Example #1
0
        /// <summary>
        /// Opens a Vault connection using Vault AppRole credentials.
        /// </summary>
        /// <param name="uri">The Vault server URI.</param>
        /// <param name="roleId">The role ID.</param>
        /// <param name="secretId">The secret ID.</param>
        /// <returns>The <see cref="VaultClient"/>.</returns>
        public static VaultClient OpenWithAppRole(Uri uri, string roleId, string secretId)
        {
            Covenant.Requires <ArgumentNullException>(uri != null);
            Covenant.Requires <ArgumentNullException>(!string.IsNullOrEmpty(roleId));
            Covenant.Requires <ArgumentNullException>(!string.IsNullOrEmpty(secretId));

            var vaultClient = new VaultClient(uri);

            dynamic loginPayload = new ExpandoObject();

            loginPayload.role_id   = roleId;
            loginPayload.secret_id = secretId;

            var loginResponse = vaultClient.jsonClient.PostAsync($"/{vaultApiVersion}/auth/approle/login", loginPayload).Result.AsDynamic();

            vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", (string)loginResponse.auth.client_token);

            // $todo(jeff.lill):
            //
            // This should be set from config.  See issue:
            //
            //      https://github.com/jefflill/NeonForge/issues/253

            vaultClient.AllowSelfSignedCertificates = true;

            return(vaultClient);
        }
Example #2
0
        //---------------------------------------------------------------------
        // Static members

        /// <summary>
        /// Opens a Vault connection using <see cref="HiveCredentials"/>.
        /// </summary>
        /// <param name="uri">The Vault server URI.</param>
        /// <param name="credentials">The Vault credentials.</param>
        /// <returns>The <see cref="VaultClient"/>.</returns>
        public static VaultClient OpenWithToken(Uri uri, HiveCredentials credentials)
        {
            Covenant.Requires <ArgumentNullException>(uri != null);
            Covenant.Requires <ArgumentNullException>(credentials != null);

            var vaultClient = new VaultClient(uri);

            switch (credentials.Type)
            {
            case HiveCredentialsType.VaultToken:

                vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", credentials.VaultToken);
                break;

            case HiveCredentialsType.VaultAppRole:

                dynamic loginPayload = new ExpandoObject();

                loginPayload.role_id   = credentials.VaultRoleId;
                loginPayload.secret_id = credentials.VaultSecretId;

                var loginResponse = vaultClient.jsonClient.PostAsync($"/{vaultApiVersion}/auth/approle/login", loginPayload).Result.AsDynamic();

                vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", (string)loginResponse.auth.client_token);
                break;

            default:

                throw new NotImplementedException($"Credentials type: {credentials.Type}");
            }

            // $todo(jeff.lill):
            //
            // This should be set from config.  See issue:
            //
            //      https://github.com/jefflill/NeonForge/issues/253

            vaultClient.AllowSelfSignedCertificates = true;

            return(vaultClient);
        }
Example #3
0
        /// <summary>
        /// Opens a Vault connection with an optional Vault token.
        /// </summary>
        /// <param name="uri">The Vault server URI.</param>
        /// <param name="token">The optional token.</param>
        /// <returns>The <see cref="VaultClient"/>.</returns>
        /// <remarks>
        /// <note>
        /// You may pass <paramref name="token"/> as <c>null</c> if you only need to
        /// make requests to insecure endpoints.
        /// </note>
        /// </remarks>
        public static VaultClient OpenWithToken(Uri uri, string token = null)
        {
            Covenant.Requires <ArgumentNullException>(uri != null);

            var vaultClient = new VaultClient(uri);

            if (!string.IsNullOrEmpty(token))
            {
                vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", token);
            }

            // $todo(jeff.lill):
            //
            // This should be set from config.  See issue:
            //
            //      https://github.com/jefflill/NeonForge/issues/253

            vaultClient.AllowSelfSignedCertificates = true;

            return(vaultClient);
        }
Example #4
0
        /// <summary>
        /// Releases all resources associated with the instance.
        /// </summary>
        public void Dispose()
        {
            lock (syncRoot)
            {
                if (client != null)
                {
                    try
                    {
                        client.Dispose();
                    }
                    catch (ObjectDisposedException)
                    {
                        // Intentionally ignoring these.
                    }
                    finally
                    {
                        client = null;
                    }
                }
            }

            GC.SuppressFinalize(this);
        }