public VaultConfigurationTests(VaultFixture fixture)
{
_authMethod = new TokenAuthMethodInfo(fixture.Api.Token);
_uri = fixture.Api.Url;
_engineName = "kv";
_vaultClient = new VaultClient(new VaultClientSettings(_uri, _authMethod));
}
private IVaultClient CreateCreate(Uri address, IAuthMethodInfo authMethodInfo, string?expectedHostname)
{
var settings = new VaultClientSettings(address.ToString(), authMethodInfo)
{
MyHttpClientProviderFunc = CreateHttpClientHandler(expectedHostname)
};
return(new VaultClient(settings));
}
private static (IVaultClient client, VaultClientSettings settings) GetClientAndSettings(VaultOptions options)
{
IAuthMethodInfo authMethodInfo = options.AuthType switch
{
AuthType.Token => new TokenAuthMethodInfo(options.Token),
AuthType.UserPass => new UserPassAuthMethodInfo(options.Username, options.Password),
_ => throw new InvalidEnumArgumentException(
nameof(options.AuthType), (int)options.AuthType, typeof(AuthType))
};
var settings = new VaultClientSettings(options.Url, authMethodInfo);
var client = new VaultClient(settings);
return(client, settings);
}
/// <summary>
/// Adds a HashiCorp Vault configuration source to <paramref name="builder" />.
/// </summary>
/// <param name="builder">The <see cref="IConfigurationBuilder" /> to add to.</param>
/// <param name="vaultServerUriWithPort">The Vault Server Uri with port.</param>
/// <param name="authMethodInfo">The auth method to be used to acquire a vault token.</param>
/// <param name="engineName">The name of the KeyValue secrets engine.</param>
public static IConfigurationBuilder AddVault(
this IConfigurationBuilder builder,
string vaultServerUriWithPort,
IAuthMethodInfo authMethodInfo,
string engineName)
{
if (builder == null) throw new ArgumentNullException(nameof(builder));
if (string.IsNullOrWhiteSpace(vaultServerUriWithPort))
throw new ArgumentException(Resources.Error_InvalidVaultServerUrl, nameof(vaultServerUriWithPort));
if (authMethodInfo == null) throw new ArgumentNullException(nameof(authMethodInfo));
if (string.IsNullOrWhiteSpace(engineName))
throw new ArgumentException(Resources.Error_InvalidEngineName, nameof(engineName));
return builder.AddVault(
source =>
{
source.Uri = vaultServerUriWithPort;
source.AuthMethod = authMethodInfo;
source.Engine.Name = engineName;
});
}
/// <summary>
/// Constructor with bare minimal required fields.
/// </summary>
/// <param name="vaultServerUriWithPort"></param>
/// <param name="authMethodInfo"></param>
public VaultClientSettings(string vaultServerUriWithPort, IAuthMethodInfo authMethodInfo)
{
VaultServerUriWithPort = vaultServerUriWithPort;
AuthMethodInfo = authMethodInfo;
}
public static IAuthMethodLoginProvider CreateAuthenticationProvider(IAuthMethodInfo authInfo, Polymath polymath)
{
if (authInfo.AuthMethodType == AuthMethodType.AliCloud)
{
return(new AliCloudAuthMethodLoginProvider(authInfo as AliCloudAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.AppRole)
{
return(new AppRoleAuthMethodLoginProvider(authInfo as AppRoleAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.AWS)
{
return(new AWSAuthMethodLoginProvider(authInfo as AbstractAWSAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.Azure)
{
return(new AzureAuthMethodLoginProvider(authInfo as AzureAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.GitHub)
{
return(new GitHubAuthMethodLoginProvider(authInfo as GitHubAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.GoogleCloud)
{
return(new GoogleCloudAuthMethodLoginProvider(authInfo as GoogleCloudAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.JWT)
{
return(new JWTAuthMethodLoginProvider(authInfo as JWTAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.Kubernetes)
{
return(new KubernetesAuthMethodLoginProvider(authInfo as KubernetesAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.LDAP)
{
return(new LDAPAuthMethodLoginProvider(authInfo as LDAPAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.Kerberos)
{
return(new KerberosAuthMethodLoginProvider(authInfo as KerberosAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.Okta)
{
return(new OktaAuthMethodLoginProvider(authInfo as OktaAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.RADIUS)
{
return(new RADIUSAuthMethodLoginProvider(authInfo as RADIUSAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.Cert)
{
// we have attached the certificates to request elsewhere.
return(new CertAuthMethodLoginProvider(authInfo as CertAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.Token)
{
return(new TokenAuthMethodLoginProvider(authInfo as TokenAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.UserPass)
{
return(new UserPassAuthMethodLoginProvider(authInfo as UserPassAuthMethodInfo, polymath));
}
if (authInfo.AuthMethodType == AuthMethodType.CloudFoundry)
{
return(new CloudFoundryAuthMethodLoginProvider(authInfo as CloudFoundryAuthMethodInfo, polymath));
}
var customAuthMethodInfo = authInfo as CustomAuthMethodInfo;
if (customAuthMethodInfo != null)
{
return(new CustomAuthMethodLoginProvider(customAuthMethodInfo, polymath));
}
throw new NotSupportedException("The requested authentication backend type is not supported: " + authInfo.AuthMethodType);
}
public IJunoClientBuilder WithAuthMethod(IAuthMethodInfo authMethodInfo)
{
_auth = authMethodInfo;
return(this);
}
