public async Task AuthenticateWithUserPassKeyValueV2_GetNotFoundSecret_Fails() { // Arrange string secretPath = "mysecret"; string secretName = "my-value"; string expected = "s3cr3t"; string userName = "******"; string password = "******"; using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, DefaultDevMountPoint)) { await server.KeyValueV2.WriteSecretAsync( mountPoint : DefaultDevMountPoint, path : secretPath, data : new Dictionary <string, object> { ["unknown-prefix-" + secretName] = expected }); var authentication = new UserPassAuthMethodInfo(userName, password); var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication); var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions { KeyValueMountPoint = DefaultDevMountPoint, KeyValueVersion = VaultKeyValueSecretEngineVersion.V2 }, NullLogger <HashiCorpSecretProvider> .Instance); // Act string actual = await provider.GetRawSecretAsync(secretName); // Assert Assert.Null(actual); } }
public async Task AddHashiCorpVaultWithUserPass_WithWrongMutation_Fails() { // Arrange string secretPath = "secretpath"; string secretKey = "my-value", expected = "s3cr3t"; string userName = "******", password = "******"; var builder = new HostBuilder(); using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, DefaultDevMountPoint)) { await server.KeyValueV2.WriteSecretAsync( mountPoint : DefaultDevMountPoint, path : secretPath, data : new Dictionary <string, object> { [secretKey] = expected }); // Act builder.ConfigureSecretStore((config, stores) => { stores.AddHashiCorpVaultWithUserPass( server.ListenAddress.ToString(), userName, password, secretPath, configureOptions: options => options.KeyValueMountPoint = DefaultDevMountPoint, mutateSecretName: secretName => "Test-" + secretName, name: null); }); // Assert IHost host = builder.Build(); var provider = host.Services.GetRequiredService <ISecretProvider>(); await Assert.ThrowsAsync <SecretNotFoundException>(() => provider.GetRawSecretAsync(secretKey)); } }
public async Task AuthenticateWithInvalidUserPassPasswordKeyValue_GetSecret_Fails(bool trackDependency) { // Arrange string secretPath = "mysecret"; string secretName = "my-value"; string expected = "s3cr3t"; string userName = _config["Arcus:HashiCorp:UserPass:UserName"]; string password = _config["Arcus:HashiCorp:UserPass:Password"]; string invalidPassword = Guid.NewGuid().ToString(); const string policyName = "my-policy"; var builder = new HostBuilder(); builder.UseSerilog(Logger); using (var server = await HashiCorpVaultTestServer.StartServerAsync(_config, _logger)) { await server.AddPolicyAsync(policyName, DefaultDevMountPoint, new[] { "read" }); await server.EnableAuthenticationTypeAsync(AuthMethodDefaultPaths.UserPass, "Authenticating with username and password"); await server.AddUserPassUserAsync(userName, password, policyName); await server.KeyValueV2.WriteSecretAsync( mountPoint : DefaultDevMountPoint, path : secretPath, data : new Dictionary <string, object> { [secretName] = expected }); // Act builder.ConfigureSecretStore((config, stores) => { stores.AddHashiCorpVaultWithUserPass(server.ListenAddress.ToString(), userName, invalidPassword, secretPath, options => { options.KeyValueMountPoint = secretPath; options.TrackDependency = trackDependency; }); }); // Assert using (IHost host = builder.Build()) { var provider = host.Services.GetRequiredService <ISecretProvider>(); var exception = await Assert.ThrowsAsync <VaultApiException>(() => provider.GetRawSecretAsync(secretName)); Assert.Equal(HttpStatusCode.BadRequest, exception.HttpStatusCode); } AssertTrackedHashiCorpVaultDependency(trackDependency); } }
private async Task <HashiCorpVaultTestServer> StartServerWithUserPassAsync(string userName, string password, string availableSecretMountPoint) { const string policyName = "my-policy"; var server = await HashiCorpVaultTestServer.StartServerAsync(_config, _logger); await server.AddPolicyAsync(policyName, availableSecretMountPoint, new[] { "read" }); await server.EnableAuthenticationTypeAsync(AuthMethodDefaultPaths.UserPass, "Authenticating with username and password"); await server.AddUserPassUserAsync(userName, password, policyName); return(server); }
public async Task AddHashiCorpVault_WithMutationToRemovePrefix_Succeeds() { // Arrange string secretPath = "secretpath"; string secretKey = "my-value", expected = "s3cr3t"; string userName = _config["Arcus:HashiCorp:UserPass:UserName"]; string password = _config["Arcus:HashiCorp:UserPass:Password"]; const string secretNamePrefix = "Test-"; var builder = new HostBuilder(); using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, DefaultDevMountPoint)) { await server.KeyValueV2.WriteSecretAsync( mountPoint : DefaultDevMountPoint, path : secretPath, data : new Dictionary <string, object> { [secretKey] = expected }); var authentication = new UserPassAuthMethodInfo(userName, password); var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication); // Act builder.ConfigureSecretStore((config, stores) => { stores.AddHashiCorpVault(settings, secretPath, options => options.KeyValueMountPoint = DefaultDevMountPoint, mutateSecretName: secretName => secretName.Remove(0, secretNamePrefix.Length), name: null); }); // Assert IHost host = builder.Build(); var provider = host.Services.GetRequiredService <ISecretProvider>(); string actual = await provider.GetRawSecretAsync(secretNamePrefix + secretKey); Assert.Equal(expected, actual); } }
public async Task AuthenticateWithUserPassKeyValueV1_GetSecret_Succeeds() { // Arrange string secretPath = "mysecret"; string secretName = "my-value"; string expected = "s3cr3t"; string userName = "******"; string password = "******"; const string mountPoint = "secret-v1"; const VaultKeyValueSecretEngineVersion keyValueVersion = VaultKeyValueSecretEngineVersion.V1; using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, mountPoint)) { await server.MountKeyValueAsync(mountPoint, keyValueVersion); await server.KeyValueV1.WriteSecretAsync( mountPoint : mountPoint, path : secretPath, values : new Dictionary <string, object> { [secretName] = expected }); var authentication = new UserPassAuthMethodInfo(userName, password); var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication); var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions { KeyValueMountPoint = mountPoint, KeyValueVersion = keyValueVersion }, NullLogger <HashiCorpSecretProvider> .Instance); // Act string actual = await provider.GetRawSecretAsync(secretName); // Assert Assert.Equal(expected, actual); } }