Azure MCP Server

// Copyright (c) Microsoft Corporation. // Licensed under the MIT License. using System.CommandLine.Parsing; using System.Text.Json.Serialization; using AzureMcp.Core.Models.Command; using AzureMcp.Core.Options; using AzureMcp.KeyVault.Commands.Certificate; using AzureMcp.KeyVault.Services; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using NSubstitute; using NSubstitute.ExceptionExtensions; using Xunit; namespace AzureMcp.KeyVault.UnitTests.Certificate; public class CertificateGetCommandTests { private readonly IServiceProvider _serviceProvider; private readonly IKeyVaultService _keyVaultService; private readonly ILogger<CertificateGetCommand> _logger; private readonly CertificateGetCommand _command; private readonly CommandContext _context; private readonly Parser _parser; private const string _knownSubscriptionId = "knownSubscription"; private const string _knownVaultName = "knownVaultName"; private const string _knownCertificateName = "knownCertificateName"; public CertificateGetCommandTests() { _keyVaultService = Substitute.For<IKeyVaultService>(); _logger = Substitute.For<ILogger<CertificateGetCommand>>(); var collection = new ServiceCollection(); collection.AddSingleton(_keyVaultService); _serviceProvider = collection.BuildServiceProvider(); _command = new(_logger); _context = new(_serviceProvider); _parser = new(_command.GetCommand()); } [Fact] public async Task ExecuteAsync_CallsServiceCorrectly() { // Arrange var expectedError = "Expected test error"; // TODO (vcolin7): Find a way to mock KeyVaultCertificateWithPolicy // We'll test that the service is called correctly, but let it fail since mocking the return is complex _keyVaultService.GetCertificate( Arg.Is(_knownVaultName), Arg.Is(_knownCertificateName), Arg.Is(_knownSubscriptionId), Arg.Any<string>(), Arg.Any<RetryPolicyOptions>()) .ThrowsAsync(new Exception(expectedError)); var args = _parser.Parse([ "--vault", _knownVaultName, "--certificate", _knownCertificateName, "--subscription", _knownSubscriptionId ]); // Act var response = await _command.ExecuteAsync(_context, args); // Assert - Verify the service was called with correct parameters await _keyVaultService.Received(1).GetCertificate( Arg.Is(_knownVaultName), Arg.Is(_knownCertificateName), Arg.Is(_knownSubscriptionId), Arg.Any<string>(), Arg.Any<RetryPolicyOptions>()); // Should handle the exception Assert.Equal(500, response.Status); } [Fact] public async Task ExecuteAsync_ReturnsInvalidObject_IfCertificateNameIsEmpty() { // Arrange - No need to mock service since validation should fail before service is called var args = _parser.Parse([ "--vault", _knownVaultName, "--certificate", "", "--subscription", _knownSubscriptionId ]); // Act var response = await _command.ExecuteAsync(_context, args); // Assert - Should return validation error response Assert.NotNull(response); Assert.Equal(400, response.Status); Assert.Contains("required", response.Message.ToLower()); } [Fact] public async Task ExecuteAsync_HandlesException() { // Arrange var expectedError = "Test error"; _keyVaultService.GetCertificate( Arg.Is(_knownVaultName), Arg.Is(_knownCertificateName), Arg.Is(_knownSubscriptionId), Arg.Any<string>(), Arg.Any<RetryPolicyOptions>()) .ThrowsAsync(new Exception(expectedError)); var args = _parser.Parse([ "--vault", _knownVaultName, "--certificate", _knownCertificateName, "--subscription", _knownSubscriptionId ]); // Act var response = await _command.ExecuteAsync(_context, args); // Assert Assert.NotNull(response); Assert.Equal(500, response.Status); Assert.StartsWith(expectedError, response.Message); } private class CertificateGetResult { [JsonPropertyName("name")] public string Name { get; set; } = null!; [JsonPropertyName("id")] public Uri Id { get; set; } = new Uri("about:blank"); [JsonPropertyName("keyId")] public Uri KeyId { get; set; } = new Uri("about:blank"); [JsonPropertyName("secretId")] public Uri SecretId { get; set; } = new Uri("about:blank"); [JsonPropertyName("enabled")] public bool? Enabled { get; set; } [JsonPropertyName("notBefore")] public DateTimeOffset? NotBefore { get; set; } [JsonPropertyName("expiresOn")] public DateTimeOffset? ExpiresOn { get; set; } [JsonPropertyName("createdOn")] public DateTimeOffset? CreatedOn { get; set; } [JsonPropertyName("updatedOn")] public DateTimeOffset? UpdatedOn { get; set; } [JsonPropertyName("subject")] public string Subject { get; set; } = null!; [JsonPropertyName("issuerName")] public string IssuerName { get; set; } = null!; } }