/// <summary> /// Replaces the secrets in the given list that are marked with #{ProviderId:path/to/secret} with their coresponding values /// Updates each matching item to be marked as IsSecret /// </summary> /// <param name="vars">Variables to run the replacement on</param> /// <param name="vaultArgs">Vault parameters used to grab the secrets</param> public async Task ReplaceSecrets(List <SecretVariable> vars, IVaultArgs vaultArgs) { if (vaultIsConfigured(vaultArgs)) { foreach (var item in vars) { var evaluated = item.Value; while (hasSecret(evaluated)) { item.IsSecret = true; var justVariable = getNextSecret(evaluated); (var prefix, var path) = splitSecretAndPrefix(justVariable); var secret = await _providerFact.Create(prefix).GetSecret(path).ConfigureAwait(false); evaluated = evaluated.Replace($"#{{{justVariable}}}", secret); } item.Value = evaluated; } } }
public async Task MultipleSecretsAreReplaced(string variableText, string expectedText, string replace, [Frozen] Mock <ISecretProviderFactory> mockFact, [Frozen] Mock <ISecretProvider> mockProv, IVaultArgs vaultArgs, SecretsMananger sut) { setVaultArgs(vaultArgs); mockFact.Setup(f => f.Create(It.IsAny <string>())).Returns(mockProv.Object); mockProv.Setup(v => v.GetSecret(It.IsAny <string>())).Returns(Task.FromResult(replace)); var secrets = new List <SecretVariable>() { new SecretVariable("hello", variableText) }; await sut.ReplaceSecrets(secrets, vaultArgs).ConfigureAwait(false); secrets.Single().Value.Should().Be(expectedText); }
public async Task SecretsAreReplaced([Frozen] Mock <ISecretProviderFactory> mockFact, [Frozen] Mock <ISecretProvider> mockProv, IVaultArgs vaultArgs, SecretsMananger sut) { setVaultArgs(vaultArgs); var secretValue = "world"; var secrets = new List <SecretVariable>() { new SecretVariable("hello", $"#{{{secretValue}}}") }; mockProv.Setup(v => v.GetSecret(secretValue)).Returns(Task.FromResult("SECRET")); mockFact.Setup(f => f.Create("")).Returns(mockProv.Object); await sut.ReplaceSecrets(secrets, vaultArgs).ConfigureAwait(false); secrets.Single().Value.Should().Be("SECRET"); }
public async Task ThreeSecretsUsesFactoryThreeTimes([Frozen] Mock <ISecretProviderFactory> mockFact, [Frozen] Mock <ISecretProvider> mockProv, IVaultArgs vaultArgs, SecretsMananger sut) { setVaultArgs(vaultArgs); mockFact.Setup(f => f.Create(It.IsAny <string>())).Returns(mockProv.Object); mockProv.Setup(v => v.GetSecret(It.IsAny <string>())).Returns(Task.FromResult(String.Empty)); await sut.ReplaceSecrets(new List <SecretVariable>() { new SecretVariable("hello", "#{world} #{double} #{trouble}") }, vaultArgs).ConfigureAwait(false); mockProv.Verify(v => v.GetSecret(It.IsAny <string>()), Times.Exactly(3)); }
public async Task SecretDoesNotUseFactoryVaultArgsNull([Frozen] Mock <ISecretProviderFactory> mockFact, [Frozen] Mock <ISecretProvider> mockProv, IVaultArgs vaultArgs, SecretsMananger sut) { vaultArgs = null; mockFact.Setup(f => f.Create(It.IsAny <string>())).Returns(mockProv.Object); mockProv.Setup(v => v.GetSecret(It.IsAny <string>())).Returns(Task.FromResult(String.Empty)); await sut.ReplaceSecrets(new List <SecretVariable>() { new SecretVariable("hello", "#{world}") }, vaultArgs).ConfigureAwait(false); mockProv.Verify(v => v.GetSecret(It.IsAny <string>()), Times.Never); }
private void clearVaultArgs(IVaultArgs args) { args.VaultRoleId = null; args.VaultSecretId = null; args.VaultUri = null; }
private void setVaultArgs(IVaultArgs args) { args.VaultRoleId = "RoleId"; args.VaultSecretId = "SecretId"; args.VaultUri = "Uri"; }
public async Task NonReplacedVariableIsNotMarkedSecret([Frozen] Mock <ISecretProviderFactory> mockFact, [Frozen] Mock <ISecretProvider> mockProv, IVaultArgs vaultArgs, SecretsMananger sut) { setVaultArgs(vaultArgs); mockProv.Setup(v => v.GetSecret(It.IsAny <string>())).Returns(Task.FromResult("SECRET")); mockFact.Setup(f => f.Create(It.IsAny <string>())).Returns(mockProv.Object); var secrets = new List <SecretVariable>() { new SecretVariable("hello", "world") }; await sut.ReplaceSecrets(secrets, vaultArgs).ConfigureAwait(false); secrets.Single().IsSecret.Should().BeFalse(); }
private bool vaultIsConfigured(IVaultArgs vaultArgs) { return(vaultArgs != null && vaultArgs.VaultRoleId != null && vaultArgs.VaultSecretId != null && vaultArgs.VaultUri != null); }