/// <summary> /// <para> /// Adds the secrets of a HashiCorp Vault KeyValue engine to the secret store. /// </para> /// <para> /// See more information on HashiCorp: <a href="https://www.vaultproject.io/docs" />. /// </para> /// </summary> /// <param name="builder">The builder to add the HashiCorp secrets from the KeyValue Vault to.</param> /// <param name="vaultServerUriWithPort">The URI that points to the running HashiCorp Vault.</param> /// <param name="roleName"> /// The name of the role in the Kubernetes authentication. /// Role types have specific entities that can perform login operations against this endpoint. /// Constraints specific to the role type must be set on the role. These are applied to the authenticated entities attempting to login. /// </param> /// <param name="jsonWebToken">The service account JWT used to access the TokenReview API to validate other JWTs during login.</param> /// <param name="secretPath">The secret path where the secret provider should look for secrets.</param> /// <param name="configureOptions"></param> /// <param name="name">The unique name to register this HashiCorp provider in the secret store.</param> /// <param name="mutateSecretName">The optional function to mutate the secret name before looking it up.</param> /// <exception cref="ArgumentNullException">Thrown when the <paramref name="builder"/>.</exception> /// <exception cref="ArgumentException"> /// Thrown when the <paramref name="vaultServerUriWithPort"/> is blank or doesn't represent a valid URI, /// or the <paramref name="jsonWebToken"/> is blank, /// or the <paramref name="secretPath"/> is blank. /// </exception> public static SecretStoreBuilder AddHashiCorpVaultWithKubernetes( this SecretStoreBuilder builder, string vaultServerUriWithPort, string roleName, string jsonWebToken, string secretPath, Action <HashiCorpVaultKubernetesOptions> configureOptions, string name, Func <string, string> mutateSecretName) { Guard.NotNull(builder, nameof(builder), "Requires a secret store builder to add the HashiCorp Vault secret provider"); Guard.NotNullOrWhitespace(vaultServerUriWithPort, nameof(vaultServerUriWithPort), "Requires a valid HashiCorp Vault URI with HTTP port to connect to the running HashiCorp Vault"); Guard.NotNullOrWhitespace(jsonWebToken, nameof(jsonWebToken), "Requires a valid Json Web Token (JWT) during the Kubernetes authentication procedure"); Guard.NotNullOrWhitespace(secretPath, nameof(secretPath), "Requires a path where the HashiCorp Vault secrets are stored"); Guard.For <ArgumentException>(() => !Uri.IsWellFormedUriString(vaultServerUriWithPort, UriKind.RelativeOrAbsolute), "Requires a HashiCorp Vault server URI with HTTP port"); var options = new HashiCorpVaultKubernetesOptions(); configureOptions?.Invoke(options); IAuthMethodInfo authenticationMethod = new KubernetesAuthMethodInfo(options.KubernetesMountPoint, roleName, jsonWebToken); var settings = new VaultClientSettings(vaultServerUriWithPort, authenticationMethod); return(AddHashiCorpVault(builder, settings, secretPath, options, configureSecretProviderOptions: secretProviderOptions => { secretProviderOptions.Name = name; secretProviderOptions.MutateSecretName = mutateSecretName; })); }
public void SetKubernetesMountPoint_WithBlankValue_Throws(string mountPoint) { // Arrange var options = new HashiCorpVaultKubernetesOptions(); // Act / Assert Assert.ThrowsAny <ArgumentException>(() => options.KubernetesMountPoint = mountPoint); }