// ==============================================================================================================================================
/// <summary>
/// Creates a secret backend of the specified type at the specified mount path. Upon completion it establishes a connection to the backend.
/// </summary>
/// <param name="secretBackendType">The type of backend you wish to connect to.</param>
/// <param name="backendName">The name you wish to refer to this backend by. This is NOT the Vault mount path.</param>
/// <param name="backendMountPath">The path to the vault mount point that this backend is located at.</param>
/// <param name="description">Description for the backend</param>
/// <param name="config">(Optional) A VaultSysMountConfig object that contains the connection configuration you wish to use to connect to the backend. If not specified defaults will be used.</param>
/// <returns>True if it was able to create the backend and connect to it. False if it encountered an error.</returns>
public async Task <bool> CreateSecretBackendMount(EnumSecretBackendTypes secretBackendType,
string backendName,
string backendMountPath,
string description,
VaultSysMountConfig config = null)
{
VaultSysMountConfig backendConfig;
if (config == null)
{
backendConfig = new VaultSysMountConfig
{
DefaultLeaseTTL = "30m",
MaxLeaseTTL = "90m",
VisibilitySetting = "hidden"
};
}
else
{
backendConfig = config;
}
return(await SysMountCreate(backendMountPath, description, secretBackendType, backendConfig));
//if (rc == true) { return ConnectToSecretBackend(secretBackendType, backendName, backendMountPath); }
// return null;
}
/// <summary>
/// Creates (Enables in Vault terminology) a new backend secrets engine with the given name, type and configuration settings.
/// Throws: [VaultInvalidDataException] when the mount point already exists. SpecificErrorCode will be set to: [BackendMountAlreadyExists]
/// <param name="mountPath">The root path to this secrets engine that it will be mounted at. Is a part of every URL to this backend.</param>
/// <param name="description">Brief human friendly name for the mount.</param>
/// <param name="backendType">The type of secrets backend this mount is. </param>
/// <param name="config">The configuration to be applied to this mount.</param>
/// <returns>Bool: True if successful in creating the backend mount point. False otherwise.</returns>
/// </summary>
public async Task <bool> SysMountCreate(string mountPath, string description, EnumSecretBackendTypes backendType, VaultSysMountConfig config = null)
{
// The keyname forms the last part of the path
string path = MountPointPath + pathMounts + mountPath;
// Build out the parameters dictionary.
Dictionary <string, object> createParams = new Dictionary <string, object>();
// Build Options Dictionary
Dictionary <string, string> options = new Dictionary <string, string>();
string typeName = "";
switch (backendType)
{
case EnumSecretBackendTypes.Transit:
typeName = "transit";
break;
case EnumSecretBackendTypes.Secret:
typeName = "kv";
break;
case EnumSecretBackendTypes.AWS:
typeName = "aws";
throw new NotImplementedException();
case EnumSecretBackendTypes.CubbyHole:
typeName = "cubbyhole";
throw new NotImplementedException();
case EnumSecretBackendTypes.Generic:
typeName = "generic";
throw new NotImplementedException();
case EnumSecretBackendTypes.PKI:
typeName = "pki";
throw new NotImplementedException();
case EnumSecretBackendTypes.SSH:
typeName = "ssh";
throw new NotImplementedException();
case EnumSecretBackendTypes.KeyValueV2:
// It is the same type as a version 1, but it has an additional config value.
typeName = "kv";
options.Add("version", "2");
break;
}
createParams.Add("type", typeName);
createParams.Add("description", description);
createParams.Add("options", options);
if (config != null)
{
createParams.Add("config", config);
}
try {
VaultDataResponseObjectB vdro = await ParentVault._httpConnector.PostAsync_B(path, "SysMountEnable", createParams, false);
if (vdro.HttpStatusCode == 204)
{
return(true);
}
else
{
return(false);
}
}
catch (VaultInvalidDataException e) {
if (e.Message.Contains("path is already in use"))
{
e.SpecificErrorCode = EnumVaultExceptionCodes.BackendMountAlreadyExists;
}
throw e;
}
}
