private IAuthMethodInfo CreateAuthMethod(VaultAuthConfiguration authConfiguration) { var provider = authConfiguration.Provider?.ToLower() ?? throw new ArgumentException("Key 'Auth:Provider' is invalid."); switch (provider) { case "approle": var roleId = authConfiguration.AppRole.RoleId ?? throw new ArgumentException("Key 'Auth:AppRole:RoleId' is invalid."); var secretId = authConfiguration.AppRole.SecretId ?? throw new ArgumentException("Key 'Auth:AppRole:SecretId' is invalid."); var mountPoint = authConfiguration.AppRole.MountPath ?? throw new ArgumentException("Key 'Auth:AppRole:MountPath' is invalid."); return(new AppRoleAuthMethodInfo(mountPoint, roleId, secretId)); default: throw new ArgumentException($"Auth provider '{provider}' is invalid."); } }
public TransitKeyProvider(ILogger <TransitKeyProvider> logger, ShepherdConfiguration configuration, VaultClientFactory vaultClientFactory) { _logger = logger; _vaultClientFactory = vaultClientFactory; var transit = configuration.Unsealing.Transit; _address = transit.Address ?? throw new ArgumentException("Key 'Unsealing:Transit:Address' is invalid."); _keyName = transit.KeyName ?? throw new ArgumentException("Key 'Unsealing:Transit:KeyName' is invalid."); _mountPath = transit.MountPath ?? throw new ArgumentException("Key 'Unsealing:Transit:MountPath' is invalid."); _wrappedKeys = transit.WrappedKeys; _hostname = transit.Hostname; _auth = transit.Auth; vaultClientFactory.AssertValidConfiguration(transit.Auth); if (!_wrappedKeys.Any()) { throw new ArgumentException("Key 'Unsealing:Transit:WrappedKeys' is invalid."); } }
public IVaultClient CreateClient(Uri address, VaultAuthConfiguration authConfiguration, string?expectedHostname) { return(CreateCreate(address, CreateAuthMethod(authConfiguration), expectedHostname)); }
public void AssertValidConfiguration(VaultAuthConfiguration authConfiguration) { CreateAuthMethod(authConfiguration); }