public async Task Setup()
{
// Build Connection to Vault.
_vault = await VaultServerRef.ConnectVault("AppRoleVault");
//_vault = new VaultAgentAPI ("AppRoleVault", VaultServerRef.ipAddress, VaultServerRef.ipPort, VaultServerRef.rootToken, true);
_vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault);
_ldapMountName = _uniqueKeys.GetKey("LDAP");
// Define the engine.
_ldapAuthEngine = (LdapAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_LDAP, "ldap_test", _ldapMountName);
// Now create the Mount point.
AuthMethod authMethod = new AuthMethod(_ldapMountName, EnumAuthMethods.LDAP);
authMethod.Description = "Ldap Test";
Assert.True(await _vaultSystemBackend.AuthEnable(authMethod), "A10: Expected the LDAP Backend to have been enabled.");
// Now build the LDAP Backend.
_origConfig = _ldapAuthEngine.GetLDAPConfigFromFile(@"C:\a_Dev\Configs\LDAP_Test.json");
SetLDAPConfig(_ldapMountName, _origConfig);
// Save the Config. We do this here so the SetLDAPConfig can be used for multiple engines.
Assert.True(await _ldapAuthEngine.ConfigureLDAPBackend(_origConfig), "A100: Expected the LDAP Configuration method to return True");
// Initialize the LDAP Login Connector.
_ldapLoginConnector = new LDAPLoginConnector(_vault, _ldapAuthEngine.MountPoint, "Test LDAP Backend");
// Load the Test Data Object
LoadTestData();
}
// Validates that the first key has a value of 1 and each subsequent call is increasing by 1.
public void KeyNumberShouldIncrement_EachCall_Success()
{
string defaultPrefix = "Key";
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
UniqueKeys uniqueKey = new UniqueKeys();
string key = uniqueKey.GetKey();
string expKey = defaultPrefix + stGuid + "1";
Assert.AreEqual(
expKey, key,
"A1: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
// Now generate another key:
string key2 = uniqueKey.GetKey();
string expKey2 = defaultPrefix + stGuid + "2";
Assert.AreEqual(
expKey2, key2,
"A2: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
}
public async Task AppRoleLoginConnector_Test()
{
// PRE-Test
VaultSystemBackend vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault);
string approleMountName = _UK.GetKey("AppAuth");
// Create an AppRole authentication connection.
AppRoleAuthEngine appRoleAuthEngine = (AppRoleAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole, "AppRole", approleMountName);
// Create an Authentication method of App Role. - This only needs to be done when the Auth method is created.
AuthMethod am = new AuthMethod(approleMountName, EnumAuthMethods.AppRole);
bool rc = await vaultSystemBackend.AuthEnable(am);
string rName = _UK.GetKey("Role");
AppRole roleA = new AppRole(rName);
Assert.True(await appRoleAuthEngine.SaveRole(roleA));
string roleID = await appRoleAuthEngine.ReadRoleID(roleA.Name);
// Now create the a secret
AppRoleSecret secret_A = await appRoleAuthEngine.GenerateSecretID(roleA.Name);
// ACTUAL TEST
// Create Login Connector
AppRoleLoginConnector loginConnector = new AppRoleLoginConnector(_vault, approleMountName, "Test AppRole", roleID, secret_A.ID);
bool result = await loginConnector.Connect(true);
Assert.IsTrue(result, "A10: Login Failed");
}
public void RefreshKeyWorks()
{
string defaultPrefix = "Key";
KeepWithinSingleSecond();
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
UniqueKeys uniqueKey = new UniqueKeys(constantTimeGuid: true);
string key = uniqueKey.GetKey(defaultPrefix);
string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "1";
Assert.AreEqual(expKey, key, "A10: Expected initial key value was not correct. Expected: " + expKey + " Actual: " + key);
string key2 = uniqueKey.GetKey(defaultPrefix);
// Now refresh the key.
string key3 = uniqueKey.RefreshKey(defaultPrefix);
// Because key3 requested RefreshKey, we should get a new TimeGuid as it would have made the thread sleep for at least 1 second.
TimeGuid newGuid = new TimeGuid(DateTime.Now);
Assert.IsTrue(key2.EndsWith(uniqueKey.WhatIsIncrementSeparator + "2"), "A20: Key2 should have ended with a 2.");
Assert.IsTrue(key3.EndsWith(newGuid.ToString), "A21: Key3 should have ended with a 1 as it was called with the RefreshKey.");
string expKey3 = defaultPrefix + uniqueKey.WhatIsKeySeparator + newGuid;
Assert.AreEqual(
expKey3, key3, "A30: Expected key after Refresh was not equal to the value returned by UniqueKeys. Exp: " + expKey3 + " Actual: " + key3);
}
public void KeyIncrementer_Increments_Success()
{
string defaultPrefix = "ABC";
KeepWithinSingleSecond();
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
UniqueKeys uniqueKey = new UniqueKeys();
string key = uniqueKey.GetKey(defaultPrefix);
string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid;
Assert.AreEqual(
expKey, key,
"A10: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
// Now create 2 more keys. They should have incrementers attched to them.
string key2 = uniqueKey.GetKey(defaultPrefix);
string key3 = uniqueKey.GetKey(defaultPrefix);
Assert.AreNotEqual(key, key2, "A20: Expected Key1 and Key2 to be different.");
Assert.AreNotEqual(key2, key3, "A30: Expected Key2 and Key3 to be different.");
Assert.IsTrue(key2.EndsWith(uniqueKey.WhatIsIncrementSeparator + "1"), "A40: Key2 should have ended with a 1.");
Assert.IsTrue(key3.EndsWith(uniqueKey.WhatIsIncrementSeparator + "2"), "A50: Key3 should have ended with a 2.");
}
public void KeyValueSeparator_CanBeSet_Success()
{
string defaultPrefix = "ABC";
string sep = "^";
KeepWithinSingleSecond();
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
// Set separator to be carat.
UniqueKeys uniqueKey = new UniqueKeys(sep);
string key = uniqueKey.GetKey(defaultPrefix);
string expKey = defaultPrefix + sep + stGuid.ToString;
Assert.AreEqual(
expKey, key,
"A10: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
TestContext.WriteLine("Unique Key Value: {0}", key);
TestContext.WriteLine("Expected Key Value: {0}", expKey);
}
public void RefreshKeyWithUniquePrefix_Success()
{
string defaultPrefix = "unique";
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
UniqueKeys uniqueKey = new UniqueKeys();
string key = uniqueKey.GetKey(defaultPrefix);
string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid.ToString;
Assert.AreEqual(
expKey, key,
"A1: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
// Now get a new key. Note the TimeGuid portion should be updated and the increment should be updated.
Thread.Sleep(1000);
string key2 = uniqueKey.RefreshKey(defaultPrefix);
TimeGuid stGuid2 = new TimeGuid(DateTime.Now);
string expKey2 = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid2;
Assert.AreEqual(
expKey2, key2, "A2: Expected key after Refresh was not equal to the value returned by UniqueKeys. Exp: " + expKey2 + " Actual: " + key2);
TestContext.WriteLine("Unique Key Value: {0}", key2);
TestContext.WriteLine("Expected Key Value: {0}", expKey2);
}
public async Task VaultAgentTest_OneTimeSetup()
{
_uk = new UniqueKeys();
name = _uk.GetKey("vlt");
vault = await VaultServerRef.ConnectVault(name);
//new VaultAgentAPI(name, VaultServerRef.ipAddress, VaultServerRef.ipPort, VaultServerRef.rootToken);
}
/// <summary>
/// This particular test was running consistently 15x slower than any other test. ~250ms
/// </summary>
/// <returns></returns>
public async Task AppRoleBE_UpdateRoleID()
{
string rName = _uniqueKeys.GetKey("Role");
AppRole ar = new AppRole(rName);
bool rc = await _appRoleAuthEngine.SaveRole(ar);
// Now read a Role ID for it.
string roleID = await _appRoleAuthEngine.ReadRoleID(ar.Name);
// Update the role ID
rc = await _appRoleAuthEngine.UpdateAppRoleID(ar.Name, "newDomain");
string roleIDNew = await _appRoleAuthEngine.ReadRoleID(ar.Name);
Assert.AreEqual("newDomain", roleIDNew);
Console.WriteLine("AppRoleBE_UpdateRoleID Finished OK!");
}
public void DefaultKeyPrefix_IsCorrect()
{
UniqueKeys uniqueKey = new UniqueKeys();
string key = uniqueKey.GetKey();
string prefix = key.Substring(0, 3);
Assert.AreEqual(3, prefix.Length, "A1: String prefix was expected to be 3 characters long.");
Assert.AreEqual("Key", prefix, "A2: Default prefix is expected to be Key");
}
public void StaticTimeGuid_StaysSameThruLifetimeOfUniqueKeyObject()
{
string defaultPrefix = "ABC";
KeepWithinSingleSecond();
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
//We want a constant TimeGuid
UniqueKeys uniqueKey = new UniqueKeys(constantTimeGuid: true);
string key = uniqueKey.GetKey(defaultPrefix);
string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "1";
Assert.AreEqual(
expKey, key,
"A10: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
// Now lets create 3 more keys with a second between them. TimeGuid should be same and just the incrementer should be increasing.
string key2 = uniqueKey.GetKey(defaultPrefix);
Thread.Sleep(1000);
string key3 = uniqueKey.GetKey(defaultPrefix);
Thread.Sleep(1500);
string key4 = uniqueKey.GetKey(defaultPrefix);
Thread.Sleep(2000);
Assert.IsTrue(key2.EndsWith(uniqueKey.WhatIsIncrementSeparator + "2"), "A20: Key2 should have ended with a 2.");
Assert.IsTrue(key3.EndsWith(uniqueKey.WhatIsIncrementSeparator + "3"), "A21: Key3 should have ended with a 3.");
Assert.IsTrue(key4.EndsWith(uniqueKey.WhatIsIncrementSeparator + "4"), "A22: Key4 should have ended with a 4.");
Assert.AreEqual(defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "2", key2,
"A50: key2 is not expected value.");
Assert.AreEqual(defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "3", key3,
"A51: key3 is not expected value.");
Assert.AreEqual(defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid + uniqueKey.WhatIsIncrementSeparator + "4", key4,
"A52: key4 is not expected value.");
}
public async Task Transit_CanEnableTransitBackend()
{
// Generate a hopefully small unique name.
string beName = _uniqueKeys.GetKey("TranBEN");
string oldName = _uniqueKeys.GetKey("TranBEO");
Assert.True(await _vaultSystemBackend.SysMountCreate(beName, "transit test backend", EnumSecretBackendTypes.Transit));
Assert.True(await _vaultSystemBackend.SysMountCreate(oldName, "transit test backend", EnumSecretBackendTypes.Transit));
}
public void DefaultConstructor_CreatesExpectedKey()
{
string key = "ABC";
// For this test we want to make sure we do not cross a second boundary. So any time above 700ms we will wait out until the next second hits.
int millisec = DateTimeOffset.Now.Millisecond;
int sleepInt = 0;
if (millisec > 800)
{
sleepInt = 1000 - millisec;
Thread.Sleep(sleepInt);
}
// We will test twice to determine if the TimeGuid is being set correctly.
UniqueKeys uniqueKeys = new UniqueKeys();
string key1 = uniqueKeys.GetKey(key);
// Now sleep so we can make sure the next call to uniqueKeys will generate a new timeGuid.
millisec = DateTimeOffset.Now.Millisecond;
sleepInt = 1000 - millisec + 10;
Thread.Sleep(sleepInt);
// Create another unique key. The TimeGuid's should be different.
string key2 = uniqueKeys.GetKey(key);
Assert.AreNotEqual(key1, key2, "A10: Expected the keys to be different.");
Assert.True(key2.StartsWith(key + ":"), "A20: Expected the generated key to start with ABC:");
// Now get the TimeGuid parts of the keys
string [] timeGuidPart1 = key1.Split(":");
Assert.AreEqual(2, timeGuidPart1.Length, "A30: Expected the generated key to contain 2 parts.");
string [] timeGuidPart2 = key2.Split(":");
Assert.AreEqual(2, timeGuidPart2.Length, "A30: Expected the generated key to contain 2 parts.");
Assert.AreNotEqual(timeGuidPart1 [1], timeGuidPart2 [1], "A40: Expected the TimeGuid part of the keys to be different.");
Assert.AreEqual(timeGuidPart1 [0], timeGuidPart2 [0], "A50: Expected the Key part of the keys to be the same.");
}
public async Task ValidateConfigOptions()
{
int maxTTL = 1800; // 30min
int defaultTTL = 600; // 10min
string vis = "hidden"; // should not show up in ui lists.
string key = _uniqueKeys.GetKey("SYSM");
string desc = "Test Mount DB: " + key + "KeyValue V2";
VaultSysMountConfig config = new VaultSysMountConfig {
DefaultLeaseTTL = defaultTTL.ToString(),
MaxLeaseTTL = maxTTL.ToString(),
VisibilitySetting = vis
};
Assert.True(await _vaultSystemBackend.SysMountCreate(key, desc, EnumSecretBackendTypes.KeyValueV2, config), "Unable to create Mount with key name: {0}", key);
// Now read back the mount config data.
VaultSysMountConfig config2 = await _vaultSystemBackend.SysMountReadConfig(key);
Assert.AreEqual(config.DefaultLeaseTTL, config2.DefaultLeaseTTL, "Default Lease TTL's are not the same.");
Assert.AreEqual(config.MaxLeaseTTL, config2.MaxLeaseTTL, "Max Lease TTL's are not the same.");
Assert.AreEqual(config.VisibilitySetting, config2.VisibilitySetting, "Visibility Settings are not the same.");
}
public async Task Secret_Init()
{
if (_vaultAgentAPI != null)
{
return;
}
// Build Connection to Vault.
_vaultAgentAPI = await VaultServerRef.ConnectVault("SecretBackEnd");
string mountName = _uniqueKeys.GetKey("SEC");
// Get Connection to Vault System backend
_systemBackend = new VaultSystemBackend(_vaultAgentAPI.TokenID, _vaultAgentAPI);
Assert.IsTrue(await _systemBackend.CreateSecretBackendMount(EnumSecretBackendTypes.Secret, mountName, mountName, "Secret V1 Backend"), "A10: Failed to create Secret Backend");
_keyValueSecretEngine = (KeyValueSecretEngine)_vaultAgentAPI.ConnectToSecretBackend(EnumSecretBackendTypes.Secret, mountName, mountName);
// _keyValueSecretEngine = (KeyValueSecretEngine)await _vaultAgentAPI.CreateSecretBackendMount(EnumSecretBackendTypes.Secret, mountName, mountName, "Secret V1 Backend");
Assert.NotNull(_keyValueSecretEngine);
return;
}
public async Task NormalLogin()
{
// SETUP
// We need our own vault since we will be manipulating the token value
VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest");
TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
// Need a Token Role so we can autogenerate a token
TokenRole tokenRole = new TokenRole();
UniqueKeys UK = new UniqueKeys("", ""); // Unique Key generator
tokenRole.Name = UK.GetKey();
await ourTokenAuthEngine.SaveTokenRole(tokenRole);
string tokenName = "Name" + tokenRole.Name;
TokenNewSettings tokenNewSettings = new TokenNewSettings()
{
Name = tokenName,
NumberOfUses = 6,
NoParentToken = true,
RoleName = tokenRole.Name
};
Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value.");
// Read the token we just created.
//Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
Assert.IsNotNull(token, "A20: No Token returned. Was expecting one.");
VaultAgentAPI vault2 = await VaultServerRef.ConnectVault("TokenLoginTest");
TokenLoginConnector loginConnector = new TokenLoginConnector(vault2, "test");
loginConnector.TokenId = token.ID;
Assert.IsTrue(await loginConnector.Connect(), "A30: Login Failed");
}
public void GetKeyWithUniquePrefix_Success()
{
string defaultPrefix = "unique";
// We need to simulate the Timeguid logic to derive at the initial key value.
TimeGuid stGuid = new TimeGuid(DateTime.Now);
UniqueKeys uniqueKey = new UniqueKeys();
string key = uniqueKey.GetKey(defaultPrefix);
string expKey = defaultPrefix + uniqueKey.WhatIsKeySeparator + stGuid.ToString;
Assert.AreEqual(
expKey, key,
"A1: Expected initial key value was not correct. Note: On Failures run a second time. There is a very slight chance that due to a second rollover the values could be different. Expected: " +
expKey +
" Actual: " +
key);
TestContext.WriteLine("Unique Key Value: {0}", key);
TestContext.WriteLine("Expected Key Value: {0}", expKey);
}
public async Task RetrieveInvalidTokenFails()
{
string tokenID = UK.GetKey("tokH");
Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
Assert.IsNull(token, "M1: Tried to find an unknown token returned a token object. This is incorrect.");
}
public async Task AppRoleAuthEngineSetup()
{
// Build Connection to Vault.
_vault = await VaultServerRef.ConnectVault("AppRoleVault");
//_vault = new VaultAgentAPI("AppRoleVault", VaultServerRef.ipAddress, VaultServerRef.ipPort); //, VaultServerRef.rootToken,true);
_vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault);
string approleMountName = _uniqueKeys.GetKey("AppAuth");
// Create an AppRole authentication connection.
_appRoleAuthEngine = (AppRoleAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole, "AppRole", approleMountName);
// Create an Authentication method of App Role. - This only needs to be done when the Auth method is created.
AuthMethod am = new AuthMethod(approleMountName, EnumAuthMethods.AppRole);
bool rc = await _vaultSystemBackend.AuthEnable(am);
}
/// <summary>
/// Reusable method that updates the provided secret and then returns the updated version.
/// </summary>
/// <param name="secret"></param>
/// <returns></returns>
private async Task <KV2Secret> UpdateSecretRandom(KV2Secret secret)
{
secret.Attributes.Add(_uniqueKeys.GetKey("attr"), "val");
Assert.True(await _rootEng.SaveSecret(secret, KV2EnumSecretSaveOptions.OnlyOnExistingVersionMatch, secret.Version), "UpdateSecretRandom: Failed to save correctly.");
return(await _rootEng.ReadSecret(secret));
}
public async Task Transit_Init()
{
if (_vaultAgentAPI != null)
{
return;
}
// Build Connection to Vault.
_vaultAgentAPI = await VaultServerRef.ConnectVault("TransitSecEng");
//new VaultAgentAPI("transitVault", VaultServerRef.ipAddress, VaultServerRef.ipPort, VaultServerRef.rootToken, true);
// Create unique name for the transit Backend we will use to test with.
string transitMountName = _uniqueKeys.GetKey("TRANsit");
// Get Connection to Vault System backend
_systemBackend = new VaultSystemBackend(_vaultAgentAPI.TokenID, _vaultAgentAPI);
Assert.IsTrue(await _systemBackend.CreateSecretBackendMount(EnumSecretBackendTypes.Transit, transitMountName, transitMountName,
"Transit Bckend Testing"), "A10: Failed to Create the Transit Backend");
_transitSecretEngine = (TransitSecretEngine)_vaultAgentAPI.ConnectToSecretBackend(EnumSecretBackendTypes.Transit, transitMountName, transitMountName);
// _transitSecretEngine =
// (TransitSecretEngine) await _vaultAgentAPI.CreateSecretBackendMount(EnumSecretBackendTypes.Transit, transitMountName, transitMountName,
// "Transit Bckend Testing");
Assert.NotNull(_transitSecretEngine, "Transit Backend was returned null upon creation.");
}
public async Task Create_Entity_Success()
{
string name = _uniqueKey.GetKey("Entity");
Entity entity = new Entity(name);
entity.Policies.Add("polTest1");
entity.Policies.Add("polTest2");
entity.Metadata.Add("Company", "ACME");
entity.Metadata.Add("Products", "Dynamite");
// Now save entity
Entity rc = await _idEngine.SaveEntity(entity);
Assert.IsNotNull(rc, "A10: Expected to receive an Entity object");
Guid gID = new Guid();
Assert.AreNotEqual(gID, rc.Id, "A20: The SaveEntity method should have returned an Entity object with a GUID value. Instead it is at default - 0.");
TestContext.WriteLine("Entity Name: {0}", entity.Name);
TestContext.WriteLine("Entity ID: {0}", entity.Id);
}
public async Task SetSimpleLock()
{
string id = _idGenerator.Next().ToString();
string lockCategory = _uniqueKeys.GetKey("SSL");
// Set Lock
Assert.IsTrue(await _locker.SetLock(lockCategory, id, "SetSimple"), "A10: Lock was not set");
}
