protected string ResolveToken(VaultProfile profile = null) { // Resolve Vault Token var token = VaultToken ?? profile?.VaultToken; if (string.IsNullOrEmpty(token) && !base.MyInvocation.BoundParameters.ContainsKey(nameof(VaultToken))) { WriteVerbose("Trying to resolve Vault Token from env"); token = Environment.GetEnvironmentVariable(Global.CliVaultTokenEnvName); if (string.IsNullOrWhiteSpace(token)) { var cliTokenCacheFile = base.InvokeCommand.ExpandString(Global.CliVaultTokenCacheFile); if (File.Exists(cliTokenCacheFile)) { WriteVerbose($"Trying to load Vault Token from CLI user token cache file [{cliTokenCacheFile}]"); token = File.ReadAllText(cliTokenCacheFile)?.Trim(); } } } if (!string.IsNullOrWhiteSpace(token)) { WriteVerbose("Using Vault Token"); } return(token); }
#pragma warning disable CS1591 // Missing XML comment for publicly visible type or member protected override void EndProcessing() { VaultProfile vp = null; if (!string.IsNullOrEmpty(VaultProfile)) { vp = Global.GetVaultProfile(this, VaultProfile); } var addr = VaultAddress ?? vp?.VaultAddress; var token = VaultToken ?? vp?.VaultToken; Global.SetVaultProfile(this, SaveAs, Remove.IsPresent, Force.IsPresent, addr, token, Label); }
public static void SetVaultProfile(PSCmdlet ctx, string name, bool Remove = false, bool force = false, string vaultAddress = null, string vaultToken = null, string label = null) { var profileDir = ctx.InvokeCommand.ExpandString(Global.VaultProfilesDir); ctx.WriteVerbose($"Resolved user profiles root directory [{profileDir}]"); var profileFile = Path.Combine(profileDir, string.Format(Global.VaultProfileFileFormat, name)); ctx.WriteVerbose($"Resolved user profile file [{profileFile}]"); if (Remove) { if (File.Exists(profileFile)) { ctx.WriteVerbose("Removing profile file"); File.Delete(profileFile); } } else { if (!Directory.Exists(profileDir)) { // TODO: need to provide a default Directory ACL to // protect the profiles directory ctx.WriteVerbose("Creating user profiles root directory"); Directory.CreateDirectory(profileDir); } if (File.Exists(profileFile) && !force) { throw new Exception("Existing profile found, use -Force to overwrite"); } var vp = new VaultProfile { Label = label, VaultAddress = vaultAddress, VaultToken = vaultToken, }; ctx.WriteVerbose("Saving VaultProfile to file"); File.WriteAllText(profileFile, JsonConvert.SerializeObject(vp)); } }
#pragma warning disable CS1591 // Missing XML comment for publicly visible type or member /// <summary> /// Resolves a Vault Client instance based on the common parameters passed into /// this cmdlet instance, the current environment (variables), and the context /// of the invocation, such as user-specific Vault CLI cache and configuration /// files, and PowerShell configuration, such as profiles. /// </summary> /// <returns></returns> protected IVaultClient ResolveVaultClient() { VaultProfile profile = null; _session = VaultSession as VaultSession; if (_session == null) { // First see if user specified a named profile if (!string.IsNullOrEmpty(VaultProfile)) { profile = Global.GetVaultProfile(this, VaultProfile); if (profile == null) { throw new FileNotFoundException($"missing user profile [{VaultProfile}]"); } } else { // Then default to possible default profile, may be null profile = Global.GetVaultProfile(this, Global.DefaultVaultProfileName); } var address = ResolveAddress(profile); var token = ResolveToken(profile); WriteVerbose($"Creating Vault Session with address [{address}]"); _session = new VaultSession(address, token); } _client = _session.VaultClient; // Make sure TLS1.2 is enabled as that's often a requirement with Vault Server if (!ServicePointManager.SecurityProtocol.HasFlag(SecurityProtocolType.Tls12)) { WriteVerbose("Enabling TLS 1.2 support, typically required for Vault"); System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12; } return(_client); }
protected string ResolveAddress(VaultProfile profile = null) { // Resolve Vault Address var address = VaultAddress ?? profile?.VaultAddress; if (string.IsNullOrWhiteSpace(address)) { WriteVerbose("Trying to resolve Vault address from env"); address = Environment.GetEnvironmentVariable(Global.CliVaultAddressEnvName); } var addressCacheFile = base.InvokeCommand.ExpandString(Global.VaultAddressCacheFile); if (string.IsNullOrWhiteSpace(address)) { if (File.Exists(addressCacheFile)) { WriteVerbose($"Trying to load Vault address from user address cache file [{addressCacheFile}]"); address = File.ReadAllText(addressCacheFile)?.Trim(); } } else if (base.MyInvocation.BoundParameters.ContainsKey(nameof(VaultAddress))) { WriteVerbose($"Saving manually-specified Vault address to user cache file [{addressCacheFile}]"); File.WriteAllText(addressCacheFile, address); } // Absolute last resort -- assume the default address for a local DEV address if (string.IsNullOrWhiteSpace(address)) { WriteVerbose("Defaulting to local dev Vault address"); address = "http://127.0.0.1:8200"; } return(address); }