public void AddHashiCorpWithUserPass_WithOutOfBoundsKeyValueVersion_Throws(VaultKeyValueSecretEngineVersion secretEngineVersion)
{
// Arrange
var builder = new HostBuilder();
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddHashiCorpVaultWithUserPass("https://vault.uri:456", "username", "password", "secret/path", options => options.KeyValueVersion = secretEngineVersion);
});
// Assert
Assert.ThrowsAny <ArgumentException>(() => builder.Build());
}
public void AddHashiCorp_WithOutOfBoundsKeyValueVersion_Throws(VaultKeyValueSecretEngineVersion secretEngineVersion)
{
// Arrange
var builder = new HostBuilder();
var settings = new VaultClientSettings("https://vault.uri:456", new UserPassAuthMethodInfo("username", "password"));
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddHashiCorpVault(settings, secretPath: "secret/path", options => options.KeyValueVersion = secretEngineVersion);
});
// Assert
Assert.ThrowsAny <ArgumentException>(() => builder.Build());
}
/// <summary>
/// Mounts the KeyValue secret engine with a specific <paramref name="version"/> to a specific <paramref name="path"/>.
/// </summary>
/// <param name="path">The path to mount the secret engine to.</param>
/// <param name="version">The version of the KeyValue secret engine to mount.</param>
/// <exception cref="ArgumentException">
/// Thrown when the <paramref name="path"/> is blank or the <paramref name="version"/> is outside the bounds of the enumeration.
/// </exception>
public async Task MountKeyValueAsync(string path, VaultKeyValueSecretEngineVersion version)
{
Guard.NotNullOrWhitespace(path, nameof(path), "Requires a path to mount the KeyValue secret engine to");
Guard.For <ArgumentException>(() => !Enum.IsDefined(typeof(VaultKeyValueSecretEngineVersion), version), "Requires a KeyValue secret engine version that is either V1 or V2");
var content = new MountInfo
{
Type = "kv",
Description = "KeyValue v1 secret engine",
Options = new MountOptions {
Version = ((int)version).ToString()
}
};
var http = new VaultHttpClient();
var uri = new Uri(ListenAddress, "/v1/sys/mounts/" + path);
await http.PostVoid(uri, content, _rootToken, default(CancellationToken));
}
public void AddHashiCorpWithKubernetes_WithOutOfBoundsKeyValueVersion_Throws(VaultKeyValueSecretEngineVersion secretEngineVersion)
{
// Arrange
var builder = new HostBuilder();
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddHashiCorpVaultWithKubernetes(
vaultServerUriWithPort: "https://vault.uri:456",
roleName: "role name",
jsonWebToken: "jwt",
secretPath: "secret/path",
configureOptions: options => options.KeyValueVersion = secretEngineVersion,
name: null,
mutateSecretName: null);
});
// Assert
Assert.ThrowsAny <ArgumentException>(() => builder.Build());
}
public async Task AuthenticateWithUserPassKeyValueV1_GetSecret_Succeeds()
{
// Arrange
string secretPath = "mysecret";
string secretName = "my-value";
string expected = "s3cr3t";
string userName = "******";
string password = "******";
const string mountPoint = "secret-v1";
const VaultKeyValueSecretEngineVersion keyValueVersion = VaultKeyValueSecretEngineVersion.V1;
using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, mountPoint))
{
await server.MountKeyValueAsync(mountPoint, keyValueVersion);
await server.KeyValueV1.WriteSecretAsync(
mountPoint : mountPoint,
path : secretPath,
values : new Dictionary <string, object> {
[secretName] = expected
});
var authentication = new UserPassAuthMethodInfo(userName, password);
var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication);
var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions
{
KeyValueMountPoint = mountPoint,
KeyValueVersion = keyValueVersion
}, NullLogger <HashiCorpSecretProvider> .Instance);
// Act
string actual = await provider.GetRawSecretAsync(secretName);
// Assert
Assert.Equal(expected, actual);
}
}
public void AddHashiCorp_WithOutOfBoundsKeyValueVersion_Throws(VaultKeyValueSecretEngineVersion secretEngineVersion)
{
// Arrange
var builder = new HostBuilder();
var userName = Guid.NewGuid().ToString();
var password = Guid.NewGuid().ToString();
var settings = new VaultClientSettings("https://vault.uri:456", new UserPassAuthMethodInfo(userName, password));
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddHashiCorpVault(
settings: settings,
secretPath: "secret/path",
configureOptions: options => options.KeyValueVersion = secretEngineVersion,
name: null,
mutateSecretName: null);
});
// Assert
Assert.ThrowsAny <ArgumentException>(() => builder.Build());
}
