/// <summary>
/// Initializes a new instance of the <see cref="Conjur.Resource"/> class.
/// </summary>
/// <param name="client">Conjur client used to manipulate this resource.</param>
/// <param name="kind">Resource kind.</param>
/// <param name="id">Resource identifier.</param>
internal Resource(Client client, string kind, string id)
{
this.Client = client;
this.kind = kind;
this.id = id;
}
/// <summary>
/// Initializes a new instance of the <see cref="Conjur.Variable"/> class.
/// </summary>
/// <param name="client">Conjur client to use to connect.</param>
/// <param name="name">The variable name.</param>
/// <seealso cref="Extensions.Variable"/>
internal Variable(Client client, string name)
: base(client, "variable", name)
{
this.path = "variables/" + WebUtility.UrlEncode(name);
}
// this example shows how to use the Conjur .NET api to
// login, get a secret value, & check a permission
// the credentials are passed as arguments.
// Credentials are typically a hostId and api_key or
// userId and password
static void Main(string[] args)
{
if (args.Length < 6)
{
Console.WriteLine("Usage: Example <applianceHostName> <applianceCertificatePath> <username> <password> <variableId> <hostFactoryToken>");
return;
}
string applianceName = args[0];
string certPath = args[1];
string username = args[2];
string password = args[3];
string variableId = args[4];
string token = args[5];
// Instantiate a Conjur Client object.
// parameter: applianceUri - conjur appliance URI (including /api)
// return: Client object - if URI is incorrect errors thrown when used
string uri = String.Format("https://{0}/api", applianceName);
var conjurClient = new Client(uri);
// If the Conjur root certificate is not in the system trust store,
// add it as trusted explicitly
if (certPath.Length > 0)
conjurClient.TrustedCertificates.ImportPem(certPath);
// Login with Conjur userid and password,
// or hostid and api_key, etc
// parameters: username - conjur user or host id for example
// password - conjur user password
try
{
conjurClient.LogIn(username, password);
Console.WriteLine("Logged in as '{0}' to '{1}'", username, applianceName);
}
catch (Exception e)
{
Console.WriteLine("Authentication failed. An exception occurred '{0}'", e);
// to log in with an API key use it directly, ie.
var apiKey = password;
conjurClient.Credential = new NetworkCredential(username, apiKey);
}
// Check if this user has permission to get the value of variableId
// That requires exectue permissions on the variable
// Instantiate a Variable object
// name - the name of the variable
var conjurVariable = conjurClient.Variable(variableId);
// Check if the current user has "execute" privilege required to get
// the value of the variable
// parameters: privilege - string name of the priv to check for
try
{
bool isAllowed = conjurVariable.Check("execute");
if (!isAllowed)
{
Console.WriteLine("You do not have permissions to get the value of '{0}'", variableId);
}
else
{
string value = conjurVariable.GetValue();
Console.WriteLine("'{0}' has the value: '{1}'", variableId, value);
}
}
catch (Exception e)
{
Console.WriteLine("Permission check failed. An exception occurred '{0}'", e);
}
// Create a host and get the apiKey
// parameters: hostName - the name of the new Conjur host identity
try
{
// Use a hostfactory token to create a host
// This example assumes the host factory token was created through
// the UI or CLI and passed to this application. Read more
// about HostFactory on developer.conjur.net
string hostname = String.Format("exampleHost{0}", System.DateTime.Now.ToString("yyyMMddHHmmss"));
Host host = conjurClient.CreateHost(hostname, token);
Console.WriteLine("Created host: {0}, apiKey: {1}", host.Id, host.ApiKey);
// now you can log in as the host
conjurClient.Credential = host.Credential;
}
catch (Exception e)
{
Console.WriteLine("Failed to create a host. An exception occurred '{0}'", e);
}
}
public HostFactoryToken(Client client, string token)
{
this.client = client;
this.token = token;
}
