add testcases

Author: zhiyuanliang-ms

src/AzureAppConfigurationImpl.ts

@@ -173,7 +173,7 @@ export class AzureAppConfigurationImpl implements AzureAppConfiguration {
             const { secretRefreshIntervalInMs } = options.keyVaultOptions;
             if (secretRefreshIntervalInMs !== undefined) {
                 if (secretRefreshIntervalInMs < MIN_SECRET_REFRESH_INTERVAL_IN_MS) {
-                    throw new RangeError(`The key vault secret refresh interval cannot be less than ${MIN_REFRESH_INTERVAL_IN_MS} milliseconds.`);
+                    throw new RangeError(`The key vault secret refresh interval cannot be less than ${MIN_SECRET_REFRESH_INTERVAL_IN_MS} milliseconds.`);
                 }
                 this.#secretRefreshEnabled = true;
                 this.#secretRefreshTimer = new RefreshTimer(secretRefreshIntervalInMs);
@@ -497,7 +497,7 @@ export class AzureAppConfigurationImpl implements AzureAppConfiguration {
             await this.#updateWatchedKeyValuesEtag(loadedSettings);
         }
 
-        // clear all cached key vault references
+        // clear all cached key vault reference configuration settings
         this.#secretReferences = [];
         for (const setting of loadedSettings) {
             if (this.#secretRefreshEnabled && isSecretReference(setting)) {
@@ -591,6 +591,9 @@ export class AzureAppConfigurationImpl implements AzureAppConfiguration {
         }
 
         if (needRefresh) {
+            for (const adapter of this.#adapters) {
+                await adapter.onChangeDetected();
+            }
             await this.#loadSelectedAndWatchedKeyValues();
         }
 

src/IKeyValueAdapter.ts

@@ -13,4 +13,9 @@ export interface IKeyValueAdapter {
      * This method process the original configuration setting, and returns processed key and value in an array.
      */
     processKeyValue(setting: ConfigurationSetting): Promise<[string, unknown]>;
-}
+
+    /**
+     * This method is called when a change is detected in the configuration setting.
+     */
+    onChangeDetected(setting?: ConfigurationSetting): void;
+}

src/JsonKeyValueAdapter.ts

@@ -33,6 +33,10 @@ export class JsonKeyValueAdapter implements IKeyValueAdapter {
         }
         return [setting.key, parsedValue];
     }
+
+    async onChangeDetected(): Promise<void> {
+        return;
+    }
 }
 
 // Determine whether a content type string is a valid JSON content type.

src/keyvault/AzureKeyVaultKeyValueAdapter.ts

@@ -40,6 +40,11 @@ export class AzureKeyVaultKeyValueAdapter implements IKeyValueAdapter {
             throw new KeyVaultReferenceError(buildKeyVaultReferenceErrorMessage(error.message, setting, secretIdentifier.sourceId));
         }
     }
+
+    async onChangeDetected(): Promise<void> {
+        this.#keyVaultSecretProvider.clearCache();
+        return;
+    }
 }
 
 function buildKeyVaultReferenceErrorMessage(message: string, setting: ConfigurationSetting, secretIdentifier?: string ): string {

src/keyvault/AzureKeyVaultSecretProvider.ts

@@ -5,11 +5,13 @@ import { KeyVaultOptions } from "./KeyVaultOptions.js";
 import { RefreshTimer } from "../refresh/RefreshTimer.js";
 import { getUrlHost } from "../common/utils.js";
 import { ArgumentError } from "../error.js";
-import { SecretClient,  KeyVaultSecretIdentifier } from "@azure/keyvault-secrets";
+import { SecretClient, KeyVaultSecretIdentifier } from "@azure/keyvault-secrets";
 
 export class AzureKeyVaultSecretProvider {
     #keyVaultOptions: KeyVaultOptions | undefined;
+    #refreshTimer: RefreshTimer | undefined;
     #secretClients: Map<string, SecretClient>; // map key vault hostname to corresponding secret client
+    #cachedSecretValue: Map<string, any> = new Map<string, any>(); // map secret identifier to secret value
 
     constructor(keyVaultOptions: KeyVaultOptions | undefined, refreshTimer?: RefreshTimer) {
         if (keyVaultOptions?.secretRefreshIntervalInMs !== undefined) {
@@ -21,13 +23,37 @@ export class AzureKeyVaultSecretProvider {
             }
         }
         this.#keyVaultOptions = keyVaultOptions;
+        this.#refreshTimer = refreshTimer;
         this.#secretClients = new Map();
         for (const client of this.#keyVaultOptions?.secretClients ?? []) {
             this.#secretClients.set(getUrlHost(client.vaultUrl), client);
         }
     }
 
     async getSecretValue(secretIdentifier: KeyVaultSecretIdentifier): Promise<unknown> {
+        if (this.#refreshTimer && !this.#refreshTimer.canRefresh()) {
+            // return the cached secret value if it exists
+            if (this.#cachedSecretValue.has(secretIdentifier.sourceId)) {
+                const cachedValue = this.#cachedSecretValue.get(secretIdentifier.sourceId);
+                return cachedValue;
+            }
+            // not found in cache, get the secret value from key vault
+            const secretValue = await this.#getSecretValueFromKeyVault(secretIdentifier);
+            this.#cachedSecretValue.set(secretIdentifier.sourceId, secretValue);
+            return secretValue;
+        }
+
+        // Always reload the secret value from key vault when the refresh timer expires.
+        const secretValue = await this.#getSecretValueFromKeyVault(secretIdentifier);
+        this.#cachedSecretValue.set(secretIdentifier.sourceId, secretValue);
+        return secretValue;
+    }
+
+    clearCache(): void {
+        this.#cachedSecretValue.clear();
+    }
+
+    async #getSecretValueFromKeyVault(secretIdentifier: KeyVaultSecretIdentifier): Promise<unknown> {
         if (!this.#keyVaultOptions) {
             throw new ArgumentError("Failed to get secret value. The keyVaultOptions is not configured.");
         }
@@ -43,6 +69,7 @@ export class AzureKeyVaultSecretProvider {
         }
         // When code reaches here, it means that the key vault reference cannot be resolved in all possible ways.
         throw new ArgumentError("Failed to get secret value. No key vault secret client, credential or secret resolver callback is available to resolve the secret.");
+
     }
 
     #getSecretClient(vaultUrl: URL): SecretClient | undefined {

src/keyvault/KeyVaultOptions.ts

@@ -24,7 +24,6 @@ export interface KeyVaultOptions {
      * Specifies the refresh interval in milliseconds for periodically reloading secret from Key Vault.
      * @remarks
      * If specified, the value must be greater than 60 seconds.
-     * Any refresh operation triggered using @see AzureAppConfiguration.refresh() will not update the value for a Key Vault secret until the refresh interval has expired.
      */
     secretRefreshIntervalInMs?: number;
 

test/exportedApi.ts

@@ -1,4 +1,4 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
-export { load } from "../src";
+export { load } from "../src";

test/keyvault.test.ts

@@ -6,7 +6,7 @@ import * as chaiAsPromised from "chai-as-promised";
 chai.use(chaiAsPromised);
 const expect = chai.expect;
 import { load } from "./exportedApi.js";
-import { MAX_TIME_OUT, sinon, createMockedConnectionString, createMockedTokenCredential, mockAppConfigurationClientListConfigurationSettings, mockSecretClientGetSecret, restoreMocks, createMockedKeyVaultReference } from "./utils/testHelper.js";
+import { MAX_TIME_OUT, sinon, createMockedConnectionString, createMockedTokenCredential, mockAppConfigurationClientListConfigurationSettings, mockSecretClientGetSecret, restoreMocks, createMockedKeyVaultReference, sleepInMs } from "./utils/testHelper.js";
 import { KeyVaultSecret, SecretClient } from "@azure/keyvault-secrets";
 
 const mockedData = [
@@ -113,3 +113,62 @@ describe("key vault reference", function () {
         expect(settings.get("TestKey2")).eq("SecretValue2");
     });
 });
+
+describe("key vault secret refresh", function () {
+    this.timeout(MAX_TIME_OUT);
+
+    beforeEach(() => {
+        const data = [
+            ["TestKey", "https://fake-vault-name.vault.azure.net/secrets/fakeSecretName", "SecretValue"]
+        ];
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const kvs = data.map(([key, vaultUri, _value]) => createMockedKeyVaultReference(key, vaultUri));
+        mockAppConfigurationClientListConfigurationSettings([kvs]);
+    });
+
+    afterEach(() => {
+        restoreMocks();
+    });
+
+    it("should not allow secret refresh interval less than 1 minute", async () => {
+        const connectionString = createMockedConnectionString();
+        const loadWithInvalidSecretRefreshInterval = load(connectionString, {
+            keyVaultOptions: {
+                secretClients: [
+                    new SecretClient("https://fake-vault-name.vault.azure.net", createMockedTokenCredential()),
+                ],
+                secretRefreshIntervalInMs: 59999
+            }
+        });
+        return expect(loadWithInvalidSecretRefreshInterval).eventually.rejectedWith("The key vault secret refresh interval cannot be less than 60000 milliseconds.");
+    });
+
+    it("should reload key vault secret when there is no change to key-values", async () => {
+        const client = new SecretClient("https://fake-vault-name.vault.azure.net", createMockedTokenCredential());
+        const stub = sinon.stub(client, "getSecret");
+        stub.onCall(0).resolves({ value: "SecretValue" } as KeyVaultSecret);
+        stub.onCall(1).resolves({ value: "SecretValue - Updated" } as KeyVaultSecret);
+
+        const settings = await load(createMockedConnectionString(), {
+            keyVaultOptions: {
+                secretClients: [
+                    client
+                ],
+                credential: createMockedTokenCredential(),
+                secretRefreshIntervalInMs: 60_000
+            }
+        });
+        expect(settings).not.undefined;
+        expect(settings.get("TestKey")).eq("SecretValue");
+
+        await sleepInMs(30_000);
+        await settings.refresh();
+        // use cached value
+        expect(settings.get("TestKey")).eq("SecretValue");
+
+        await sleepInMs(30_000);
+        await settings.refresh();
+        // secret refresh interval expires, reload secret value
+        expect(settings.get("TestKey")).eq("SecretValue - Updated");
+    });
+});

test/refresh.test.ts

@@ -438,7 +438,7 @@ describe("dynamic refresh", function () {
 });
 
 describe("dynamic refresh feature flags", function () {
-    this.timeout(10000);
+    this.timeout(MAX_TIME_OUT);
 
     beforeEach(() => {
     });

test/utils/testHelper.ts

@@ -13,7 +13,7 @@ import * as crypto from "crypto";
 import { ConfigurationClientManager } from "../../src/ConfigurationClientManager.js";
 import { ConfigurationClientWrapper } from "../../src/ConfigurationClientWrapper.js";
 
-const MAX_TIME_OUT = 20000;
+const MAX_TIME_OUT = 100_000;
 
 const TEST_CLIENT_ID = "00000000-0000-0000-0000-000000000000";
 const TEST_TENANT_ID = "00000000-0000-0000-0000-000000000000";