Add WithKeyVault method (#228)

Author: justinyoo

.github/workflows/azure-dev-build-only.yml

@@ -58,6 +58,7 @@ jobs:
         dotnet test --logger "trx" --collect:"XPlat Code Coverage"
 
     - name: Publish test results
+      if: ${{ !cancelled() }}
       id: test-report
       uses: bibipkins/dotnet-test-reporter@main
       with:

src/AzureOpenAIProxy.ApiApp/Extensions/OpenAISettingsBuilderExtensions.cs

@@ -1,4 +1,8 @@
-using AzureOpenAIProxy.ApiApp.Builders;
+using System.Text.Json;
+
+using Azure.Security.KeyVault.Secrets;
+
+using AzureOpenAIProxy.ApiApp.Builders;
 using AzureOpenAIProxy.ApiApp.Configurations;
 
 namespace AzureOpenAIProxy.ApiApp.Extensions;
@@ -26,4 +30,30 @@ public static IOpenAISettingsBuilder WithAppSettings(this IOpenAISettingsBuilder
 
         return builder;
     }
+
+    /// <summary>
+    /// Sets the list of <see cref="OpenAIInstanceSettings"/> instances from Key Vault.
+    /// </summary>
+    /// <param name="builder"><see cref="IOpenAISettingsBuilder"/> instance.</param>
+    /// <param name="sp"><see cref="IServiceProvider"/> instance.</param>
+    /// <returns>Returns <see cref="IOpenAISettingsBuilder"/> instance.</returns>
+    public static IOpenAISettingsBuilder WithKeyVault(this IOpenAISettingsBuilder builder, IServiceProvider sp)
+    {
+        var configuration = sp.GetService<IConfiguration>()
+            ?? throw new InvalidOperationException($"{nameof(IConfiguration)} service is not registered.");
+
+        var settings = configuration.GetSection(AzureSettings.Name).GetSection(KeyVaultSettings.Name).Get<KeyVaultSettings>()
+            ?? throw new InvalidOperationException($"{nameof(KeyVaultSettings)} could not be retrieved from the configuration.");
+
+        var client = sp.GetService<SecretClient>()
+            ?? throw new InvalidOperationException($"{nameof(SecretClient)} service is not registered.");
+
+        var value = client.GetSecret(settings.SecretName!).Value.Value;
+
+        var instances = JsonSerializer.Deserialize<List<OpenAIInstanceSettings>>(value);
+
+        builder.SetOpenAIInstances(instances);
+
+        return builder;
+    }
 }

src/AzureOpenAIProxy.ApiApp/Extensions/ServiceCollectionExtensions.cs

@@ -22,15 +22,25 @@ public static class ServiceCollectionExtensions
     /// <returns>Returns <see cref="IServiceCollection"/> instance.</returns>
     public static IServiceCollection AddKeyVaultService(this IServiceCollection services)
     {
-        services.AddScoped<SecretClient>(sp =>
+        services.AddSingleton<SecretClient>(sp =>
         {
             var configuration = sp.GetService<IConfiguration>()
                 ?? throw new InvalidOperationException($"{nameof(IConfiguration)} service is not registered.");
 
             var settings = configuration.GetSection(AzureSettings.Name).GetSection(KeyVaultSettings.Name).Get<KeyVaultSettings>()
                 ?? throw new InvalidOperationException($"{nameof(KeyVaultSettings)} could not be retrieved from the configuration.");
 
-            var client = new SecretClient(new Uri(settings.VaultUri!), new DefaultAzureCredential());
+            if (string.IsNullOrWhiteSpace(settings.VaultUri) == true)
+            {
+                throw new InvalidOperationException($"{nameof(KeyVaultSettings.VaultUri)} is not defined.");
+            }
+
+            if (string.IsNullOrWhiteSpace(settings.SecretName) == true)
+            {
+                throw new InvalidOperationException($"{nameof(KeyVaultSettings.SecretName)} is not defined.");
+            }
+
+            var client = new SecretClient(new Uri(settings.VaultUri), new DefaultAzureCredential());
 
             return client;
         });
@@ -48,8 +58,8 @@ public static IServiceCollection AddOpenAISettings(this IServiceCollection servi
         services.AddSingleton<OpenAISettings>(sp =>
         {
             var settings = new OpenAISettingsBuilder()
-                               .WithAppSettings(sp)
-                               //.WithKeyVault(sp)
+                               //.WithAppSettings(sp)
+                               .WithKeyVault(sp)
                                .Build();
 
             return settings;

test/AzureOpenAIProxy.ApiApp.Tests/Extensions/OpenAISettingsBuilderExtensionsTests.cs

@@ -1,4 +1,7 @@
-using AzureOpenAIProxy.ApiApp.Builders;
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
+
+using AzureOpenAIProxy.ApiApp.Builders;
 using AzureOpenAIProxy.ApiApp.Extensions;
 
 using FluentAssertions;
@@ -217,4 +220,56 @@ public void Given_AppSettings_When_Invoked_WithAppSettings_Then_It_Should_Return
             result.Instances.First().DeploymentNames.Should().Contain(dn);
         }
     }
+
+    [Fact]
+    public void Given_Empty_KeyVaultSettings_When_Invoked_WithKeyVault_Then_It_Should_Throw_Exception()
+    {
+        // Arrange
+        var dict = new Dictionary<string, string>()
+        {
+            { "Azure:KeyVault", string.Empty }
+        };
+#pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();
+#pragma warning restore CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+
+        var sp = Substitute.For<IServiceProvider>();
+        ServiceProviderServiceExtensions.GetService<IConfiguration>(sp).Returns(config);
+
+        var builder = new OpenAISettingsBuilder();
+
+        // Act
+        Action action = () => builder.WithKeyVault(sp)
+                                     .Build();
+
+        // Assert
+        action.Should().Throw<InvalidOperationException>();
+    }
+
+    [Theory]
+    [InlineData("http://localhost")]
+    public void Given_Null_SecretClient_When_Invoked_WithKeyVault_Then_It_Should_Throw_Exception(string vaultUri)
+    {
+        // Arrange
+        var dict = new Dictionary<string, string>()
+        {
+            { "Azure:KeyVault:VaultUri", vaultUri }
+        };
+#pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();
+#pragma warning restore CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+
+        var client = new SecretClient(new Uri(vaultUri), new DefaultAzureCredential());
+
+        var sp = Substitute.For<IServiceProvider>();
+        ServiceProviderServiceExtensions.GetService<IConfiguration>(sp).Returns(config);
+
+        var builder = new OpenAISettingsBuilder();
+
+        // Act
+        Action action = () => builder.WithKeyVault(sp).Build();
+
+        // Assert
+        action.Should().Throw<InvalidOperationException>();
+    }
 }

test/AzureOpenAIProxy.ApiApp.Tests/Extensions/ServiceCollectionExtensionsTests.cs

@@ -83,14 +83,89 @@ public void Given_Empty_KeyVaultSettings_When_Invoked_AddKeyVaultService_Then_It
     }
 
     [Theory]
-    [InlineData("http://localhost")]
-    public void Given_AppSettings_When_Invoked_AddKeyVaultService_Then_It_Should_Return_SecretClient(string vaultUri)
+    [InlineData(default(string), "secret-name")]
+    [InlineData("", "secret-name")]
+    public void Given_NullOrEmpty_VaultUri_When_Invoked_AddKeyVaultService_Then_It_Should_Throw_Exception(string? vaultUri, string secretName)
+    {
+        // Arrange
+        var services = new ServiceCollection();
+        var dict = new Dictionary<string, string>()
+        {
+            { "Azure:KeyVault:VaultUri", vaultUri! },
+            { "Azure:KeyVault:SecretName", secretName },
+        };
+#pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();
+#pragma warning restore CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        services.AddSingleton<IConfiguration>(config);
+        services.AddKeyVaultService();
+
+        // Act
+        Action action = () => services.BuildServiceProvider().GetService<SecretClient>();
+
+        // Assert
+        action.Should().Throw<InvalidOperationException>();
+    }
+
+    [Theory]
+    [InlineData("http://localhost", default(string))]
+    [InlineData("http://localhost", "")]
+    public void Given_NullOrEmpty_SecretName_When_Invoked_AddKeyVaultService_Then_It_Should_Throw_Exception(string vaultUri, string? secretName)
+    {
+        // Arrange
+        var services = new ServiceCollection();
+        var dict = new Dictionary<string, string>()
+        {
+            { "Azure:KeyVault:VaultUri", vaultUri },
+            { "Azure:KeyVault:SecretName", secretName! },
+        };
+#pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();
+#pragma warning restore CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        services.AddSingleton<IConfiguration>(config);
+        services.AddKeyVaultService();
+
+        // Act
+        Action action = () => services.BuildServiceProvider().GetService<SecretClient>();
+
+        // Assert
+        action.Should().Throw<InvalidOperationException>();
+    }
+
+    [Theory]
+    [InlineData("abcde", "secret-name")]
+    public void Given_Invalid_VaultUri_When_Invoked_AddKeyVaultService_Then_It_Should_Throw_Exception(string vaultUri, string secretName)
+    {
+        // Arrange
+        var services = new ServiceCollection();
+        var dict = new Dictionary<string, string>()
+        {
+            { "Azure:KeyVault:VaultUri", vaultUri },
+            { "Azure:KeyVault:SecretName", secretName },
+        };
+#pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();
+#pragma warning restore CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
+        services.AddSingleton<IConfiguration>(config);
+        services.AddKeyVaultService();
+
+        // Act
+        Action action = () => services.BuildServiceProvider().GetService<SecretClient>();
+
+        // Assert
+        action.Should().Throw<UriFormatException>();
+    }
+
+    [Theory]
+    [InlineData("http://localhost", "secret-name")]
+    public void Given_AppSettings_When_Invoked_AddKeyVaultService_Then_It_Should_Return_SecretClient(string vaultUri, string secretName)
     {
         // Arrange
         var services = new ServiceCollection();
         var dict = new Dictionary<string, string>()
         {
             { "Azure:KeyVault:VaultUri", vaultUri },
+            { "Azure:KeyVault:SecretName", secretName },
         };
 #pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
         var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();
@@ -107,14 +182,15 @@ public void Given_AppSettings_When_Invoked_AddKeyVaultService_Then_It_Should_Ret
     }
 
     [Theory]
-    [InlineData("http://localhost")]
-    public void Given_AppSettings_When_Invoked_AddKeyVaultService_Then_It_Should_Return_VaultUri(string vaultUri)
+    [InlineData("http://localhost", "secret-name")]
+    public void Given_AppSettings_When_Invoked_AddKeyVaultService_Then_It_Should_Return_VaultUri(string vaultUri, string secretName)
     {
         // Arrange
         var services = new ServiceCollection();
         var dict = new Dictionary<string, string>()
         {
             { "Azure:KeyVault:VaultUri", vaultUri },
+            { "Azure:KeyVault:SecretName", secretName },
         };
 #pragma warning disable CS8620 // Argument cannot be used for parameter due to differences in the nullability of reference types.
         var config = new ConfigurationBuilder().AddInMemoryCollection(dict).Build();