/// <summary>
/// <para>
/// Adds the secrets of a HashiCorp Vault KeyValue engine to the secret store.
/// </para>
/// <para>
/// See more information on HashiCorp: <a href="https://www.vaultproject.io/docs" />.
/// </para>
/// </summary>
/// <param name="builder">The builder to add the HashiCorp secrets from the KeyValue Vault to.</param>
/// <param name="vaultServerUriWithPort">The URI that points to the running HashiCorp Vault.</param>
/// <param name="username">The username of the UserPass authentication method.</param>
/// <param name="password">The password of the UserPass authentication method.</param>
/// <param name="secretPath">The secret path where the secret provider should look for secrets.</param>
/// <param name="configureOptions">The optional function to set the additional options to configure the HashiCorp Vault KeyValue.</param>
/// <param name="name">The unique name to register this HashiCorp provider in the secret store.</param>
/// <param name="mutateSecretName">The optional function to mutate the secret name before looking it up.</param>
/// <exception cref="ArgumentNullException">Thrown when the <paramref name="builder"/> or <paramref name="secretPath"/> is <c>null</c>.</exception>
/// <exception cref="ArgumentException">
/// Thrown when the <paramref name="vaultServerUriWithPort"/> is blank or doesn't represent a valid URI,
/// or the <paramref name="username"/> or <paramref name="password"/> is blank,
/// or the <paramref name="secretPath"/> is blank.
/// </exception>
public static SecretStoreBuilder AddHashiCorpVaultWithUserPass(
this SecretStoreBuilder builder,
string vaultServerUriWithPort,
string username,
string password,
string secretPath,
Action <HashiCorpVaultUserPassOptions> configureOptions,
string name,
Func <string, string> mutateSecretName)
{
Guard.NotNull(builder, nameof(builder), "Requires a secret store builder to add the HashiCorp Vault secret provider");
Guard.NotNullOrWhitespace(vaultServerUriWithPort, nameof(vaultServerUriWithPort), "Requires a valid HashiCorp Vault URI with HTTP port to connect to the running HashiCorp Vault");
Guard.NotNullOrWhitespace(username, nameof(username), "Requires a username for the UserPass authentication during connecting with the HashiCorp Vault");
Guard.NotNullOrWhitespace(password, nameof(password), "Requires a password for the UserPass authentication during connecting with the HashiCorp Vault");
Guard.NotNullOrWhitespace(secretPath, nameof(secretPath), "Requires a path where the HashiCorp Vault secrets are stored");
Guard.For <ArgumentException>(() => !Uri.IsWellFormedUriString(vaultServerUriWithPort, UriKind.RelativeOrAbsolute), "Requires a HashiCorp Vault server URI with HTTP port");
var options = new HashiCorpVaultUserPassOptions();
configureOptions?.Invoke(options);
IAuthMethodInfo authenticationMethod = new UserPassAuthMethodInfo(options.UserPassMountPoint, username, password);
var settings = new VaultClientSettings(vaultServerUriWithPort, authenticationMethod);
return(AddHashiCorpVault(builder, settings, secretPath, options, configureSecretProviderOptions: secretProviderOptions =>
{
secretProviderOptions.Name = name;
secretProviderOptions.MutateSecretName = mutateSecretName;
}));
}
public void SetUserPassMountPoint_WithBlankValue_Throws(string mountPoint)
{
// Arrange
var options = new HashiCorpVaultUserPassOptions();
// Act / Assert
Assert.ThrowsAny <ArgumentException>(() => options.UserPassMountPoint = mountPoint);
}
