// ============================================================================================================================================== /// <summary> /// Creates a secret backend of the specified type at the specified mount path. Upon completion it establishes a connection to the backend. /// </summary> /// <param name="secretBackendType">The type of backend you wish to connect to.</param> /// <param name="backendName">The name you wish to refer to this backend by. This is NOT the Vault mount path.</param> /// <param name="backendMountPath">The path to the vault mount point that this backend is located at.</param> /// <param name="description">Description for the backend</param> /// <param name="config">(Optional) A VaultSysMountConfig object that contains the connection configuration you wish to use to connect to the backend. If not specified defaults will be used.</param> /// <returns>True if it was able to create the backend and connect to it. False if it encountered an error.</returns> public async Task <bool> CreateSecretBackendMount(EnumSecretBackendTypes secretBackendType, string backendName, string backendMountPath, string description, VaultSysMountConfig config = null) { VaultSysMountConfig backendConfig; if (config == null) { backendConfig = new VaultSysMountConfig { DefaultLeaseTTL = "30m", MaxLeaseTTL = "90m", VisibilitySetting = "hidden" }; } else { backendConfig = config; } return(await SysMountCreate(backendMountPath, description, secretBackendType, backendConfig)); //if (rc == true) { return ConnectToSecretBackend(secretBackendType, backendName, backendMountPath); } // return null; }
/// <summary> /// Creates (Enables in Vault terminology) a new backend secrets engine with the given name, type and configuration settings. /// Throws: [VaultInvalidDataException] when the mount point already exists. SpecificErrorCode will be set to: [BackendMountAlreadyExists] /// <param name="mountPath">The root path to this secrets engine that it will be mounted at. Is a part of every URL to this backend.</param> /// <param name="description">Brief human friendly name for the mount.</param> /// <param name="backendType">The type of secrets backend this mount is. </param> /// <param name="config">The configuration to be applied to this mount.</param> /// <returns>Bool: True if successful in creating the backend mount point. False otherwise.</returns> /// </summary> public async Task <bool> SysMountCreate(string mountPath, string description, EnumSecretBackendTypes backendType, VaultSysMountConfig config = null) { // The keyname forms the last part of the path string path = MountPointPath + pathMounts + mountPath; // Build out the parameters dictionary. Dictionary <string, object> createParams = new Dictionary <string, object>(); // Build Options Dictionary Dictionary <string, string> options = new Dictionary <string, string>(); string typeName = ""; switch (backendType) { case EnumSecretBackendTypes.Transit: typeName = "transit"; break; case EnumSecretBackendTypes.Secret: typeName = "kv"; break; case EnumSecretBackendTypes.AWS: typeName = "aws"; throw new NotImplementedException(); case EnumSecretBackendTypes.CubbyHole: typeName = "cubbyhole"; throw new NotImplementedException(); case EnumSecretBackendTypes.Generic: typeName = "generic"; throw new NotImplementedException(); case EnumSecretBackendTypes.PKI: typeName = "pki"; throw new NotImplementedException(); case EnumSecretBackendTypes.SSH: typeName = "ssh"; throw new NotImplementedException(); case EnumSecretBackendTypes.KeyValueV2: // It is the same type as a version 1, but it has an additional config value. typeName = "kv"; options.Add("version", "2"); break; } createParams.Add("type", typeName); createParams.Add("description", description); createParams.Add("options", options); if (config != null) { createParams.Add("config", config); } try { VaultDataResponseObjectB vdro = await ParentVault._httpConnector.PostAsync_B(path, "SysMountEnable", createParams, false); if (vdro.HttpStatusCode == 204) { return(true); } else { return(false); } } catch (VaultInvalidDataException e) { if (e.Message.Contains("path is already in use")) { e.SpecificErrorCode = EnumVaultExceptionCodes.BackendMountAlreadyExists; } throw e; } }