microsoft · WaelAbuSeada · Feb 14, 2025
@@ -23,45 +23,32 @@ codeunit 2202 "Azure Key Vault Impl."
         NavAzureKeyVaultClient: DotNet AzureKeyVaultClientHelper;
         [NonDebuggable]
         AzureKeyVaultSecretProvider: DotNet IAzureKeyVaultSecretProvider;
-        SecretNotFoundErr: Label '%1 is not an application secret.', Comment = '%1 = Secret Name.';
         [NonDebuggable]
         CachedSecretsDictionary: Dictionary of [Text, Text];
         [NonDebuggable]
         CachedCertificatesDictionary: Dictionary of [Text, Text];
-        AllowedApplicationSecretsSecretNameTxt: Label 'AllowedApplicationSecrets', Locked = true;
-        [NonDebuggable]
-        AllowedSecretNamesList: List of [Text];
         IsKeyVaultClientInitialized: Boolean;
-        NoSecretsErr: Label 'The key vault did not have any secrets that are allowed to be fetched.';
-        AllowedApplicationSecretsSecretNotFetchedMsg: Label 'The list of allowed secret names could not be fetched.', Locked = true;
         AzureKeyVaultTxt: Label 'Azure Key Vault', Locked = true;
-        InitializeAllowedSecretNamesErr: Label 'Initialization of allowed secret names failed.';
         CertificateInfoTxt: Label 'Successfully constructed certificate from secret %1. Certificate thumbprint %2', Locked = true;
+        MissingSecretErr: Label 'The secret %1 is either missing or empty.', Comment = '%1 = Secret Name.';
 
     [NonDebuggable]
     procedure GetAzureKeyVaultSecret(SecretName: Text; var Secret: Text)
     begin
         // Gets the secret as a Text from the key vault, given a SecretName.
-
-        if not InitializeAllowedSecretNames() then
-            Error(InitializeAllowedSecretNamesErr);
-
-        if not IsSecretNameAllowed(SecretName) then
-            Error(SecretNotFoundErr, SecretName);
-
         Secret := GetSecretFromClient(SecretName);
+
+        if Secret.Trim() = '' then
+            Error(MissingSecretErr, SecretName);
     end;
 
     [NonDebuggable]
     procedure GetAzureKeyVaultSecret(SecretName: Text; var Secret: SecretText)
     begin
-        if not InitializeAllowedSecretNames() then
-            Error(InitializeAllowedSecretNamesErr);
-
-        if not IsSecretNameAllowed(SecretName) then
-            Error(SecretNotFoundErr, SecretName);
-
         Secret := GetSecretFromClient(SecretName);
+
+        if Secret.IsEmpty() then
+            Error(MissingSecretErr, SecretName);
     end;
 
     [NonDebuggable]
@@ -96,17 +83,9 @@ codeunit 2202 "Azure Key Vault Impl."
         Clear(AzureKeyVaultSecretProvider);
         Clear(CachedSecretsDictionary);
         Clear(CachedCertificatesDictionary);
-        Clear(AllowedSecretNamesList);
         IsKeyVaultClientInitialized := false;
     end;
 
-    [TryFunction]
-    [NonDebuggable]
-    local procedure TryGetSecretFromClient(SecretName: Text; var Secret: Text)
-    begin
-        Secret := GetSecretFromClient(SecretName);
-    end;
-
     [NonDebuggable]
     local procedure GetSecretFromClient(SecretName: Text) Secret: Text
     begin
@@ -151,37 +130,5 @@ codeunit 2202 "Azure Key Vault Impl."
         end;
         CachedCertificatesDictionary.Add(CertificateName, Certificate);
     end;
-
-    [NonDebuggable]
-    local procedure IsSecretNameAllowed(SecretName: Text): Boolean
-    var
-        UppercaseSecretName: Text;
-    begin
-        UppercaseSecretName := UpperCase(SecretName);
-        exit(AllowedSecretNamesList.Contains(UppercaseSecretName));
-    end;
-
-    [NonDebuggable]
-    local procedure InitializeAllowedSecretNames(): Boolean
-    var
-        AllowedSecretNames: Text;
-    begin
-        if AllowedSecretNamesList.Count() > 0 then
-            exit(true);
-
-        if not TryGetSecretFromClient(AllowedApplicationSecretsSecretNameTxt, AllowedSecretNames) then begin
-            Session.LogMessage('0000970', AllowedApplicationSecretsSecretNotFetchedMsg, Verbosity::Error, DataClassification::SystemMetadata, TelemetryScope::ExtensionPublisher, 'Category', AzureKeyVaultTxt);
-            exit(false);
-        end;
-
-        AllowedSecretNames := UpperCase(AllowedSecretNames);
-        if StrLen(AllowedSecretNames) = 0 then begin
-            Session.LogMessage('00008E8', NoSecretsErr, Verbosity::Error, DataClassification::SystemMetadata, TelemetryScope::ExtensionPublisher, 'Category', AzureKeyVaultTxt);
-            exit(false);
-        end;
-
-        AllowedSecretNamesList := AllowedSecretNames.Split(',');
-        exit(true);
-    end;
 }
 
@@ -22,10 +22,8 @@ codeunit 135212 "Azure Key Vault Test"
 
     var
         Assert: Codeunit "Library Assert";
-        SecretNotFoundErr: Label '%1 is not an application secret.', Comment = '%1 = Secret Name.';
-        SecretNotInitializedTxt: Label 'Initialization of allowed secret names failed';
         KeyVaultNotInitializedTxt: Label 'Azure key vault has not been set up';
-        AllowedApplicationSecretsSecretNameTxt: Label 'AllowedApplicationSecrets', Locked = true;
+        MissingSecretErr: Label '%1 is either missing or empty', Locked = true;
 
     [Test]
     [TransactionModel(TransactionModel::AutoRollback)]
@@ -41,7 +39,6 @@ codeunit 135212 "Azure Key Vault Test"
 
         // [GIVEN] A configured Azure Key Vault
         MockAzureKeyvaultSecretProvider := MockAzureKeyvaultSecretProvider.MockAzureKeyVaultSecretProvider();
-        MockAzureKeyvaultSecretProvider.AddSecretMapping(AllowedApplicationSecretsSecretNameTxt, 'some-secret,');
         MockAzureKeyvaultSecretProvider.AddSecretMapping('some-secret', 'SecretFromKeyVault');
         AzureKeyVaultTestLibrary.SetAzureKeyVaultSecretProvider(MockAzureKeyvaultSecretProvider);
 
@@ -67,7 +64,6 @@ codeunit 135212 "Azure Key Vault Test"
 
         // [GIVEN] A configured Azure Key Vault
         FirstMockAzureKeyvaultSecretProvider := FirstMockAzureKeyvaultSecretProvider.MockAzureKeyVaultSecretProvider();
-        FirstMockAzureKeyvaultSecretProvider.AddSecretMapping(AllowedApplicationSecretsSecretNameTxt, 'some-secret');
         FirstMockAzureKeyvaultSecretProvider.AddSecretMapping('some-secret', 'AnotherSecretFromTheKeyVault');
         AzureKeyVaultTestLibrary.SetAzureKeyVaultSecretProvider(FirstMockAzureKeyvaultSecretProvider);
 
@@ -79,7 +75,6 @@ codeunit 135212 "Azure Key Vault Test"
 
         // [WHEN] The Key Vault Secret Provider is changed
         SecondMockAzureKeyvaultSecretProvider := SecondMockAzureKeyvaultSecretProvider.MockAzureKeyVaultSecretProvider();
-        SecondMockAzureKeyvaultSecretProvider.AddSecretMapping(AllowedApplicationSecretsSecretNameTxt, 'some-secret');
         SecondMockAzureKeyvaultSecretProvider.AddSecretMapping('some-secret', 'SecretFromKeyVault');
         AzureKeyVaultTestLibrary.SetAzureKeyVaultSecretProvider(SecondMockAzureKeyvaultSecretProvider);
         AzureKeyVault.GetAzureKeyVaultSecret('some-secret', Secret);
@@ -101,15 +96,12 @@ codeunit 135212 "Azure Key Vault Test"
 
         // [GIVEN] A configured Azure Key Vault
         MockAzureKeyvaultSecretProvider := MockAzureKeyvaultSecretProvider.MockAzureKeyVaultSecretProvider();
-        MockAzureKeyvaultSecretProvider.AddSecretMapping(AllowedApplicationSecretsSecretNameTxt, 'somesecret');
-        MockAzureKeyvaultSecretProvider.AddSecretMapping('somesecret', 'AnotherSecretFromTheKeyVault');
+        MockAzureKeyvaultSecretProvider.AddSecretMapping('some-secret', 'SecretFromKeyVault');
         AzureKeyVaultTestLibrary.SetAzureKeyVaultSecretProvider(MockAzureKeyvaultSecretProvider);
 
         // [WHEN] The key vault is called with an unknown key
         asserterror AzureKeyVault.GetAzureKeyVaultSecret('somekeythatdoesnotexist', Secret);
-
-        // [THEN] An error is thrown
-        Assert.ExpectedError(StrSubstNo(SecretNotFoundErr, 'somekeythatdoesnotexist'));
+        Assert.ExpectedError(StrSubstNo(MissingSecretErr, 'somekeythatdoesnotexist'));
     end;
 
     [Test]
@@ -125,7 +117,6 @@ codeunit 135212 "Azure Key Vault Test"
 
         // [GIVEN] A configured Azure Key Vault
         MockAzureKeyvaultSecretProvider := MockAzureKeyvaultSecretProvider.MockAzureKeyVaultSecretProvider();
-        MockAzureKeyvaultSecretProvider.AddSecretMapping(AllowedApplicationSecretsSecretNameTxt, 'somesecret');
         MockAzureKeyvaultSecretProvider.AddSecretMapping('somesecret', 'SecretFromKeyVault');
         AzureKeyVaultTestLibrary.SetAzureKeyVaultSecretProvider(MockAzureKeyvaultSecretProvider);
 
@@ -137,10 +128,6 @@ codeunit 135212 "Azure Key Vault Test"
 
         // [WHEN] The key vault secrets are cleared and the same secret is retrieved
         AzureKeyVaultTestLibrary.ClearSecrets();
-
-        // [THEN] The secret is no longer accessible and an error is thrown
-        asserterror AzureKeyVault.GetAzureKeyVaultSecret('somesecret', Secret);
-        Assert.ExpectedError(SecretNotInitializedTxt);
     end;
 
     [Test]

@@ -40,7 +40,6 @@ codeunit 138074 "Satisfaction Survey Tests"
         RequestTimeoutTxt: Label 'NpsRequestTimeout', Locked = true;
         CacheLifeTimeTxt: Label 'NpsCacheLifeTime', Locked = true;
         ParametersTxt: Label 'NpsParameters', Locked = true;
-        AllowedApplicationSecretsTxt: Label 'AllowedApplicationSecrets', Locked = true;
         FinacialsTok: Label 'FIN', Locked = true;
 
     [Test]
@@ -555,7 +554,6 @@ codeunit 138074 "Satisfaction Survey Tests"
         JObject.Add(CacheLifeTimeTxt, CacheLifeTimeMinutes);
         JObject.WriteTo(ParametersValue);
         MockAzureKeyvaultSecretProvider := MockAzureKeyvaultSecretProvider.MockAzureKeyVaultSecretProvider();
-        MockAzureKeyvaultSecretProvider.AddSecretMapping(AllowedApplicationSecretsTxt, ParametersTxt);
         MockAzureKeyvaultSecretProvider.AddSecretMapping(ParametersTxt, ParametersValue);
         AzureKeyVaultTestLibrary.SetAzureKeyVaultSecretProvider(MockAzureKeyVaultSecretProvider);
     end;