public (Mock <IVaultApi>, IVaultHelper) GetMocks(SecretAuth auth = null)
{
auth = auth ?? new SecretAuth
{
LeaseDuration = 0
};
var mockClient = new Mock <IVaultApi>(MockBehavior.Strict);
var mockLoginStrategy = new Mock <ILoginStrategy>(MockBehavior.Strict);
mockLoginStrategy.Setup(m => m.LoginAsync(It.IsAny <string>(), It.IsAny <ILogger>(), It.IsAny <CancellationToken>()))
.Returns(Task.FromResult(new LoginResult()
{
Client = mockClient.Object,
SecretAuth = auth
}));
Config.LoginStrategies = new List <ILoginStrategy>()
{
mockLoginStrategy.Object
};
var sut = VaultHelper.CreateAsync(Config).Result;
return(mockClient, sut);
}
public async Task CanGetJwt()
{
var sut = await VaultHelper.CreateAsync(Config);
var secret = await sut.GetLiveSecretAsync("JWT", SecretGetters.MakeJwtGetter("auth", TimeSpan.FromSeconds(1), "vandelay", "tester"));
var firstValue = secret.Value;
firstValue.Should().NotBeEmpty();
await Task.Delay(TimeSpan.FromSeconds(1));
var secondValue = secret.Value;
secondValue.Should().NotBeEmpty();
secondValue.Should().NotBe(firstValue, "the token should have been refreshed");
secret.Dispose();
await Task.Delay(TimeSpan.FromSeconds(1));
Func <string> lateGet = () => secret.Value;
lateGet.Should().Throw <Exception>("the secret value cannot be read after it is disposed");
}
public async Task CanStartClient()
{
var sut = await VaultHelper.CreateAsync(Config);
_testOutputHelper.WriteLine("Got result.");
sut.Should().NotBeNull();
}
public async Task CanGetMongoCreds()
{
var sut = await VaultHelper.CreateAsync(Config);
var secret = await sut.GetLiveSecretAsync("MongoDB", SecretGetters.MakeSecretTemplateGetter("mongodb://(vault://database/creds/mongodb-admin?template={{.username}}:{{.password}})@mongodb:27017/go-between?readPreference=primary"));
var firstValue = secret.Value;
firstValue.Should().NotBeEmpty();
firstValue.Should().MatchRegex(@"mongodb:\/\/[^:]+[^@]+@", "the username and password should be mapped in");
}
public async Task CanReadAndWriteThroughClient()
{
var sut = await VaultHelper.CreateAsync(Config);
var input = new Dictionary <string, object>
{
["a"] = "A",
["b"] = "B"
};
var path = "secret/data/test-secret";
await sut.WriteAsync <Dictionary <string, string> >(path, input);
var readActual = await sut.ReadAsync <Dictionary <string, string> >(path);
readActual.Data.Should().BeEquivalentTo(input);
}
public async Task ClientRenewsOwnToken()
{
var helperWithOriginalToken = await VaultHelper.CreateAsync(Config);
var secret = await helperWithOriginalToken.WriteAsync <NoData>("auth/token/create", new Dictionary <string, string>()
{
["ttl"] = "1s",
["explicit_max_ttl"] = "1m",
["renewable"] = "true"
});
Exception ex = null;
Action <Exception> errorHandler = (e) => ex = e;
var sut = await VaultHelper.CreateAsync(new VaultHelperConfig(Config.Address)
.UsingTokenLogin(secret.Auth.ClientToken)
.WithErrorHandler(errorHandler));
await Task.Delay(TimeSpan.FromSeconds(1));
ex.Should().BeNull("the renewal should not have errored");
}