KeyVault integration for Gallery #3174
Conversation
| @@ -1,89 +1,92 @@ | |||
| # Find IIS | |||
There was a problem hiding this comment.
Not sure what the change is in this mega red block :-) (could be GitHub going crazy)
There was a problem hiding this comment.
You should use CodeFlow :) I just added a line at the bottom that copies Microsoft internal corporate root cert to root (same as search service)
In reply to: 72744338 [](ancestors = 72744338)
There was a problem hiding this comment.
You can add ?w=1 to ignore whitespacing at the end of the URL in browser. This will show only relevant changes.
There was a problem hiding this comment.
https://github.com/NuGet/NuGetGallery/pull/3174/files?w=1 does not show these changes that seem to not have any effect on the actual code being executed.
|
Added some comments. The Other than that LGTM - Make sure to squash during the merge :-) |
| netsh http add sslcert hostnameport=$hostname`:$port certhash=$thumbprint appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}' certstorename=MY | ||
| } | ||
|
|
||
| # Install Microsoft internal corporate root required for KeyVault access to LocalMachine\AuthRoot (it's not supported by azure, hence we install to cert to CA store, and then need to move it) |
There was a problem hiding this comment.
nit - # Install the Microsoft Internal Corporate root cert required for KeyVault access to LocalMachine\AuthRoot (it's not supported by Azure, hence we install the cert... #Resolved
|
LGTM, just a couple nits |
Changed the ConfigurationService to use ISecretReader to extract secrets from gallery.
Introduced CachingSecretReader to prevent excessive calls to KeyVault to get the same values, which is expensive, and also might cause a deadlock if not done correctly (http://stackoverflow.com/questions/32594642/azure-keyvault-active-directory-acquiretokenasync-timeout-when-called-asynchrono)