public async Task AuthenticateWithUserPassKeyValueV2_GetNotFoundSecret_Fails() { // Arrange string secretPath = "mysecret"; string secretName = "my-value"; string expected = "s3cr3t"; string userName = "******"; string password = "******"; using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, DefaultDevMountPoint)) { await server.KeyValueV2.WriteSecretAsync( mountPoint : DefaultDevMountPoint, path : secretPath, data : new Dictionary <string, object> { ["unknown-prefix-" + secretName] = expected }); var authentication = new UserPassAuthMethodInfo(userName, password); var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication); var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions { KeyValueMountPoint = DefaultDevMountPoint, KeyValueVersion = VaultKeyValueSecretEngineVersion.V2 }, NullLogger <HashiCorpSecretProvider> .Instance); // Act string actual = await provider.GetRawSecretAsync(secretName); // Assert Assert.Null(actual); } }
public async Task GetRawSecret_WithoutSecretName_Throws(string secretName) { // Arrange var provider = new HashiCorpSecretProvider( new VaultClientSettings("https://vault.server:246", new TokenAuthMethodInfo("vault.token")), secretPath: "secret/path", options: new HashiCorpVaultOptions(), logger: null); // Act / Assert await Assert.ThrowsAnyAsync <ArgumentException>(() => provider.GetRawSecretAsync(secretName)); }
private static SecretStoreBuilder AddHashiCorpVault( SecretStoreBuilder builder, VaultClientSettings settings, string secretPath, HashiCorpVaultOptions options, Action <SecretProviderOptions> configureSecretProviderOptions) { AddHashiCorpCriticalExceptions(builder); return(builder.AddProvider(serviceProvider => { var logger = serviceProvider.GetService <ILogger <HashiCorpSecretProvider> >(); var provider = new HashiCorpSecretProvider(settings, secretPath, options, logger); return provider; }, configureSecretProviderOptions)); }
private static SecretStoreBuilder AddHashiCorpVault( SecretStoreBuilder builder, VaultClientSettings settings, string secretPath, HashiCorpVaultOptions options, Func <string, string> mutateSecretName) { // Thrown when the HashiCorp Vault's authentication and/or authorization fails. builder.AddCriticalException <VaultApiException>(exception => { return(exception.HttpStatusCode == HttpStatusCode.BadRequest || exception.HttpStatusCode == HttpStatusCode.Forbidden); }); return(builder.AddProvider(serviceProvider => { var logger = serviceProvider.GetService <ILogger <HashiCorpSecretProvider> >(); var provider = new HashiCorpSecretProvider(settings, secretPath, options, logger); return provider; }, mutateSecretName)); }
public async Task AuthenticateWithUserPassKeyValueV1_GetSecret_Succeeds() { // Arrange string secretPath = "mysecret"; string secretName = "my-value"; string expected = "s3cr3t"; string userName = "******"; string password = "******"; const string mountPoint = "secret-v1"; const VaultKeyValueSecretEngineVersion keyValueVersion = VaultKeyValueSecretEngineVersion.V1; using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, mountPoint)) { await server.MountKeyValueAsync(mountPoint, keyValueVersion); await server.KeyValueV1.WriteSecretAsync( mountPoint : mountPoint, path : secretPath, values : new Dictionary <string, object> { [secretName] = expected }); var authentication = new UserPassAuthMethodInfo(userName, password); var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication); var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions { KeyValueMountPoint = mountPoint, KeyValueVersion = keyValueVersion }, NullLogger <HashiCorpSecretProvider> .Instance); // Act string actual = await provider.GetRawSecretAsync(secretName); // Assert Assert.Equal(expected, actual); } }