public static async Task <LeaderStatus> GetLeaderAsync(this VaultClient client, SystemBackendOptions options = null) { return(await((IProtocolSource)client).Protocol .SendGetAsync <LeaderStatus>("sys/leader", options: options)); }
/// <summary> /// Mounts a new secret backend at the given path. /// </summary> /// <param name="client"></param> /// <param name="path">Specifies the path where the secret backend will be mounted.</param> /// <param name="type">Specifies the type of the backend, such as <c>aws</c>.</param> /// <param name="description">Specifies the human-friendly description of the mount.</param> /// <param name="config">Specifies configuration options for this mount.</param> /// <param name="local">Specifies if the secret backend is a local mount only. /// Local mounts are not replicated nor (if a secondary) removed by replication.</param> /// <param name="options"></param> /// <remarks> /// <para> /// This <c>config</c> an object with these possible values: /// <list> /// <item>default_lease_ttl</item> /// <item>max_lease_ttl</item> /// <item>force_no_cache</item> /// <item>plugin_name</item> /// </list> /// These control the default and maximum lease time-to-live, and force disabling /// backend caching respectively. If set on a specific mount, this overrides the /// global defaults. /// </para><para> /// <b><i>The <c>local</c> option is allowed in Vault open-source, but relevant functionality /// is only supported in Vault Enterprise.</i></b> /// </para> public static async Task MountBackendAsync( this VaultClient client, string path, string type, string description = null, Dictionary <string, object> config = null, bool?local = null, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(path)) { throw new ArgumentNullException(nameof(path)); } if (string.IsNullOrEmpty(type)) { throw new ArgumentNullException(nameof(type)); } path = path.Trim('/'); await((IProtocolSource)client).Protocol.SendPostAsync <NoContentResponse>( $"sys/mounts/{path}", new MountBackendRequest { Type = type, Description = description, Config = config, Local = local, }, options: options); }
public static async Task <KeyStatus> GetKeyStatusAsync(this VaultClient client, SystemBackendOptions options = null) { return(await((IProtocolSource)client).Protocol .SendGetAsync <KeyStatus>("sys/key-status", options: options)); }
public static async Task <ReadResponse <Dictionary <string, object> > > UnwrapData( this VaultClient client, string token = null, SystemBackendOptions options = null) { return(await UnwrapData <Dictionary <string, object> >(client, token, options)); }
public static async Task DoSealAsync(this VaultClient client, SystemBackendOptions options = null) { await((IProtocolSource)client).Protocol .SendPutAsync <NoContentResponse>("sys/seal", options: options); }
/// <summary> /// Registers a new plugin, or updates an existing one with the supplied name. /// </summary> /// <param name="client"></param> /// <param name="name">Specifies the name for this plugin. The name is what is used to /// look up plugins in the catalog.</param> /// <param name="sha256">This is the SHA256 sum of the plugin's binary. Before a plugin /// is run it's SHA will be checked against this value, if they do not match the /// plugin can not be run.</param> /// <param name="command">Specifies the command used to execute the plugin. This is /// relative to the plugin directory. Example: <c>>myplugin --my_flag=1<c>></param> /// <param name="args"></param> /// <param name="options"></param> /// <remarks> /// <para> /// <b><i>sudo required – This operation requires sudo capability in addition to any /// path-specific capabilities.</i></b> /// </para> /// </remarks> public static async Task RegisterPluginAsync( this VaultClient client, string name, string sha256, string command, string[] args = null, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(name)) { throw new ArgumentNullException(nameof(name)); } if (string.IsNullOrEmpty(sha256)) { throw new ArgumentNullException(nameof(sha256)); } if (string.IsNullOrEmpty(command)) { throw new ArgumentNullException(nameof(command)); } name = name.TrimStart('/'); await client.WriteAsync($"sys/plugins/catalog/{name}", new RegisterPluginRequest { Sha256 = sha256, Command = command, Args = args, }, options : options); }
public static async Task <InitializationStatus> GetInitializationStatusAsync( this VaultClient client, SystemBackendOptions options = null) { return(await((IProtocolSource)client).Protocol .SendGetAsync <InitializationStatus>("sys/init", options: options)); }
/// <summary> /// Lists all the mounted secret backends. /// </summary> public static async Task <ReadResponse <Dictionary <string, MountInfo> > > ListMountedBackendsAsync( this VaultClient client, SystemBackendOptions options = null) { return(await client.ReadAsync <ReadResponse <Dictionary <string, MountInfo> > >( "sys/mounts", options : options)); }
/// <summary> /// Lists the plugins in the catalog. /// </summary> public static async Task <ReadResponse <KeysData> > ListPluginsAsync( this VaultClient client, SystemBackendOptions options = null) { return(await client.ListAsync <ReadResponse <KeysData> >("sys/plugins/catalog", on404 : resp => null, options : options)); }
public static async Task <ReadResponse <Dictionary <string, AuthBackendInfo> > > ListAuthBackendsAsync( this VaultClient client, SystemBackendOptions options = null) { return(await((IProtocolSource)client).Protocol .SendGetAsync <ReadResponse <Dictionary <string, AuthBackendInfo> > >($"sys/auth", options: options)); }
public static async Task <SealStatus> DoUnsealAsync(this VaultClient client, UnsealRequest requ, SystemBackendOptions options = null) { return(await((IProtocolSource)client).Protocol .SendPutAsync <SealStatus>("sys/unseal", requ, options: options)); }
public static async Task <InitializationResponse> DoInitializeAsync(this VaultClient client, InitializationRequest requ, SystemBackendOptions options = null) { return(await((IProtocolSource)client).Protocol .SendPutAsync <InitializationResponse>("sys/init", requ, options: options)); }
public static async Task <HealthStatus> GetHealthAsync(this VaultClient client, SystemBackendOptions options = null) { // We want to make sure that all the valid modes or states // return a 200 response so we can capture it successfully return(await((IProtocolSource)client).Protocol .SendGetAsync <HealthStatus>("sys/health" + "?standbyok=false" + "&activecode=200" + "&standbycode=200" + "&sealedcode=200" + "&uninitcode=200", options: options)); }
/// <summary> /// Reloads mounted plugin backends. /// </summary> /// <param name="client"></param> /// <param name="mounts">Mount paths of the plugin backends to reload.</param> /// <param name="options"></param> /// <returns></returns> public static async Task ReloadMountPluginsAsync( this VaultClient client, string[] mounts, SystemBackendOptions options = null) { if (mounts == null || mounts.Length == 0) { throw new ArgumentNullException(nameof(mounts)); } await client.WriteAsync($"sys/plugins/reload/backend", new { mounts }, options : options); }
/// <summary> /// This endpoint revokes all secrets or tokens generated under a given prefix /// immediately. Unlike /sys/leases/revoke-prefix, this path ignores backend errors /// encountered during revocation. This is potentially very dangerous and should only /// be used in specific emergency situations where errors in the backend or the /// connected backend service prevent normal revocation. /// </summary> /// <param name="client"></param> /// <param name="leaseId">Specifies the prefix to revoke.</param> /// <param name="options"></param> /// <remarks> /// <b><i>This operation requires 'sudo' capability.</i></b> /// <para> /// By ignoring these errors, Vault abdicates responsibility for ensuring that /// the issued credentials or secrets are properly revoked and/or cleaned up. /// Access to this operation is typically tightly controlled. /// </para> /// </remarks> public static async Task RevokeForceLeasesAsync( this VaultClient client, string prefix, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(prefix)) { throw new ArgumentNullException(nameof(prefix)); } await((IProtocolSource)client).Protocol.SendPutAsync <NoContentResponse>( $"sys/leases/revoke-force/{prefix}", options: options); }
public static async Task <AuthBackendConfig> ReadAuthBackendTuningAsync( this VaultClient client, string authName, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(authName)) { throw new ArgumentNullException(nameof(authName)); } return(await((IProtocolSource)client).Protocol .SendGetAsync <AuthBackendConfig>($"sys/auth/{authName}/tune", options: options)); }
/// <summary> /// Reloads mounted plugin backends. /// </summary> /// <param name="client"></param> /// <param name="plugin">The name of the plugin to reload, as registered in the plugin /// catalog.</param> /// <param name="options"></param> /// <remarks> /// Used to reload mounted plugin backends. All mounted paths that use the plugin /// backend will be reloaded. /// </remarks> public static async Task ReloadPluginAsync( this VaultClient client, string plugin, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(plugin)) { throw new ArgumentNullException(nameof(plugin)); } await client.WriteAsync($"sys/plugins/reload/backend", new { plugin }, options : options); }
/// <summary> /// Can be used to rotate a wrapping token and refresh its TTL. /// </summary> /// <param name="client"></param> /// <param name="token">Specifies the wrapping token ID.</param> /// <param name="options"></param> /// <returns></returns> public static async Task <ReadResponse <EmptyData> > RewrapDataAsync( this VaultClient client, string token, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(token)) { throw new ArgumentNullException(nameof(token)); } return(await((IProtocolSource)client).Protocol.SendPostAsync <ReadResponse <EmptyData> >( "sys/wrapping/rewrap", new { token }, options: options)); }
/// <summary> /// Lists the plugins in the catalog. /// </summary> /// <param name="client"></param> /// <param name="name">Specifies the name of the plugin to retrieve.</param> /// <param name="options"></param> /// <remarks> /// <para> /// <b><i>sudo required – This operation requires sudo capability in addition to any /// path-specific capabilities.</i></b> /// </para> /// </remarks> public static async Task <ReadResponse <PluginInfo> > ReadPluginAsync( this VaultClient client, string name, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(name)) { throw new ArgumentNullException(nameof(name)); } name = name.TrimStart('/'); return(await client.ReadAsync <ReadResponse <PluginInfo> >($"sys/plugins/catalog/{name}", options : options)); }
/// <summary> /// Removes the plugin with the given name. /// </summary> /// <param name="client"></param> /// <param name="name">Specifies the name of the plugin to delete.</param> /// <param name="options"></param> /// <remarks> /// <para> /// <b><i>sudo required – This operation requires sudo capability in addition to any /// path-specific capabilities.</i></b> /// </para> /// </remarks> public static async Task RemovePluginAsync( this VaultClient client, string name, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(name)) { throw new ArgumentNullException(nameof(name)); } name = name.TrimStart('/'); await client.DeleteAsync($"sys/plugins/catalog/{name}", options : options); }
/// <summary> /// Rads the given mount's configuration. Unlike the <see cref="ListMountedBackendsAsync" /// >mounts-listing routine</see>, this will return the current time in seconds /// for each TTL, which may be the system default or a mount-specific value. /// </summary> /// <param name="client"></param> /// <param name="path">Mount path to read configuration for.</param> /// <param name="options"></param> /// <returns></returns> public static async Task <ReadResponse <Dictionary <string, object> > > ReadMountConfigurationAsync( this VaultClient client, string path, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(path)) { throw new ArgumentNullException(nameof(path)); } path = path.Trim('/'); return(await client.ReadAsync <ReadResponse <Dictionary <string, object> > >( $"sys/mounts/{path}/tune", options : options)); }
public static async Task UnmountBackendAsync( this VaultClient client, string path, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(path)) { throw new ArgumentNullException(nameof(path)); } path = path.Trim('/'); await((IProtocolSource)client).Protocol.SendDeleteAsync <NoContentResponse>( $"sys/mounts/{path}", options: options); }
/// <summary> /// Returns a list of lease IDs. /// </summary> /// <param name="prefix">Optional prefix to filter the list of leases.</param> /// <remarks> /// <b><i>This operation requires 'sudo' capability.</i></b> /// </remarks> public static async Task <ReadResponse <KeysData> > ListLeasesAsync( this VaultClient client, string prefix = null, SystemBackendOptions options = null) { var path = "sys/leases/lookup/"; if (!string.IsNullOrEmpty(prefix)) { path += $"{prefix.TrimStart('/')}"; } return(await client.ListAsync <ReadResponse <KeysData> >(path, on404 : resp => null, options : options)); }
/// <summary> /// Revokes a lease immediately. /// </summary> /// <param name="client"></param> /// <param name="leaseId">Specifies the ID of the lease to revoke.</param> /// <param name="options"></param> public static async Task RevokeLeaseAsync( this VaultClient client, string leaseId, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(leaseId)) { throw new ArgumentNullException(nameof(leaseId)); } await((IProtocolSource)client).Protocol.SendPutAsync <NoContentResponse>( "sys/leases/revoke", new ReadLeaseRequest { LeaseId = leaseId, }, options: options); }
/// <summary> /// Retrieve lease metadata. /// </summary> /// <param name="client"></param> /// <param name="leaseId">Specifies the ID of the lease to lookup.</param> /// <param name="options"></param> public static async Task <LeaseInfo> ReadLeaseAsync( this VaultClient client, string leaseId, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(leaseId)) { throw new ArgumentNullException(nameof(leaseId)); } return(await((IProtocolSource)client).Protocol.SendPutAsync <LeaseInfo>( "sys/leases/lookup", new ReadLeaseRequest { LeaseId = leaseId }, options: options)); }
public static async Task TuneAuthBackendAsync(this VaultClient client, string authName, AuthBackendConfig config, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(authName)) { throw new ArgumentNullException(nameof(authName)); } if (config == null) { throw new ArgumentNullException(nameof(config)); } await((IProtocolSource)client).Protocol .SendPostAsync <NoContentResponse>($"sys/auth/{authName}/tune", config, options: options); }
/// <summary> /// Unwraps a wrapped response. /// </summary> /// <param name="client"></param> /// <param name="token">Specifies the wrapping token ID. This is required if the client /// token is not the wrapping token. Do not use the wrapping token in both locations.</param> /// <param name="options"></param> /// <remarks> /// <para> /// This endpoint returns the original response inside the given wrapping token. /// Unlike simply reading cubbyhole/response (which is deprecated), this endpoint /// provides additional validation checks on the token, returns the original value /// on the wire rather than a JSON string representation of it, and ensures that /// the response is properly audit-logged. /// </para><para> /// This endpoint can be used by using a wrapping token as the client token in the /// API call, in which case the token parameter is not required; or, a different /// token with permissions to access this endpoint can make the call and pass in /// the wrapping token in the token parameter. Do not use the wrapping token in /// both locations; this will cause the wrapping token to be revoked but the value /// to be unable to be looked up, as it will basically be a double-use of the token! /// </para> /// </remarks> public static async Task <ReadResponse <T> > UnwrapData <T>( this VaultClient client, string token = null, SystemBackendOptions options = null) { object payload; if (token == null) { payload = new {} } ; else { payload = new { token } }; return(await((IProtocolSource)client).Protocol.SendPostAsync <ReadResponse <T> >( "sys/wrapping/unwrap", payload, options: options)); }
/// <summary> /// Tunes configuration parameters for a given mount point. /// </summary> /// <param name="client"></param> /// <param name="path">Mount path to tune configuration for.</param> /// <param name="config">Configuration parameters to tune.</param> /// <param name="options"></param> /// <remarks> /// <para> /// Configuration parameters: /// <list> /// <item>default_lease_ttl</item> /// <description>(int: 0) – Specifies the default time-to-live. /// This overrides the global default. /// A value of 0 is equivalent to the system default TTL.</description> /// <item>max_lease_ttl</item> /// <description>(int: 0) – Specifies the maximum time-to-live. /// This overrides the global default. A value of 0 are equivalent /// and set to the system max TTL.</description> /// </list> /// </para> /// </remarks> public static async Task TuneMountConfigurationAsync( this VaultClient client, string path, Dictionary <string, object> config, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(path)) { throw new ArgumentNullException(nameof(path)); } if (config == null) { throw new ArgumentNullException(nameof(config)); } path = path.Trim('/'); await((IProtocolSource)client).Protocol.SendPostAsync <NoContentResponse>( $"sys/mounts/{path}", config, options: options); }
/// <summary> /// Remounts an already-mounted backend to a new mount point. /// </summary> /// <param name="client"></param> /// <param name="from">Specifies the previous mount point.</param> /// <param name="to">Specifies the new destination mount point.</param> /// <param name="options"></param> public static async Task RemountBackendAsync( this VaultClient client, string from, string to, SystemBackendOptions options = null) { if (string.IsNullOrEmpty(from)) { throw new ArgumentNullException(nameof(from)); } if (string.IsNullOrEmpty(to)) { throw new ArgumentNullException(nameof(to)); } from = from.Trim('/'); to = to.Trim('/'); await((IProtocolSource)client).Protocol.SendPostAsync <NoContentResponse>( $"sys/remount", new { from, to }, options: options); }
/// <summary> /// Wraps the given values in a response-wrapped token. /// </summary> /// <param name="client"></param> /// <param name="data">Parameters should be supplied as keys/values in a dictionary or /// custom user object. The exact set of given parameters will be contained in the /// wrapped response.</param> /// <param name="options"></param> public static async Task <ReadResponse <EmptyData> > WrapDataAsync( this VaultClient client, object data, Duration?wrapTtl = null, SystemBackendOptions options = null) { if (data == null) { throw new ArgumentNullException(nameof(data)); } if (!wrapTtl.HasValue && !(options?.WrapTtl.HasValue).HasValue) { throw new ArgumentNullException(nameof(wrapTtl), "wrapping TTL must be specified in either parameter or options property"); } if (wrapTtl.HasValue && (options?.WrapTtl.HasValue).HasValue) { throw new ArgumentException(nameof(wrapTtl), "wrapping TTL cannot be specified in both parameter and options property"); } CallOptions co = options; if (co == null) { co = new CallOptions { WrapTtl = wrapTtl } } ; return(await((IProtocolSource)client).Protocol.SendPostAsync <ReadResponse <EmptyData> >( "sys/wrapping/wrap", data, options: co)); }