/// <summary>
/// Creates a Vault instance and connects it with either the default testing token or the specified token
/// </summary>
/// <param name="name">Name to be given to this Vault object</param>
/// <param name="overrideToken">The TokenId to use if you do not wish to use the default testing token</param>
/// <returns></returns>
public static async Task <VaultAgentAPI> ConnectVault(string name, string overrideToken = "")
{
vaultURI = new Uri("http://" + ipAddress + ":" + ipPort);
VaultAgentAPI vault = new VaultAgentAPI(name, vaultURI);
string thisToken;
if (overrideToken != string.Empty)
{
thisToken = overrideToken;
}
else
{
thisToken = rootToken;
}
TokenLoginConnector loginConnector = new TokenLoginConnector(vault, "Testing", thisToken, TokenAuthEngine.TOKEN_DEFAULT_MOUNT_NAME);
bool success = await loginConnector.Connect();
if (!success)
{
throw new ApplicationException("Error connecting to the Vault Instance using Token " + thisToken);
}
return(vault);
}
public async Task TokenLogin_InvalidToken()
{
// Load engine and create a token
VaultAgentAPI vault = new VaultAgentAPI("LoginConnVault", VaultServerRef.vaultURI);
// TODO this test is not valid. We kind of already test it, because every Test requires a connection to Vault which we do in the VaultServerSetup Class.
TokenLoginConnector tlc = new TokenLoginConnector(vault, "Token Connector");
tlc.TokenId = "bbnbb";
bool success = await tlc.Connect();
Assert.IsFalse(success);
/*
*
*
* TokenAuthEngine tokenAuthEngine = (TokenAuthEngine)_vault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
*
* TokenNewSettings tokenSettings = new TokenNewSettings();
* tokenSettings.Name = "Test";
* tokenSettings.IsRenewable = false;
* tokenSettings.NumberOfUses = 4;
*
* Token token = await tokenAuthEngine.CreateToken(tokenSettings);
* TokenLoginConnector lc = new TokenLoginConnector(_vault,tokenAuthEngine.MountPoint,tokenAuthEngine.Name);
* lc.TokenId = token.ID;
* Assert.IsTrue(await lc.Connect());
*/
Assert.IsTrue(true);
}
public async Task TokenLogin_ValidToken()
{
TokenLoginConnector tlc = new TokenLoginConnector(_vault, "Token Connector Good");
tlc.TokenId = VaultServerRef.rootToken;
bool success = await tlc.Connect();
Assert.IsTrue(success);
}
public async Task Run()
{
TokenLoginConnector loginConnector = new TokenLoginConnector(_vault, "ClientSysBE", _token, TokenAuthEngine.TOKEN_DEFAULT_MOUNT_NAME);
bool success = await loginConnector.Connect();
_vaultSystemBackend = new VaultSystemBackend(_vault.TokenID, _vault);
await PolicyCreateExamples();
await PolicyReadExamples();
await PolicyListExamples();
await PolicyDeleteExamples();
}
public async Task NormalLogin()
{
// SETUP
// We need our own vault since we will be manipulating the token value
VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest");
TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token);
// Need a Token Role so we can autogenerate a token
TokenRole tokenRole = new TokenRole();
UniqueKeys UK = new UniqueKeys("", ""); // Unique Key generator
tokenRole.Name = UK.GetKey();
await ourTokenAuthEngine.SaveTokenRole(tokenRole);
string tokenName = "Name" + tokenRole.Name;
TokenNewSettings tokenNewSettings = new TokenNewSettings()
{
Name = tokenName,
NumberOfUses = 6,
NoParentToken = true,
RoleName = tokenRole.Name
};
Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings);
Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value.");
// Read the token we just created.
//Token token = await _tokenAuthEngine.GetTokenWithID(tokenID);
Assert.IsNotNull(token, "A20: No Token returned. Was expecting one.");
VaultAgentAPI vault2 = await VaultServerRef.ConnectVault("TokenLoginTest");
TokenLoginConnector loginConnector = new TokenLoginConnector(vault2, "test");
loginConnector.TokenId = token.ID;
Assert.IsTrue(await loginConnector.Connect(), "A30: Login Failed");
}
public async Task Setup()
{
string rootToken = "tokenA";
string ip = "127.0.0.1";
int port = 47002;
Uri vaultURI = new Uri("http://" + ip + ":" + port);
// Connect to Vault, add an authentication backend of AppRole.
_vaultAgent = new VaultAgentAPI("Vault", vaultURI);
TokenLoginConnector loginConnector = new TokenLoginConnector(_vaultAgent, "Token Authenticator", rootToken);
await CreateBackendMounts();
_appRoleAuthEngine = (AppRoleAuthEngine)_vaultAgent.ConnectAuthenticationBackend(EnumBackendTypes.A_AppRole, _beAuthName, _beAuthName);
_secretEngine = (KV2SecretEngine)_vaultAgent.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, "Benchmarking KV2 Secrets", _beKV2Name);
await SetupRoles();
}
public async Task Run(bool runRotateTest = false, bool runRekeyTest = true)
{
TokenLoginConnector loginConnector = new TokenLoginConnector(_vault, "ClientSysBE", TokenAuthEngine.TOKEN_DEFAULT_MOUNT_NAME);
bool success = await loginConnector.Connect();
TB = (TransitSecretEngine)_vault.ConnectToSecretBackend(VaultAgent.Backends.System.EnumSecretBackendTypes.Transit, "transit", "transit");
try {
Console.WriteLine("Running thru Vault TransitSecretEngine exercises.");
string eKey = Guid.NewGuid().ToString();
// Create an Encryption Key:
//Run_CreateKey("keyA");
//await Run_DeleteKey();
//await Run_BulkOps();
// List Keys
List <string> transitKeys = await Run_ListKeys();
// Read a key
await Run_ReadKey(eKey);
// Encrypt Single Item
Console.WriteLine("Encrypting a single item.");
await Run_EncryptData(eKey);
}
catch (Exception e) {
Console.WriteLine("Errors - {0}", e.Message);
Console.WriteLine(" Full Exception is:");
Console.WriteLine(e.ToString());
}
}
public static async Task Main(string[] args)
{
string rootToken;
string ip;
int port;
// Use local dev server.
rootToken = "tokenA";
ip = "127.0.0.1";
port = 16100;
// Connect to Vault, add an authentication backend of AppRole.
Uri vaultURI = new Uri("http://" + ip + ":" + port);
VaultAgentAPI vaultAgent = new VaultAgentAPI("VaultClient", vaultURI);
TokenLoginConnector loginConnector = new TokenLoginConnector(vaultAgent, "Client", rootToken, TokenAuthEngine.TOKEN_DEFAULT_MOUNT_NAME);
bool success = await loginConnector.Connect();
//VaultAgentAPI vaultAgent = await VaultServerRef.ConnectVault("AppRoleVault");
//new VaultAgentAPI("Vault", ip, port, rootToken, true);
InitiateVault initiateVault = new InitiateVault(vaultAgent);
await initiateVault.WipeVault();
await initiateVault.InitialSetup();
// This Client Requires AD Credentials
string config = await initiateVault.GetConfig();
await initiateVault.Login();
// Run the Policy Secret Tutorial Example
PolicyRoleSecurityExample policySecretExample = new PolicyRoleSecurityExample(vaultAgent);
await policySecretExample.Run();
// Sample Scenarios determine which of the below to run.
// 1 = Optimize Scenario
// 2 = AppRole Scenario
// 3 = System Backend Scenario
// 4 = Transit Scenario
int runSampleScenario = 4;
// Perform optimize tests
switch (runSampleScenario)
{
case 1:
OptimizeTests optimize = new OptimizeTests(vaultAgent);
await optimize.Run();
break;
case 2:
VC_AppRoleAuthEngine roleBE = new VC_AppRoleAuthEngine(vaultAgent);
await roleBE.Run();
break;
case 3:
// System Backend Examples:
VaultClient_SystemBackend sysBE = new VaultClient_SystemBackend(rootToken, ip, port);
await sysBE.Run();
break;
case 4:
// Transit Backend
string transitDB = "transit";
VaultClient_TransitBackend transit = new VaultClient_TransitBackend(rootToken, ip, port, transitDB);
await transit.Run();
break;
}
Console.WriteLine("Finished with all sample runs.");
Console.WriteLine(" -- Press any key to exit program.");
Console.ReadKey();
}
