public async Task GenerateNamedValuesTemplates_ProperlyLaysTheInformation()
             namedValuesTemplate.TypedResources.NamedValues.First().Name.Should().Contain(MockNamedValuesClient.NamedValueName);
             namedValuesTemplate.TypedResources.NamedValues.First().Properties.DisplayName.Should().Contain(MockNamedValuesClient.NamedValueDisplayName);
         }
+
+        [Fact]
+        public async Task GenerateNamedValuesTemplates_ProperlyLaysTheInformation_GivenExtractSecretSetToTrue()
+        {
+            // arrange
+            var currentTestDirectory = Path.Combine(this.OutputDirectory, nameof(GenerateNamedValuesTemplates_ProperlyLaysTheInformation_GivenExtractSecretSetToTrue));
+
+            var extractorConfig = this.GetDefaultExtractorConsoleAppConfiguration(extractSecrets: "true");
+            var extractorParameters = new ExtractorParameters(extractorConfig);
+
+            var fileLocationNamedValues = Path.Combine(MockClientUtils.ApiClientJsonResponsesPath, "ApiManagementListNamedValues_success_response.json");
+            var fileLocationSecretValues = Path.Combine(MockClientUtils.ApiClientJsonResponsesPath, "ApiManagementNamedValueListValue_success_response.json");
+            var mockedNamedValuesClient = await MockNamedValuesClient.GetMockedHttpNamedValuesClient(
+                new MockClientConfiguration(responseFileLocation: fileLocationNamedValues, urlPath: $"/namedValues?api-version={GlobalConstants.ApiVersion}"),
+                new MockClientConfiguration(responseFileLocation: fileLocationSecretValues, urlPath: $"/namedValues/named-value-2/listValue?api-version={GlobalConstants.ApiVersion}"));
+
+            var namedValuesExtractor = new NamedValuesExtractor(
+                this.GetTestLogger<NamedValuesExtractor>(),
+                new TemplateBuilder(),
+                mockedNamedValuesClient,
+                default,
+                default);
+
+            var extractorExecutor = ExtractorExecutor.BuildExtractorExecutor(
+                this.GetTestLogger<ExtractorExecutor>(),
+                namedValuesExtractor: namedValuesExtractor);
+            extractorExecutor.SetExtractorParameters(extractorParameters);
+
+            // act
+            var namedValuesTemplate = await extractorExecutor.GenerateNamedValuesTemplateAsync(
+                null,
+                new List<PolicyTemplateResource>(){},
+                It.IsAny<List<LoggerTemplateResource>>(),
+                currentTestDirectory);
+
+            // assert
+            File.Exists(Path.Combine(currentTestDirectory, extractorParameters.FileNames.NamedValues)).Should().BeTrue();
+
+            namedValuesTemplate.Parameters.Should().ContainKey(ParameterNames.ApimServiceName);
+
+            namedValuesTemplate.TypedResources.NamedValues.Should().HaveCount(2);
+            namedValuesTemplate.Resources.Should().HaveCount(2);
+
+            var plainNamedValue = namedValuesTemplate.TypedResources.NamedValues.First(x => x.OriginalName.Equals("named-value-1"));
+            plainNamedValue.Should().NotBe(null);
+            plainNamedValue.Properties.Value.Should().Be("named-value-1-value");
+
+            var secretNamedValue = namedValuesTemplate.TypedResources.NamedValues.First(x => x.OriginalName.Equals("named-value-2"));
+            secretNamedValue.Should().NotBe(null);
+            secretNamedValue.Properties.Value.Should().Be("named-value-2");
+        }
     }
 }