public async Task AppRoleLoginConnector_Test()
{
// PRE-Test
VaultSystemBackend vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault);
string approleMountName = _UK.GetKey("AppAuth");
// Create an AppRole authentication connection.
AppRoleAuthEngine appRoleAuthEngine = (AppRoleAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole, "AppRole", approleMountName);
// Create an Authentication method of App Role. - This only needs to be done when the Auth method is created.
AuthMethod am = new AuthMethod(approleMountName, EnumAuthMethods.AppRole);
bool rc = await vaultSystemBackend.AuthEnable(am);
string rName = _UK.GetKey("Role");
AppRole roleA = new AppRole(rName);
Assert.True(await appRoleAuthEngine.SaveRole(roleA));
string roleID = await appRoleAuthEngine.ReadRoleID(roleA.Name);
// Now create the a secret
AppRoleSecret secret_A = await appRoleAuthEngine.GenerateSecretID(roleA.Name);
// ACTUAL TEST
// Create Login Connector
AppRoleLoginConnector loginConnector = new AppRoleLoginConnector(_vault, approleMountName, "Test AppRole", roleID, secret_A.ID);
bool result = await loginConnector.Connect(true);
Assert.IsTrue(result, "A10: Login Failed");
}
/// <summary>
/// This particular test was running consistently 15x slower than any other test. ~250ms
/// </summary>
/// <returns></returns>
public async Task AppRoleBE_UpdateRoleID()
{
string rName = _uniqueKeys.GetKey("Role");
AppRole ar = new AppRole(rName);
bool rc = await _appRoleAuthEngine.SaveRole(ar);
// Now read a Role ID for it.
string roleID = await _appRoleAuthEngine.ReadRoleID(ar.Name);
// Update the role ID
rc = await _appRoleAuthEngine.UpdateAppRoleID(ar.Name, "newDomain");
string roleIDNew = await _appRoleAuthEngine.ReadRoleID(ar.Name);
Assert.AreEqual("newDomain", roleIDNew);
Console.WriteLine("AppRoleBE_UpdateRoleID Finished OK!");
}
// Sets up a fixed number of Application Roles, that should be consistent between runs.
private async Task SetupRoles()
{
roles = new string[10];
roles [0] = "abcxyz123";
roles [1] = "zyxabc986";
roles [2] = "master";
roles [3] = "secondary";
roles [4] = "tertiary";
roles [5] = "usa";
roles [6] = "wildcats";
roles [7] = "somerandomrolename";
roles [8] = "borg";
roles [9] = "terminator";
// Now create / update these roles.
foreach (string role in roles)
{
AppRole a = new AppRole(role);
await _appRoleAuthEngine.SaveRole(a);
}
}
public async Task MountDefaultAppRoleMount_Success()
{
AppRoleAuthEngine defaultBE = (AppRoleAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole);
AuthMethod defaultAM = new AuthMethod(defaultBE.MountPoint, EnumAuthMethods.AppRole);
try {
Assert.True(await _vaultSystemBackend.AuthEnable(defaultAM));
}
catch (VaultException e) {
if (e.SpecificErrorCode == EnumVaultExceptionCodes.BackendMountAlreadyExists)
{
// Disable and re-enable to confirm we can do this.
Assert.True(await _vaultSystemBackend.AuthDisable(defaultAM));
Assert.True(await _vaultSystemBackend.AuthEnable(defaultAM));
}
else
{
Assert.Fail("Unexpected Vault Error - " + e.Message);
}
}
catch (Exception e) {
Assert.Fail("Unexpected error from Vault: " + e.Message);
}
string name = _uniqueKeys.GetKey("RoleDef");
AppRole ar = new AppRole(name);
Assert.True(await _appRoleAuthEngine.SaveRole(ar));
}