/// <summary>
/// Make a CredHubClient available to DI
/// </summary>
/// <remarks>Uses UAA user/password authentication if configured, otherwise mTLS</remarks>
/// <param name="services">Service collection</param>
/// <param name="config">App configuration</param>
/// <param name="loggerFactory">Logger factory</param>
/// <returns>Service collection with CredHubClient added in</returns>
public static IServiceCollection AddCredHubClient(this IServiceCollection services, IConfiguration config, ILoggerFactory loggerFactory = null)
{
ILogger startupLogger = null;
ILogger credhubLogger = null;
if (loggerFactory != null)
{
startupLogger = loggerFactory.CreateLogger("Steeltoe.Security.DataProtection.CredHubCore");
credhubLogger = loggerFactory.CreateLogger <CredHubClient>();
}
var credHubOptions = config.GetSection("CredHubClient").Get <CredHubOptions>();
credHubOptions.Validate();
CredHubClient credHubClient;
try
{
startupLogger?.LogTrace("Using UAA auth for CredHub client with client id {ClientId}", credHubOptions.ClientId);
credHubClient = CredHubClient.CreateUAAClientAsync(credHubOptions).GetAwaiter().GetResult();
services.AddSingleton <ICredHubClient>(credHubClient);
}
catch (Exception e)
{
startupLogger?.LogCritical(e, "Failed to initialize CredHub client for ServiceCollection");
}
return(services);
}
public HomeController(ILogger <HomeController> logger, ILoggerFactory loggerFactory, IOptionsSnapshot <CredHubOptions> credHubOptions)
{
_logger = logger;
_loggerFactory = loggerFactory;
if (_credHub == null && Request?.Path.Value.Contains("Injected") != true)
{
// if a username and password were supplied, use that auth method, otherwise expect Diego to provide credentials on PCF
try
{
if (!string.IsNullOrEmpty(credHubOptions.Value.CredHubUser) && !string.IsNullOrEmpty(credHubOptions.Value.CredHubPassword))
{
_logger?.LogTrace("Getting CredHub UAA Client...");
_credHub = CredHubClient.CreateUAAClientAsync(credHubOptions.Value, _loggerFactory.CreateLogger <CredHubClient>()).Result;
}
else
{
_logger?.LogTrace("Getting CredHub mTLS Client...");
_credHub = CredHubClient.CreateMTLSClientAsync(credHubOptions.Value, _loggerFactory.CreateLogger <CredHubClient>()).Result;
}
}
catch (Exception e)
{
_logger?.LogCritical(e, "Failed to initialize CredHubClient");
throw new Exception($"Failed initializing CredHubClient: {e}");
}
}
}
/// <summary>
/// Reach out to a CredHub server to interpolate credentials found in VCAP_SERVICES
/// </summary>
/// <param name="webHostBuilder">Your app's host builder</param>
/// <param name="loggerFactory">To enable logging in the credhub client, pass in a loggerfactory</param>
/// <returns>Your application's host builder with credentials interpolated</returns>
public static IWebHostBuilder UseCredHubInterpolation(this IWebHostBuilder webHostBuilder, ILoggerFactory loggerFactory = null)
{
ILogger startupLogger = null;
ILogger credhubLogger = null;
if (loggerFactory != null)
{
startupLogger = loggerFactory.CreateLogger("Steeltoe.Security.DataProtection.CredHubCore");
credhubLogger = loggerFactory.CreateLogger <CredHubClient>();
}
var vcapServices = Environment.GetEnvironmentVariable("VCAP_SERVICES");
// don't bother interpolating if there aren't any credhub references
if (vcapServices != null && vcapServices.Contains("credhub-ref"))
{
webHostBuilder.ConfigureAppConfiguration((context, config) =>
{
var builtConfig = config.Build();
CredHubClient credHubClient = null;
var credHubOptions = builtConfig.GetSection("CredHubClient").Get <CredHubOptions>();
try
{
if (!string.IsNullOrEmpty(credHubOptions?.CredHubUser) && !string.IsNullOrEmpty(credHubOptions?.CredHubPassword))
{
startupLogger?.LogTrace("Using UAA auth for CredHub client");
credHubClient = CredHubClient.CreateUAAClientAsync(credHubOptions, credhubLogger).Result;
}
else
{
startupLogger?.LogTrace("Using mTLS auth for CredHub client");
credHubClient = CredHubClient.CreateMTLSClientAsync(credHubOptions ?? new CredHubOptions(), credhubLogger).Result;
}
}
catch (Exception e)
{
startupLogger?.LogCritical(e, "Failed to initialize CredHub client");
}
try
{
var interpolated = credHubClient.InterpolateServiceDataAsync(vcapServices).Result;
builtConfig.GetSection("vcap:services").Bind(interpolated);
}
catch (Exception e)
{
startupLogger?.LogCritical(e, "Failed to interpolate service data with CredHub");
}
});
}
else
{
startupLogger?.LogInformation("No CredHub references found in VCAP_SERVICES");
}
return(webHostBuilder);
}
/// <summary>
/// Reach out to a CredHub server to interpolate credentials found in VCAP_SERVICES
/// </summary>
/// <param name="webHostBuilder">Your app's host builder</param>
/// <param name="loggerFactory">To enable logging in the credhub client, pass in a loggerfactory</param>
/// <returns>Your application's host builder with credentials interpolated</returns>
public static IWebHostBuilder UseCredHubInterpolation(this IWebHostBuilder webHostBuilder, ILoggerFactory loggerFactory = null)
{
ILogger startupLogger = null;
ILogger credhubLogger = null;
if (loggerFactory != null)
{
startupLogger = loggerFactory.CreateLogger("Steeltoe.Security.DataProtection.CredHubCore");
credhubLogger = loggerFactory.CreateLogger <CredHubClient>();
}
var vcapServices = Environment.GetEnvironmentVariable("VCAP_SERVICES");
// don't bother interpolating if there aren't any credhub references
if (vcapServices != null && vcapServices.Contains("credhub-ref"))
{
webHostBuilder.ConfigureAppConfiguration((context, config) =>
{
var builtConfig = config.Build();
CredHubClient credHubClient;
var credHubOptions = builtConfig.GetSection("CredHubClient").Get <CredHubOptions>();
credHubOptions.Validate();
try
{
startupLogger?.LogTrace("Using UAA auth for CredHub client with client id {ClientId}", credHubOptions.ClientId);
credHubClient = CredHubClient.CreateUAAClientAsync(credHubOptions, credhubLogger).GetAwaiter().GetResult();
}
catch (Exception e)
{
startupLogger?.LogCritical(e, "Failed to initialize CredHub client");
// return early to prevent call we know will fail
return;
}
try
{
// send the interpolate request to CredHub
string interpolated = credHubClient.InterpolateServiceDataAsync(vcapServices).GetAwaiter().GetResult();
// update the environment variable for this process
Environment.SetEnvironmentVariable("VCAP_SERVICES", interpolated);
}
catch (Exception e)
{
startupLogger?.LogCritical(e, "Failed to interpolate service data with CredHub");
}
});
}
else
{
startupLogger?.LogInformation("No CredHub references found in VCAP_SERVICES");
}
return(webHostBuilder);
}
public void ValueConverter_SerializesClass_AsStringProperty()
{
var passwordCredential = new PasswordCredential("thisIsAPassword");
var chClient = new CredHubClient();
var serialized = JsonSerializer.Serialize(passwordCredential, chClient.SerializerOptions);
Assert.Equal("\"thisIsAPassword\"", serialized);
}
protected override async Task <string> RunAsync()
{
var credHubClient = await CredHubClient.CreateMTLSClientAsync(new CredHubOptions { ValidateCertificates = false }, logFactory.CreateLogger("CredHub"));
var credRequest = new PasswordGenerationRequest("credbulb", _options, overwriteMode: OverwiteMode.overwrite);
var newPassword = (await credHubClient.GenerateAsync <PasswordCredential>(credRequest)).Value;
Console.WriteLine("success path");
return(newPassword.ToString());
}
public HomeController(ILogger <HomeController> logger, ILoggerFactory loggerFactory, IOptionsSnapshot <CredHubOptions> credHubOptions)
{
_logger = logger;
_loggerFactory = loggerFactory;
if (_credHub == null && Request?.Path.Value.Contains("Injected") != true)
{
try
{
_logger?.LogTrace("Getting CredHub UAA Client...");
_credHub = CredHubClient.CreateUAAClientAsync(credHubOptions.Value, _loggerFactory.CreateLogger <CredHubClient>()).Result;
}
catch (Exception e)
{
_logger?.LogCritical(e, "Failed to initialize CredHubClient");
throw new Exception($"Failed initializing CredHubClient: {e}");
}
}
}
/// <summary>
/// Make a CredHubClient available to DI
/// </summary>
/// <remarks>Uses UAA user/password authentication if configured, otherwise mTLS</remarks>
/// <param name="services">Service collection</param>
/// <param name="config">App configuration</param>
/// <param name="loggerFactory">Logger factory</param>
/// <returns>Service collection with CredHubClient added in</returns>
public static IServiceCollection AddCredHubClient(this IServiceCollection services, IConfiguration config, ILoggerFactory loggerFactory = null)
{
ILogger startupLogger = null;
ILogger credhubLogger = null;
if (loggerFactory != null)
{
startupLogger = loggerFactory.CreateLogger("Steeltoe.Security.DataProtection.CredHubCore");
credhubLogger = loggerFactory.CreateLogger <CredHubClient>();
}
var credHubOptions = config.GetSection("CredHubClient").Get <CredHubOptions>();
CredHubClient credHubClient;
try
{
// if a username and password were supplied, use that auth method, otherwise expect Diego to provide credentials on PCF
if (!string.IsNullOrEmpty(credHubOptions?.CredHubUser) && !string.IsNullOrEmpty(credHubOptions?.CredHubPassword))
{
startupLogger?.LogTrace("Using UAA auth for CredHub client");
credHubClient = CredHubClient.CreateUAAClientAsync(credHubOptions).Result;
}
else
{
startupLogger?.LogTrace("Using mTLS auth for CredHub client");
credHubClient = CredHubClient.CreateMTLSClientAsync(credHubOptions ?? new CredHubOptions()).Result;
}
services.AddSingleton <ICredHubClient>(credHubClient);
}
catch (Exception e)
{
startupLogger?.LogCritical(e, "Failed to initialize CredHub client for ServiceCollection");
}
return(services);
}
