public async Task Setup() { // Build Connection to Vault. _vault = await VaultServerRef.ConnectVault("AppRoleVault"); //_vault = new VaultAgentAPI ("AppRoleVault", VaultServerRef.ipAddress, VaultServerRef.ipPort, VaultServerRef.rootToken, true); _vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault); _ldapMountName = _uniqueKeys.GetKey("LDAP"); // Define the engine. _ldapAuthEngine = (LdapAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_LDAP, "ldap_test", _ldapMountName); // Now create the Mount point. AuthMethod authMethod = new AuthMethod(_ldapMountName, EnumAuthMethods.LDAP); authMethod.Description = "Ldap Test"; Assert.True(await _vaultSystemBackend.AuthEnable(authMethod), "A10: Expected the LDAP Backend to have been enabled."); // Now build the LDAP Backend. _origConfig = _ldapAuthEngine.GetLDAPConfigFromFile(@"C:\a_Dev\Configs\LDAP_Test.json"); SetLDAPConfig(_ldapMountName, _origConfig); // Save the Config. We do this here so the SetLDAPConfig can be used for multiple engines. Assert.True(await _ldapAuthEngine.ConfigureLDAPBackend(_origConfig), "A100: Expected the LDAP Configuration method to return True"); // Initialize the LDAP Login Connector. _ldapLoginConnector = new LDAPLoginConnector(_vault, _ldapAuthEngine.MountPoint, "Test LDAP Backend"); // Load the Test Data Object LoadTestData(); }
// Validates that the first key has a value of 1 and each subsequent call is increasing by 1. public void KeyNumberShouldIncrement_EachCall_Success() { string defaultPrefix = "Key"; // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); UniqueKeys uniqueKey = new UniqueKeys(); string key = uniqueKey.GetKey(); string expKey = defaultPrefix + stGuid + "1"; Assert.AreEqual( expKey, key, "A1: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); // Now generate another key: string key2 = uniqueKey.GetKey(); string expKey2 = defaultPrefix + stGuid + "2"; Assert.AreEqual( expKey2, key2, "A2: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); }
public async Task AppRoleLoginConnector_Test() { // PRE-Test VaultSystemBackend vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault); string approleMountName = _UK.GetKey("AppAuth"); // Create an AppRole authentication connection. AppRoleAuthEngine appRoleAuthEngine = (AppRoleAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole, "AppRole", approleMountName); // Create an Authentication method of App Role. - This only needs to be done when the Auth method is created. AuthMethod am = new AuthMethod(approleMountName, EnumAuthMethods.AppRole); bool rc = await vaultSystemBackend.AuthEnable(am); string rName = _UK.GetKey("Role"); AppRole roleA = new AppRole(rName); Assert.True(await appRoleAuthEngine.SaveRole(roleA)); string roleID = await appRoleAuthEngine.ReadRoleID(roleA.Name); // Now create the a secret AppRoleSecret secret_A = await appRoleAuthEngine.GenerateSecretID(roleA.Name); // ACTUAL TEST // Create Login Connector AppRoleLoginConnector loginConnector = new AppRoleLoginConnector(_vault, approleMountName, "Test AppRole", roleID, secret_A.ID); bool result = await loginConnector.Connect(true); Assert.IsTrue(result, "A10: Login Failed"); }
public void RefreshKeyWorks() { string defaultPrefix = "Key"; KeepWithinSingleSecond(); // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); UniqueKeys uniqueKey = new UniqueKeys(constantTimeGuid: true); string key = uniqueKey.GetKey(defaultPrefix); string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "1"; Assert.AreEqual(expKey, key, "A10: Expected initial key value was not correct. Expected: " + expKey + " Actual: " + key); string key2 = uniqueKey.GetKey(defaultPrefix); // Now refresh the key. string key3 = uniqueKey.RefreshKey(defaultPrefix); // Because key3 requested RefreshKey, we should get a new TimeGuid as it would have made the thread sleep for at least 1 second. TimeGuid newGuid = new TimeGuid(DateTime.Now); Assert.IsTrue(key2.EndsWith(uniqueKey.WhatIsIncrementSeparator + "2"), "A20: Key2 should have ended with a 2."); Assert.IsTrue(key3.EndsWith(newGuid.ToString), "A21: Key3 should have ended with a 1 as it was called with the RefreshKey."); string expKey3 = defaultPrefix + uniqueKey.WhatIsKeySeparator + newGuid; Assert.AreEqual( expKey3, key3, "A30: Expected key after Refresh was not equal to the value returned by UniqueKeys. Exp: " + expKey3 + " Actual: " + key3); }
public void KeyIncrementer_Increments_Success() { string defaultPrefix = "ABC"; KeepWithinSingleSecond(); // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); UniqueKeys uniqueKey = new UniqueKeys(); string key = uniqueKey.GetKey(defaultPrefix); string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid; Assert.AreEqual( expKey, key, "A10: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); // Now create 2 more keys. They should have incrementers attched to them. string key2 = uniqueKey.GetKey(defaultPrefix); string key3 = uniqueKey.GetKey(defaultPrefix); Assert.AreNotEqual(key, key2, "A20: Expected Key1 and Key2 to be different."); Assert.AreNotEqual(key2, key3, "A30: Expected Key2 and Key3 to be different."); Assert.IsTrue(key2.EndsWith(uniqueKey.WhatIsIncrementSeparator + "1"), "A40: Key2 should have ended with a 1."); Assert.IsTrue(key3.EndsWith(uniqueKey.WhatIsIncrementSeparator + "2"), "A50: Key3 should have ended with a 2."); }
public void KeyValueSeparator_CanBeSet_Success() { string defaultPrefix = "ABC"; string sep = "^"; KeepWithinSingleSecond(); // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); // Set separator to be carat. UniqueKeys uniqueKey = new UniqueKeys(sep); string key = uniqueKey.GetKey(defaultPrefix); string expKey = defaultPrefix + sep + stGuid.ToString; Assert.AreEqual( expKey, key, "A10: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); TestContext.WriteLine("Unique Key Value: {0}", key); TestContext.WriteLine("Expected Key Value: {0}", expKey); }
public void RefreshKeyWithUniquePrefix_Success() { string defaultPrefix = "unique"; // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); UniqueKeys uniqueKey = new UniqueKeys(); string key = uniqueKey.GetKey(defaultPrefix); string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid.ToString; Assert.AreEqual( expKey, key, "A1: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); // Now get a new key. Note the TimeGuid portion should be updated and the increment should be updated. Thread.Sleep(1000); string key2 = uniqueKey.RefreshKey(defaultPrefix); TimeGuid stGuid2 = new TimeGuid(DateTime.Now); string expKey2 = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid2; Assert.AreEqual( expKey2, key2, "A2: Expected key after Refresh was not equal to the value returned by UniqueKeys. Exp: " + expKey2 + " Actual: " + key2); TestContext.WriteLine("Unique Key Value: {0}", key2); TestContext.WriteLine("Expected Key Value: {0}", expKey2); }
public async Task VaultAgentTest_OneTimeSetup() { _uk = new UniqueKeys(); name = _uk.GetKey("vlt"); vault = await VaultServerRef.ConnectVault(name); //new VaultAgentAPI(name, VaultServerRef.ipAddress, VaultServerRef.ipPort, VaultServerRef.rootToken); }
/// <summary> /// This particular test was running consistently 15x slower than any other test. ~250ms /// </summary> /// <returns></returns> public async Task AppRoleBE_UpdateRoleID() { string rName = _uniqueKeys.GetKey("Role"); AppRole ar = new AppRole(rName); bool rc = await _appRoleAuthEngine.SaveRole(ar); // Now read a Role ID for it. string roleID = await _appRoleAuthEngine.ReadRoleID(ar.Name); // Update the role ID rc = await _appRoleAuthEngine.UpdateAppRoleID(ar.Name, "newDomain"); string roleIDNew = await _appRoleAuthEngine.ReadRoleID(ar.Name); Assert.AreEqual("newDomain", roleIDNew); Console.WriteLine("AppRoleBE_UpdateRoleID Finished OK!"); }
public void DefaultKeyPrefix_IsCorrect() { UniqueKeys uniqueKey = new UniqueKeys(); string key = uniqueKey.GetKey(); string prefix = key.Substring(0, 3); Assert.AreEqual(3, prefix.Length, "A1: String prefix was expected to be 3 characters long."); Assert.AreEqual("Key", prefix, "A2: Default prefix is expected to be Key"); }
public void StaticTimeGuid_StaysSameThruLifetimeOfUniqueKeyObject() { string defaultPrefix = "ABC"; KeepWithinSingleSecond(); // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); //We want a constant TimeGuid UniqueKeys uniqueKey = new UniqueKeys(constantTimeGuid: true); string key = uniqueKey.GetKey(defaultPrefix); string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "1"; Assert.AreEqual( expKey, key, "A10: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); // Now lets create 3 more keys with a second between them. TimeGuid should be same and just the incrementer should be increasing. string key2 = uniqueKey.GetKey(defaultPrefix); Thread.Sleep(1000); string key3 = uniqueKey.GetKey(defaultPrefix); Thread.Sleep(1500); string key4 = uniqueKey.GetKey(defaultPrefix); Thread.Sleep(2000); Assert.IsTrue(key2.EndsWith(uniqueKey.WhatIsIncrementSeparator + "2"), "A20: Key2 should have ended with a 2."); Assert.IsTrue(key3.EndsWith(uniqueKey.WhatIsIncrementSeparator + "3"), "A21: Key3 should have ended with a 3."); Assert.IsTrue(key4.EndsWith(uniqueKey.WhatIsIncrementSeparator + "4"), "A22: Key4 should have ended with a 4."); Assert.AreEqual(defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "2", key2, "A50: key2 is not expected value."); Assert.AreEqual(defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "3", key3, "A51: key3 is not expected value."); Assert.AreEqual(defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "4", key4, "A52: key4 is not expected value."); }
public async Task Transit_CanEnableTransitBackend() { // Generate a hopefully small unique name. string beName = _uniqueKeys.GetKey("TranBEN"); string oldName = _uniqueKeys.GetKey("TranBEO"); Assert.True(await _vaultSystemBackend.SysMountCreate(beName, "transit test backend", EnumSecretBackendTypes.Transit)); Assert.True(await _vaultSystemBackend.SysMountCreate(oldName, "transit test backend", EnumSecretBackendTypes.Transit)); }
public void DefaultConstructor_CreatesExpectedKey() { string key = "ABC"; // For this test we want to make sure we do not cross a second boundary. So any time above 700ms we will wait out until the next second hits. int millisec = DateTimeOffset.Now.Millisecond; int sleepInt = 0; if (millisec > 800) { sleepInt = 1000 - millisec; Thread.Sleep(sleepInt); } // We will test twice to determine if the TimeGuid is being set correctly. UniqueKeys uniqueKeys = new UniqueKeys(); string key1 = uniqueKeys.GetKey(key); // Now sleep so we can make sure the next call to uniqueKeys will generate a new timeGuid. millisec = DateTimeOffset.Now.Millisecond; sleepInt = 1000 - millisec + 10; Thread.Sleep(sleepInt); // Create another unique key. The TimeGuid's should be different. string key2 = uniqueKeys.GetKey(key); Assert.AreNotEqual(key1, key2, "A10: Expected the keys to be different."); Assert.True(key2.StartsWith(key + ":"), "A20: Expected the generated key to start with ABC:"); // Now get the TimeGuid parts of the keys string [] timeGuidPart1 = key1.Split(":"); Assert.AreEqual(2, timeGuidPart1.Length, "A30: Expected the generated key to contain 2 parts."); string [] timeGuidPart2 = key2.Split(":"); Assert.AreEqual(2, timeGuidPart2.Length, "A30: Expected the generated key to contain 2 parts."); Assert.AreNotEqual(timeGuidPart1 [1], timeGuidPart2 [1], "A40: Expected the TimeGuid part of the keys to be different."); Assert.AreEqual(timeGuidPart1 [0], timeGuidPart2 [0], "A50: Expected the Key part of the keys to be the same."); }
public async Task ValidateConfigOptions() { int maxTTL = 1800; // 30min int defaultTTL = 600; // 10min string vis = "hidden"; // should not show up in ui lists. string key = _uniqueKeys.GetKey("SYSM"); string desc = "Test Mount DB: " + key + "KeyValue V2"; VaultSysMountConfig config = new VaultSysMountConfig { DefaultLeaseTTL = defaultTTL.ToString(), MaxLeaseTTL = maxTTL.ToString(), VisibilitySetting = vis }; Assert.True(await _vaultSystemBackend.SysMountCreate(key, desc, EnumSecretBackendTypes.KeyValueV2, config), "Unable to create Mount with key name: {0}", key); // Now read back the mount config data. VaultSysMountConfig config2 = await _vaultSystemBackend.SysMountReadConfig(key); Assert.AreEqual(config.DefaultLeaseTTL, config2.DefaultLeaseTTL, "Default Lease TTL's are not the same."); Assert.AreEqual(config.MaxLeaseTTL, config2.MaxLeaseTTL, "Max Lease TTL's are not the same."); Assert.AreEqual(config.VisibilitySetting, config2.VisibilitySetting, "Visibility Settings are not the same."); }
public async Task Secret_Init() { if (_vaultAgentAPI != null) { return; } // Build Connection to Vault. _vaultAgentAPI = await VaultServerRef.ConnectVault("SecretBackEnd"); string mountName = _uniqueKeys.GetKey("SEC"); // Get Connection to Vault System backend _systemBackend = new VaultSystemBackend(_vaultAgentAPI.TokenID, _vaultAgentAPI); Assert.IsTrue(await _systemBackend.CreateSecretBackendMount(EnumSecretBackendTypes.Secret, mountName, mountName, "Secret V1 Backend"), "A10: Failed to create Secret Backend"); _keyValueSecretEngine = (KeyValueSecretEngine)_vaultAgentAPI.ConnectToSecretBackend(EnumSecretBackendTypes.Secret, mountName, mountName); // _keyValueSecretEngine = (KeyValueSecretEngine)await _vaultAgentAPI.CreateSecretBackendMount(EnumSecretBackendTypes.Secret, mountName, mountName, "Secret V1 Backend"); Assert.NotNull(_keyValueSecretEngine); return; }
public async Task NormalLogin() { // SETUP // We need our own vault since we will be manipulating the token value VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest"); TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); // Need a Token Role so we can autogenerate a token TokenRole tokenRole = new TokenRole(); UniqueKeys UK = new UniqueKeys("", ""); // Unique Key generator tokenRole.Name = UK.GetKey(); await ourTokenAuthEngine.SaveTokenRole(tokenRole); string tokenName = "Name" + tokenRole.Name; TokenNewSettings tokenNewSettings = new TokenNewSettings() { Name = tokenName, NumberOfUses = 6, NoParentToken = true, RoleName = tokenRole.Name }; Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings); Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value."); // Read the token we just created. //Token token = await _tokenAuthEngine.GetTokenWithID(tokenID); Assert.IsNotNull(token, "A20: No Token returned. Was expecting one."); VaultAgentAPI vault2 = await VaultServerRef.ConnectVault("TokenLoginTest"); TokenLoginConnector loginConnector = new TokenLoginConnector(vault2, "test"); loginConnector.TokenId = token.ID; Assert.IsTrue(await loginConnector.Connect(), "A30: Login Failed"); }
public void GetKeyWithUniquePrefix_Success() { string defaultPrefix = "unique"; // We need to simulate the Timeguid logic to derive at the initial key value. TimeGuid stGuid = new TimeGuid(DateTime.Now); UniqueKeys uniqueKey = new UniqueKeys(); string key = uniqueKey.GetKey(defaultPrefix); string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid.ToString; Assert.AreEqual( expKey, key, "A1: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " + expKey + " Actual: " + key); TestContext.WriteLine("Unique Key Value: {0}", key); TestContext.WriteLine("Expected Key Value: {0}", expKey); }
public async Task RetrieveInvalidTokenFails() { string tokenID = UK.GetKey("tokH"); Token token = await _tokenAuthEngine.GetTokenWithID(tokenID); Assert.IsNull(token, "M1: Tried to find an unknown token returned a token object. This is incorrect."); }
public async Task AppRoleAuthEngineSetup() { // Build Connection to Vault. _vault = await VaultServerRef.ConnectVault("AppRoleVault"); //_vault = new VaultAgentAPI("AppRoleVault", VaultServerRef.ipAddress, VaultServerRef.ipPort); //, VaultServerRef.rootToken,true); _vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault); string approleMountName = _uniqueKeys.GetKey("AppAuth"); // Create an AppRole authentication connection. _appRoleAuthEngine = (AppRoleAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole, "AppRole", approleMountName); // Create an Authentication method of App Role. - This only needs to be done when the Auth method is created. AuthMethod am = new AuthMethod(approleMountName, EnumAuthMethods.AppRole); bool rc = await _vaultSystemBackend.AuthEnable(am); }
/// <summary> /// Reusable method that updates the provided secret and then returns the updated version. /// </summary> /// <param name="secret"></param> /// <returns></returns> private async Task <KV2Secret> UpdateSecretRandom(KV2Secret secret) { secret.Attributes.Add(_uniqueKeys.GetKey("attr"), "val"); Assert.True(await _rootEng.SaveSecret(secret, KV2EnumSecretSaveOptions.OnlyOnExistingVersionMatch, secret.Version), "UpdateSecretRandom: Failed to save correctly."); return(await _rootEng.ReadSecret(secret)); }
public async Task Transit_Init() { if (_vaultAgentAPI != null) { return; } // Build Connection to Vault. _vaultAgentAPI = await VaultServerRef.ConnectVault("TransitSecEng"); //new VaultAgentAPI("transitVault", VaultServerRef.ipAddress, VaultServerRef.ipPort, VaultServerRef.rootToken, true); // Create unique name for the transit Backend we will use to test with. string transitMountName = _uniqueKeys.GetKey("TRANsit"); // Get Connection to Vault System backend _systemBackend = new VaultSystemBackend(_vaultAgentAPI.TokenID, _vaultAgentAPI); Assert.IsTrue(await _systemBackend.CreateSecretBackendMount(EnumSecretBackendTypes.Transit, transitMountName, transitMountName, "Transit Bckend Testing"), "A10: Failed to Create the Transit Backend"); _transitSecretEngine = (TransitSecretEngine)_vaultAgentAPI.ConnectToSecretBackend(EnumSecretBackendTypes.Transit, transitMountName, transitMountName); // _transitSecretEngine = // (TransitSecretEngine) await _vaultAgentAPI.CreateSecretBackendMount(EnumSecretBackendTypes.Transit, transitMountName, transitMountName, // "Transit Bckend Testing"); Assert.NotNull(_transitSecretEngine, "Transit Backend was returned null upon creation."); }
public async Task Create_Entity_Success() { string name = _uniqueKey.GetKey("Entity"); Entity entity = new Entity(name); entity.Policies.Add("polTest1"); entity.Policies.Add("polTest2"); entity.Metadata.Add("Company", "ACME"); entity.Metadata.Add("Products", "Dynamite"); // Now save entity Entity rc = await _idEngine.SaveEntity(entity); Assert.IsNotNull(rc, "A10: Expected to receive an Entity object"); Guid gID = new Guid(); Assert.AreNotEqual(gID, rc.Id, "A20: The SaveEntity method should have returned an Entity object with a GUID value. Instead it is at default - 0."); TestContext.WriteLine("Entity Name: {0}", entity.Name); TestContext.WriteLine("Entity ID: {0}", entity.Id); }
public async Task SetSimpleLock() { string id = _idGenerator.Next().ToString(); string lockCategory = _uniqueKeys.GetKey("SSL"); // Set Lock Assert.IsTrue(await _locker.SetLock(lockCategory, id, "SetSimple"), "A10: Lock was not set"); }