public async void PartialUnsealAfterInit()
{
var unsealKeys = TestUnsealKeys.ToArray();
using (var client = new VaultClient(TestVaultAddress))
{
var sealStatus = await client.GetSealStatusAsync();
//Assert.Equal(0, sealStatus.Progress);
Assert.Equal(true, sealStatus.Sealed);
Assert.Equal(unsealKeys.Length, sealStatus.SecretShares);
Assert.True(sealStatus.SecretShares > sealStatus.SecretThreshold);
var partialKeys = unsealKeys.Take(sealStatus.SecretThreshold - 1);
foreach (var key in partialKeys)
{
sealStatus = await client.DoUnsealAsync(new UnsealRequest { Key = key });
Assert.Equal(1, sealStatus.Progress);
Assert.Equal(true, sealStatus.Sealed);
Assert.Equal(unsealKeys.Length, sealStatus.SecretShares);
Assert.Equal(partialKeys.Count(), sealStatus.SecretThreshold - 1);
}
sealStatus = await client.DoUnsealAsync(new UnsealRequest { Reset = true });
Assert.Equal(0, sealStatus.Progress);
Assert.Equal(true, sealStatus.Sealed);
Assert.Equal(unsealKeys.Length, sealStatus.SecretShares);
Assert.Equal(partialKeys.Count(), sealStatus.SecretThreshold - 1);
}
}
public async void GetLeaderStatusBeforeInit()
{
using (var client = new VaultClient(TestVaultAddress))
{
var leaderStatus = await client.GetLeaderAsync();
}
}
public async void ResetUnsealAfterInit()
{
using (var client = new VaultClient(TestVaultAddress))
{
await client.DoUnsealAsync(new UnsealRequest { Reset = true });
}
}
public async void MountRemountUnmountBackend()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var list = await client.ListMountedBackendsAsync();
Assert.DoesNotContain("test-generic/", list.Data.Keys);
await client.MountBackendAsync("test-generic", "generic", "TEST GENERIC MOUNT");
list = await client.ListMountedBackendsAsync();
Assert.Contains("test-generic/", list.Data.Keys);
Assert.Equal("generic", list.Data["test-generic/"].Type);
await client.RemountBackendAsync("test-generic", "new-test-generic");
list = await client.ListMountedBackendsAsync();
Assert.DoesNotContain("test-generic/", list.Data.Keys);
Assert.Contains("new-test-generic/", list.Data.Keys);
Assert.Equal("generic", list.Data["new-test-generic/"].Type);
await client.UnmountBackendAsync("new-test-generic");
list = await client.ListMountedBackendsAsync();
Assert.DoesNotContain("test-generic/", list.Data.Keys);
Assert.DoesNotContain("new-test-generic/", list.Data.Keys);
}
}
public async void GetInitStatusBeforeInit()
{
using (var client = new VaultClient(TestVaultAddress))
{
var initStatus = await client.GetInitializationStatusAsync();
Assert.Equal(false, initStatus.Initialized);
}
}
public async void WriteSecretUsingDictionary()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
await client.WriteGenericSecretAsync("foo1", SampleSecrets1);
}
}
public async void WriteSecretUsingObject()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
await client.WriteGenericSecretAsync("foo2", SampleSecrets2);
}
}
public async void GetHelpForReadSecret()
{
using (var client = new VaultClient(TestVaultAddress)
{
VaultToken = TestRootToken,
})
{
var help = await client.GetHelpAsync("secret/foo-bar");
}
}
public async void GetHealthBeforeInit()
{
using (var client = new VaultClient(TestVaultAddress))
{
var health = await client.GetHealthAsync();
Assert.Equal(false, health.Initialized);
Assert.Equal(true, health.Sealed);
Assert.Equal(true, health.Standby);
}
}
public async void GetSealStatusBeforeInit()
{
using (var client = new VaultClient(TestVaultAddress))
{
var ex = await Assert.ThrowsAsync <VaultClientException>(
async() => await client.GetSealStatusAsync());
Assert.Equal(HttpStatusCode.BadRequest, ex.StatusCode);
Assert.Equal("server is not yet initialized", ex.Errors?.Errors?.FirstOrDefault());
}
}
public async void GetKeyStatusBeforeInit()
{
using (var client = new VaultClient(TestVaultAddress))
{
var ex = await Assert.ThrowsAsync <VaultClientException>(
async() => await client.GetKeyStatusAsync());
Assert.Equal(HttpStatusCode.ServiceUnavailable, ex.StatusCode);
Assert.Equal("Vault is sealed", ex.Errors?.Errors?.FirstOrDefault());
}
}
public async void ListUsersBeforeAdd()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var users = await client.ListUserpassUsersAsync();
Assert.Equal(0, (users?.Data?.Keys?.Count()).GetValueOrDefault());
}
}
public async void ListNoSecrets()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var list = await client.ListGenericSecretsAsync();
Assert.Equal(0, (list?.Data?.Keys?.Where(x =>
new[] { "foo1", "foo2" }.Contains(x))?.Count()).GetValueOrDefault());
}
}
public async void ReadPlugin()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
// Query for a plugin we expect to be there in a default setup
var info = await client.ReadPluginAsync("mssql-database-plugin");
Assert.Equal("mssql-database-plugin", info.Data.Name);
}
}
public async void ConfirmUserpassAuthIsEnabled()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var auths = await client.ListAuthBackendsAsync();
var expectedMount = $"{UserpassAuthExtensions.DefaultMountName}/";
Assert.Contains(expectedMount, auths.Data.Keys);
}
}
public async void CreateUser()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
await client.CreateUserpassUserAsync("foo", "bar");
var users = await client.ListUserpassUsersAsync();
Assert.Contains("foo", users.Data.Keys);
}
}
public async void WriteAribtraryBytes()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var bytes = new byte[] { 0, 1, 2, 3, 4, 5 };
var ex = await Assert.ThrowsAsync <VaultClientException>(
async() => await client.WriteAsync("secret/secret-o-bytes", bytes));
Assert.Equal(HttpStatusCode.BadRequest, ex.StatusCode);
}
}
public async void ReadNoSuchPlugin()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
// Query for a plugin we expect to be there in a default setup
var ex = await Assert.ThrowsAsync <VaultClientException>(async() =>
await client.ReadPluginAsync("no-such-plugin"));
Assert.Equal(HttpStatusCode.NotFound, ex.StatusCode);
}
}
public async void GetSealStatusAfterUnseal()
{
var unsealKeys = TestUnsealKeys.ToArray();
using (var client = new VaultClient(TestVaultAddress))
{
var sealStatus = await client.GetSealStatusAsync();
Assert.Equal(0, sealStatus.Progress);
Assert.Equal(false, sealStatus.Sealed);
Assert.Equal(unsealKeys.Length, sealStatus.SecretShares);
Assert.True(sealStatus.SecretShares > sealStatus.SecretThreshold);
}
}
public async void DeleteUser()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
await client.DeleteUserpassUserAsync("foo");
var users = await client.ListUserpassUsersAsync();
Assert.False((users?.Data?.Keys?.Contains("foo")).GetValueOrDefault(),
"Deleted user does not exist");
}
}
public async void RegisterNoSuchPlugin()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
// Query for a plugin we expect to be there in a default setup
var ex = await Assert.ThrowsAsync <VaultClientException>(async() =>
await client.RegisterPluginAsync("no-such-plugin",
MockPluginSha256, "no-such-plugin.exe"));
Assert.Equal(HttpStatusCode.InternalServerError, ex.StatusCode);
}
}
public async void DeleteNonExistingUser()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var nonUser = "******";
var users = await client.ListUserpassUsersAsync();
Assert.False((users?.Data?.Keys?.Contains(nonUser)).GetValueOrDefault(),
"Deleted user does not exist");
await client.DeleteUserpassUserAsync(nonUser);
}
}
public async void SealAfterUnseal()
{
var rootToken = TestConfig.RootTokens[TestConfig.TestVaultAddress];
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = rootToken;
await client.DoSealAsync();
var sealStatus = await client.GetSealStatusAsync();
Assert.Equal(0, sealStatus.Progress);
Assert.Equal(true, sealStatus.Sealed);
}
}
public async void WriteSecretWithoutAuth()
{
using (var client = new VaultClient(TestVaultAddress))
{
var ex = await Assert.ThrowsAsync <VaultClientException>(async() =>
await client.WriteAsync("secret/any-place-we-choose", new
{
a = 1,
B = 2,
}));
Assert.Equal(HttpStatusCode.BadRequest, ex.StatusCode);
Assert.Equal("missing client token", ex.Errors?.Errors?.FirstOrDefault());
}
}
public async void WriteSecret()
{
using (var client = new VaultClient(TestVaultAddress)
{
VaultToken = TestRootToken,
})
{
await client.WriteAsync("secret/foo2", new
{
a = 1,
B = "Two",
c = DateTime.Now,
DDD = Encoding.UTF8.GetBytes("Hello World!!!"),
});
}
}
public async void MountOverlapPrevented()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var mounts = await client.ListMountedBackendsAsync();
Assert.DoesNotContain("a/", mounts.Data.Keys);
Assert.DoesNotContain("a/b/", mounts.Data.Keys);
Assert.DoesNotContain("a/b/c/", mounts.Data.Keys);
Assert.DoesNotContain("a/b/c/d/", mounts.Data.Keys);
Assert.DoesNotContain("a/b/c/d/e/", mounts.Data.Keys);
Assert.DoesNotContain("a/b/c/d/e/f/", mounts.Data.Keys);
try
{
await client.MountBackendAsync("a/b/c", "generic");
mounts = await client.ListMountedBackendsAsync();
Assert.Contains("a/b/c/", mounts.Data.Keys);
var ex = await Assert.ThrowsAsync <VaultClientException>(
async() => await client.MountBackendAsync("a/b/c/d", "generic"));
Assert.Equal(HttpStatusCode.BadRequest, ex.StatusCode);
Assert.Equal("existing mount at a/b/c/", ex.Errors.Errors.First());
mounts = await client.ListMountedBackendsAsync();
Assert.DoesNotContain("a/b/c/d/", mounts.Data.Keys);
}
finally
{
await client.UnmountBackendAsync("a/b/c/d");
await client.UnmountBackendAsync("a/b/c");
}
mounts = await client.ListMountedBackendsAsync();
Assert.DoesNotContain("a/b/c/d/", mounts.Data.Keys);
Assert.DoesNotContain("a/b/c/", mounts.Data.Keys);
}
}
public async void LoginUserWithBadPassword()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var users = await client.ListUserpassUsersAsync();
Assert.Contains("foo", users.Data.Keys);
var ex = await Assert.ThrowsAsync <VaultClientException>(async() =>
await client.LoginUserpassAsync("foo", "with-bad-password"));
Assert.Equal(HttpStatusCode.BadRequest, ex.StatusCode);
Assert.Equal("invalid username or password", ex.Errors.Errors.First());
}
}
public async void ReadSecretUsingObject()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var secrets = await client.ReadGenericSecretAsync("foo2");
var expected = SampleSecrets2.GetType().GetProperties().Select(x => x.Name).ToHashSet();
var actual = secrets.Data.Keys.ToHashSet();
Assert.Subset(expected, actual);
Assert.Superset(expected, actual);
//Assert.StrictEqual(SampleSecrets2, secrets.Data);
}
}
public async void ReadSecretUsingDictionary()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var secrets = await client.ReadGenericSecretAsync("foo1");
var expected = SampleSecrets1.Keys.ToHashSet();
var actual = secrets.Data.Keys.ToHashSet();
Assert.Subset(expected, actual);
Assert.Superset(expected, actual);
//Assert.StrictEqual(SampleSecrets1, secrets.Data);
}
}
public async void ConfirmBaseAuthAreEnabled()
{
using (var client = new VaultClient(TestVaultAddress))
{
client.VaultToken = TestRootToken;
var auths = await client.ListAuthBackendsAsync();
var tokenMount = $"{TokenAuthExtensions.DefaultMountName}/";
var userpassMount = $"{UserpassAuthExtensions.DefaultMountName}/";
Assert.Contains(tokenMount, auths.Data.Keys);
Assert.Contains(userpassMount, auths.Data.Keys);
Assert.Equal(TokenAuthExtensions.AuthTypeName, auths.Data[tokenMount].Type);
Assert.Equal(UserpassAuthExtensions.AuthTypeName, auths.Data[userpassMount].Type);
}
}
