public InstallVaultCmd(
SshStep pstep,
CmdVault cmdVault,
IVaultSealKeys vaultSealKeys)
{
this.pstep = pstep;
this.cmdVault = cmdVault;
this.vaultSealKeys = vaultSealKeys;
}
public DevOpConfigureVault(
ListAsk listAsk,
IStoreResolver storeResolver,
Installer installer,
IVaultSealKeys vaultSealKeys
)
{
this.listAsk = listAsk;
this.storeResolver = storeResolver;
this.installer = installer;
this.vaultSealKeys = vaultSealKeys;
}
public void InstallVaultNoTls(ICommandExecute execute, IVaultSealKeys vaultSealKeys)
{
var vaultLocalConfig = "{\"backend\":{\"file\":{\"path\":\"/vault/file\"}}, \"listener\":{\"tcp\":{\"address\":\"0.0.0.0:8200\", \"tls_disable\":\"1\"}}}";
var env =
" -e 'VAULT_LOCAL_CONFIG=" + vaultLocalConfig + "'"
+ " -e 'VAULT_ADDR=http://127.0.0.1:8200'"
+ " -e 'VAULT_REDIRECT_ADDR=http://127.0.0.1:8201' ";
var volumes = "";
//var commandline = "docker run --cap-add=IPC_LOCK -d " + env + " -p 127.0.0.1:8200:8200 --name=dev-vault vault server";
var commandline = "docker run --cap-add=IPC_LOCK -d " + env + volumes + " -p 8200:8200 --name=dev-vault vault server";
Console.WriteLine(commandline);
execute.Command(commandline);
Thread.Sleep(3000);
var initResponse = execute.Command("curl --request PUT --data '{\"secret_shares\":5, \"secret_threshold\":3}' http://localhost:8200/v1/sys/init");
dynamic initResult = JObject.Parse(initResponse);
//var lines = initResult.Split(new string[]{"\n"}, StringSplitOptions.RemoveEmptyEntries);
//var sealkeysLines = lines.Where(l => l.StartsWith("Unseal Key")).ToList();
//var sealkeys = sealkeysLines.Select(s => s.Substring("Unseal Key 1: ".Length)).ToList();
var sealkeys = new List <string>();
for (var i = 0; i < 5; ++i)
{
sealkeys.Add((string)initResult.keys[i]);
}
vaultSealKeys.SetSealKeys(sealkeys);
//var rootTokenLine = lines.First(l => l.StartsWith("Initial Root Token: "));
//var rootToken = rootTokenLine.Substring("Initial Root Token: ".Length);
var rootToken = (string)initResult.root_token;
vaultSealKeys.SetRootToken(rootToken);
string unseal = "";
for (var i = 0; i < 3; ++i)
{
//var cmd = "docker exec dev-vault vault operator unseal " + sealkeys[i];
var key = sealkeys[i];
unseal = execute.Command("curl --request PUT --data '{\"key\": \"" + key + "\"}' http://localhost:8200/v1/sys/unseal");
}
var header = " --header \"X-Vault-Token: " + rootToken + "\" ";
// create a test user password
var data = " --data '{\"type\": \"userpass\", \"description\": \"Login with user password\"}' ";
var enableAuthCmd = "curl " + header + " --request PUT " + data + " http://127.0.0.1:8200/v1/sys/auth/userpass ";
Console.WriteLine(enableAuthCmd);
var enableAuthResponse = execute.Command(enableAuthCmd);
var capabilities = "capabilities = [\\\"create\\\", \\\"read\\\", \\\"update\\\", \\\"delete\\\", \\\"list\\\"]";
data = " --data '{\"policy\": \"path \\\"secret/test\\\" { " + capabilities + " }\"}' ";
var policyCmd = "curl " + header + " --request PUT " + data + " http://127.0.0.1:8200/v1/sys/policy/test-policy ";
Console.WriteLine(policyCmd);
var policyResponse = execute.Command(policyCmd);
data = " --data '{\"password\": \"test\", \"policies\": \"test-policy\" }' ";
var userCmd = "curl " + header + " --request POST " + data + " http://127.0.0.1:8200/v1/auth/userpass/users/test ";
Console.WriteLine(userCmd);
execute.Command(userCmd);
}
