public async Task AuthToken_CreateWithPolicies_ReturnsTokenWithPolicies() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var policyName = Guid.NewGuid().ToString(); var policy = "path \"*\" {\n" + " policy = \"sudo\"\n" + "}\n"; await client.Sys.PutPolicy(policyName, policy); var tokenRequest = new CreateRequest { Policies = new List <string> { policyName } }; var result = await client.Auth.Write <CreateRequest, NoData>("token/create", tokenRequest); Assert.NotNull(result.Auth); Assert.NotNull(result.Auth.ClientToken); Assert.Contains(policyName, result.Auth.Policies); } }
public async Task AuthUserPass_LoginWithNewClient_LogsInSuccessfully() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.EnableAuth(mountPoint, "userpass", "Userpass Mount"); var username = Guid.NewGuid().ToString(); var password = Guid.NewGuid().ToString(); var usersRequest = new UsersRequest { Password = password, Policies = new List <string> { "default" }, Ttl = "1h", MaxTtl = "2h" }; await client.Auth.Write($"{mountPoint}/users/{username}", usersRequest); var loginRequest = new LoginRequest { Password = usersRequest.Password }; var newClient = new VaultClient(new UriBuilder(server.ListenAddress).Uri); var loginResponse = await newClient.Auth.Write <LoginRequest, NoData>($"{mountPoint}/login/{username}", loginRequest); Assert.Equal(username, loginResponse.Auth.Metadata["username"]); Assert.Equal(usersRequest.Policies, loginResponse.Auth.Policies); Assert.NotNull(loginResponse.Auth.ClientToken); } }
public async Task GenericWrapRead_SecretExists_ReturnsSecretWrappedInformation() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var secretPath = "secret/data"; var expected = new Dictionary <string, string> { { "abc", "123" } }; var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "generic" }); await client.Secret.Write($"{mountPoint}/{secretPath}", expected); var secret = await client.Secret.Read($"{mountPoint}/{secretPath}", TimeSpan.FromSeconds(120)); Assert.NotNull(secret); Assert.NotNull(secret.WrapInfo); var unwrappedSecret = await client.Secret.Unwrap <Dictionary <string, string> >(secret.WrapInfo.Token); Assert.NotNull(unwrappedSecret); Assert.NotNull(unwrappedSecret.Data); Assert.Equal(expected, unwrappedSecret.Data); } }
public async Task GenericDelete_SecretRemoved_ReturnsNullSecretData() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var secretPath = "secret/data"; var expected = new Dictionary <string, string> { { "abc", "123" } }; var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "generic" }); await client.Secret.Write($"{mountPoint}/{secretPath}", expected); var secret = await client.Secret.Read <Dictionary <string, string> >($"{mountPoint}/{secretPath}"); Assert.NotNull(secret); Assert.NotNull(secret.Data); Assert.Equal(expected, secret.Data); await client.Secret.Delete($"{mountPoint}/{secretPath}"); secret = await client.Secret.Read <Dictionary <string, string> >($"{mountPoint}/{secretPath}"); Assert.NotNull(secret); Assert.Null(secret.Data); } }
public async Task GenericList_OneSecret_ReturnsListOfSecretKeys() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var secretPath = "secret/data"; var data = new Dictionary <string, string> { { "abc", "123" } }; var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "generic" }); await client.Secret.Write($"{mountPoint}/{secretPath}", data); await client.Secret.Write($"{mountPoint}/{secretPath}/subdata", data); var secret = await client.Secret.List($"{mountPoint}/secret/"); var expected = new List <string> { "data", "data/" }; Assert.NotNull(secret); Assert.Equal(expected, secret.Data.Keys); } }
public async Task SecretPki_SetUpRootCA_CanIssueCertificatesWithAltNames() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "pki" }); var mountConfig = new MountConfig { MaxLeaseTtl = "87600h" }; await client.Sys.TuneMount(mountPoint, mountConfig); var rootCaConfig = new RootGenerateRequest { CommonName = "Vault Testing Root Certificate Authority", Ttl = "87600h" }; await client.Secret.Write($"{mountPoint}/root/generate/internal", rootCaConfig); var roleName = Guid.NewGuid().ToString(); var role = new RolesRequest { AllowAnyDomain = true, EnforceHostnames = false, MaxTtl = "1h" }; await client.Secret.Write($"{mountPoint}/roles/{roleName}", role); var commonName = Guid.NewGuid().ToString(); var certRequest = new IssueRequest { CommonName = commonName, AltNames = new List <string> { "example.com", "test.example.com" }, Format = CertificateFormat.Der }; var cert = await client.Secret.Write <IssueRequest, IssueResponse>($"{mountPoint}/issue/{roleName}", certRequest); Assert.NotNull(cert.Data); Assert.NotNull(cert.Data.Certificate); Assert.NotNull(cert.Data.PrivateKey); var x509Cert = new X509Certificate2(Encoding.UTF8.GetBytes(cert.Data.Certificate)); Assert.Equal($"CN={commonName}", x509Cert.SubjectName.Name); } }
public async Task Seal_ReturnsStatus() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var status = await client.Sys.SealStatus(); Assert.NotNull(status); Assert.False(status.Sealed); } }
public async Task AuthToken_Create_ReturnsToken() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var tokenRequest = new CreateRequest(); var result = await client.Auth.Write <CreateRequest, NoData>("token/create", tokenRequest); Assert.NotNull(result.Auth); Assert.NotNull(result.Auth.ClientToken); } }
public async Task Leader_Call_ReturnsLeader() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var leader = await client.Sys.Leader(); Assert.NotNull(leader); Assert.False(leader.IsSelf); Assert.False(leader.HaEnables); Assert.NotNull(leader.LeaderAddress); } }
public async Task GenericRead_NonExistentSecret_ReturnsNullData() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "generic" }); var secret = await client.Secret.Read <Dictionary <string, string> >($"{mountPoint}/bogus/token"); Assert.NotNull(secret); Assert.Null(secret.Data); } }
public async Task GenericList_NoSecret_ReturnsNullData() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var secretPath = "secret/data"; var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "generic" }); var secret = await client.Secret.List($"{mountPoint}/{secretPath}"); Assert.NotNull(secret); Assert.Null(secret.Data); } }
public async Task SecretPki_SetUpRootCA_CanIssueCertificates() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "pki" }); var mountConfig = new MountConfig { MaxLeaseTtl = "87600h" }; await client.Sys.TuneMount(mountPoint, mountConfig); var rootCaConfig = new RootGenerateRequest { CommonName = "Vault Testing Root Certificate Authority", Ttl = "87600h" }; await client.Secret.Write($"{mountPoint}/root/generate/internal", rootCaConfig); var roleName = Guid.NewGuid().ToString(); var role = new RolesRequest { AllowAnyDomain = true, EnforceHostnames = false, MaxTtl = "1h" }; await client.Secret.Write($"{mountPoint}/roles/{roleName}", role); var certRequest = new IssueRequest { CommonName = "Test Cert" }; var cert = await client.Secret.Write <IssueRequest, IssueResponse>($"{mountPoint}/issue/{roleName}", certRequest); Assert.NotNull(cert.Data); Assert.NotNull(cert.Data.Certificate); Assert.NotNull(cert.Data.PrivateKey); } }
public async Task AuthUserPass_SwitchToLoginToken_HasDefaultPermissions() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.EnableAuth(mountPoint, "userpass", "Userpass Mount"); var username = Guid.NewGuid().ToString(); var usersRequest = new UsersRequest { Password = Guid.NewGuid().ToString(), Policies = new List <string> { "default" }, Ttl = "1h", MaxTtl = "2h" }; await client.Auth.Write($"{mountPoint}/users/{username}", usersRequest); var loginRequest = new LoginRequest { Password = usersRequest.Password }; var loginResponse = await client.Auth.Write <LoginRequest, NoData>($"{mountPoint}/login/{username}", loginRequest); client.Token = loginResponse.Auth.ClientToken; try { var ex = await Assert.ThrowsAsync <VaultRequestException>(() => client.Auth.Read <UsersResponse>($"{mountPoint}/users/{username}")); Assert.Equal(ex.StatusCode, HttpStatusCode.Forbidden); } catch (AssertActualExpectedException exception) { Assert.Equal("(No exception was thrown)", exception.Actual); } } }
public async Task AuthUserPass_MountAndCreateUser_RetrieveUserSuccessfully() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.EnableAuth(mountPoint, "userpass", "Userpass Mount"); var username = Guid.NewGuid().ToString(); var usersRequest = new UsersRequest { Password = Guid.NewGuid().ToString(), Policies = new List <string> { "default" }, Ttl = "1h", MaxTtl = "2h" }; await client.Auth.Write($"{mountPoint}/users/{username}", usersRequest); var loginRequest = new LoginRequest { Password = usersRequest.Password }; var loginResponse = await client.Auth.Write <LoginRequest, NoData>($"{mountPoint}/login/{username}", loginRequest); Assert.Equal(username, loginResponse.Auth.Metadata["username"]); Assert.Equal(usersRequest.Policies, loginResponse.Auth.Policies); Assert.NotNull(loginResponse.Auth.ClientToken); var usersResponse = await client.Auth.Read <UsersResponse>($"{mountPoint}/users/{username}"); Assert.Equal(usersRequest.Policies, usersResponse.Data.Policies); } }
public async Task SecretPki_SetUpRootCA_ReadCaCertificate() { using (var server = new VaultTestServer()) { var client = server.TestClient(); var mountPoint = Guid.NewGuid().ToString(); await client.Sys.Mount(mountPoint, new MountInfo { Type = "pki" }); var mountConfig = new MountConfig { MaxLeaseTtl = "87600h" }; await client.Sys.TuneMount(mountPoint, mountConfig); var rootCaConfig = new RootGenerateRequest { CommonName = "Vault Testing Root Certificate Authority", Ttl = "87600h" }; await client.Secret.Write($"{mountPoint}/root/generate/internal", rootCaConfig); var roleName = Guid.NewGuid().ToString(); var role = new RolesRequest { AllowAnyDomain = true, EnforceHostnames = false, MaxTtl = "1h" }; await client.Secret.Write($"{mountPoint}/roles/{roleName}", role); var caCert = await client.Secret.ReadRaw($"{mountPoint}/ca/pem"); Assert.StartsWith("-----", System.Text.Encoding.Default.GetString(caCert)); } }
public async Task SecretPki_BuildIntermediateCAChain_CanIssueCertificatesWithChain() { using (var server = new VaultTestServer()) { var client = server.TestClient(); await client.Sys.Mount("pki", new MountInfo { Type = "pki" }); await client.Sys.Mount("pki1", new MountInfo { Type = "pki" }); await client.Sys.Mount("pki2", new MountInfo { Type = "pki" }); await client.Sys.Mount("pki3", new MountInfo { Type = "pki" }); var mountConfig = new MountConfig { MaxLeaseTtl = "87600h" }; await client.Sys.TuneMount("pki", mountConfig); await client.Sys.TuneMount("pki1", mountConfig); await client.Sys.TuneMount("pki2", mountConfig); await client.Sys.TuneMount("pki3", mountConfig); // Root CA var rootCaConfig = new RootGenerateRequest { CommonName = "Vault Testing Root Certificate Authority", Ttl = "87600h" }; await client.Secret.Write($"pki/root/generate/internal", rootCaConfig); // Intermediate CA var pki1CaConfig = new IntermediateGenerateRequest { CommonName = "Vault Testing Intermediate CA" }; var pki1Request = await client.Secret.Write <IntermediateGenerateRequest, IntermediateGenerateInternalResponse>( "pki1/intermediate/generate/internal", pki1CaConfig); var pki1SignRequest = new RootSignIntermediateRequest { Csr = pki1Request.Data.Csr, Format = CertificateFormat.PemBundle, Ttl = "87500h" }; var pki1SignResponse = await client.Secret.Write <RootSignIntermediateRequest, RootSignIntermediateResponse>( "pki/root/sign-intermediate", pki1SignRequest); var pki1SetSigned = new IntermediateSetSignedRequest { Certificate = pki1SignResponse.Data.Certificate }; await client.Secret.Write("pki1/intermediate/set-signed", pki1SetSigned); // PKI2 - Sub Intermediate CA var pki2CaConfig = new IntermediateGenerateRequest { CommonName = "Vault Testing Sub Intermediate CA" }; var pki2Request = await client.Secret.Write <IntermediateGenerateRequest, IntermediateGenerateInternalResponse>( "pki2/intermediate/generate/internal", pki2CaConfig); var pki2SignRequest = new RootSignIntermediateRequest { Csr = pki2Request.Data.Csr, Format = CertificateFormat.PemBundle, Ttl = "87400h" }; var pki2SignResponse = await client.Secret.Write <RootSignIntermediateRequest, RootSignIntermediateResponse>( "pki1/root/sign-intermediate", pki2SignRequest); var pki2SetSigned = new IntermediateSetSignedRequest { Certificate = pki2SignResponse.Data.Certificate }; await client.Secret.Write("pki2/intermediate/set-signed", pki2SetSigned); var roleName = Guid.NewGuid().ToString(); var role = new RolesRequest { AllowAnyDomain = true, EnforceHostnames = false, MaxTtl = "1h" }; await client.Secret.Write($"pki2/roles/{roleName}", role); var commonName = Guid.NewGuid().ToString(); var certRequest = new IssueRequest { CommonName = commonName, AltNames = new List <string> { "example.com", "test.example.com" }, Format = CertificateFormat.Der }; var cert = await client.Secret.Write <IssueRequest, IssueResponse>($"pki2/issue/{roleName}", certRequest); Assert.NotNull(cert.Data); Assert.NotNull(cert.Data.Certificate); Assert.NotNull(cert.Data.PrivateKey); Assert.Equal(2, cert.Data.CaChain.Count); } }