/// <summary>
/// Opens a Vault connection using Vault AppRole credentials.
/// </summary>
/// <param name="uri">The Vault server URI.</param>
/// <param name="roleId">The role ID.</param>
/// <param name="secretId">The secret ID.</param>
/// <returns>The <see cref="VaultClient"/>.</returns>
public static VaultClient OpenWithAppRole(Uri uri, string roleId, string secretId)
{
Covenant.Requires <ArgumentNullException>(uri != null);
Covenant.Requires <ArgumentNullException>(!string.IsNullOrEmpty(roleId));
Covenant.Requires <ArgumentNullException>(!string.IsNullOrEmpty(secretId));
var vaultClient = new VaultClient(uri);
dynamic loginPayload = new ExpandoObject();
loginPayload.role_id = roleId;
loginPayload.secret_id = secretId;
var loginResponse = vaultClient.jsonClient.PostAsync($"/{vaultApiVersion}/auth/approle/login", loginPayload).Result.AsDynamic();
vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", (string)loginResponse.auth.client_token);
// $todo(jeff.lill):
//
// This should be set from config. See issue:
//
// https://github.com/jefflill/NeonForge/issues/253
vaultClient.AllowSelfSignedCertificates = true;
return(vaultClient);
}
//---------------------------------------------------------------------
// Static members
/// <summary>
/// Opens a Vault connection using <see cref="HiveCredentials"/>.
/// </summary>
/// <param name="uri">The Vault server URI.</param>
/// <param name="credentials">The Vault credentials.</param>
/// <returns>The <see cref="VaultClient"/>.</returns>
public static VaultClient OpenWithToken(Uri uri, HiveCredentials credentials)
{
Covenant.Requires <ArgumentNullException>(uri != null);
Covenant.Requires <ArgumentNullException>(credentials != null);
var vaultClient = new VaultClient(uri);
switch (credentials.Type)
{
case HiveCredentialsType.VaultToken:
vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", credentials.VaultToken);
break;
case HiveCredentialsType.VaultAppRole:
dynamic loginPayload = new ExpandoObject();
loginPayload.role_id = credentials.VaultRoleId;
loginPayload.secret_id = credentials.VaultSecretId;
var loginResponse = vaultClient.jsonClient.PostAsync($"/{vaultApiVersion}/auth/approle/login", loginPayload).Result.AsDynamic();
vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", (string)loginResponse.auth.client_token);
break;
default:
throw new NotImplementedException($"Credentials type: {credentials.Type}");
}
// $todo(jeff.lill):
//
// This should be set from config. See issue:
//
// https://github.com/jefflill/NeonForge/issues/253
vaultClient.AllowSelfSignedCertificates = true;
return(vaultClient);
}
/// <summary>
/// Opens a Vault connection with an optional Vault token.
/// </summary>
/// <param name="uri">The Vault server URI.</param>
/// <param name="token">The optional token.</param>
/// <returns>The <see cref="VaultClient"/>.</returns>
/// <remarks>
/// <note>
/// You may pass <paramref name="token"/> as <c>null</c> if you only need to
/// make requests to insecure endpoints.
/// </note>
/// </remarks>
public static VaultClient OpenWithToken(Uri uri, string token = null)
{
Covenant.Requires <ArgumentNullException>(uri != null);
var vaultClient = new VaultClient(uri);
if (!string.IsNullOrEmpty(token))
{
vaultClient.jsonClient.DefaultRequestHeaders.Add("X-Vault-Token", token);
}
// $todo(jeff.lill):
//
// This should be set from config. See issue:
//
// https://github.com/jefflill/NeonForge/issues/253
vaultClient.AllowSelfSignedCertificates = true;
return(vaultClient);
}
/// <summary>
/// Releases all resources associated with the instance.
/// </summary>
public void Dispose()
{
lock (syncRoot)
{
if (client != null)
{
try
{
client.Dispose();
}
catch (ObjectDisposedException)
{
// Intentionally ignoring these.
}
finally
{
client = null;
}
}
}
GC.SuppressFinalize(this);
}
