/// <summary> /// <para> /// Adds the secrets of a HashiCorp Vault KeyValue engine to the secret store. /// </para> /// <para> /// See more information on HashiCorp: <a href="https://www.vaultproject.io/docs" />. /// </para> /// </summary> /// <param name="builder">The builder to add the HashiCorp secrets from the KeyValue Vault to.</param> /// <param name="settings"></param> /// <param name="secretPath">The secret path where the secret provider should look for secrets.</param> /// <param name="configureOptions">The function to set the additional options to configure the HashiCorp Vault KeyValue.</param> /// <param name="name">The unique name to register this HashiCorp provider in the secret store.</param> /// <param name="mutateSecretName">The optional function to mutate the secret name before looking it up.</param> /// <exception cref="ArgumentNullException"> /// Thrown when the <paramref name="builder"/>, <paramref name="settings"/> or <paramref name="secretPath"/> is <c>null</c>. /// </exception> /// <exception cref="ArgumentException"> /// Thrown when the <paramref name="settings"/> doesn't have a valid Vault server URI or a missing authentication method, /// or the <paramref name="secretPath"/> is blank. /// </exception> public static SecretStoreBuilder AddHashiCorpVault( this SecretStoreBuilder builder, VaultClientSettings settings, string secretPath, Action <HashiCorpVaultOptions> configureOptions, string name, Func <string, string> mutateSecretName) { Guard.NotNull(builder, nameof(builder), "Requires a secret store builder to add the HashiCorp Vault secret provider"); Guard.NotNull(settings, nameof(settings), "Requires HashiCorp Vault settings to correctly connect to the running HashiCorp Vault"); Guard.NotNullOrWhitespace(settings.VaultServerUriWithPort, nameof(settings.VaultServerUriWithPort), "Requires a non-blank HashiCorp Vault settings to have a valid URI with HTTP port"); Guard.NotNull(settings.AuthMethodInfo, nameof(settings.AuthMethodInfo), "Requires the HashiCorp Vault settings to have an authentication method configured"); Guard.NotNullOrWhitespace(secretPath, nameof(secretPath), "Requires a secret path to look for secret values"); Guard.For <ArgumentException>(() => !Uri.IsWellFormedUriString(settings.VaultServerUriWithPort, UriKind.RelativeOrAbsolute), "Requires a HashiCorp Vault server URI with HTTP port"); var options = new HashiCorpVaultOptions(); configureOptions?.Invoke(options); return(AddHashiCorpVault(builder, settings, secretPath, options, configureSecretProviderOptions: secretProviderOptions => { secretProviderOptions.Name = name; secretProviderOptions.MutateSecretName = mutateSecretName; })); }
public void SetMountPoint_WithBlankValue_Throws(string mountPoint) { // Arrange var options = new HashiCorpVaultOptions(); // Act / Assert Assert.ThrowsAny <ArgumentException>(() => options.KeyValueMountPoint = mountPoint); }
public void SetSecretEngineVersion_WithOutOfBoundsVersion_Throws() { // Arrange var options = new HashiCorpVaultOptions(); // Act / Assert Assert.ThrowsAny <ArgumentException>( () => options.KeyValueVersion = VaultKeyValueSecretEngineVersion.V1 | VaultKeyValueSecretEngineVersion.V2); }
/// <summary> /// Initializes a new instance of the <see cref="HashiCorpSecretProvider"/> class. /// </summary> /// <param name="settings">The configuration and authentication settings to successfully connect to the HashiCorp Vault instance.</param> /// <param name="secretPath">The HashiCorp secret path available in the KeyValue engine where this secret provider should look for secrets.</param> /// <param name="options">The additional options to configure the HashiCorp Vault KeyValue.</param> /// <param name="logger">The logger instance to write diagnostic messages and track HashiCorp Vault dependencies.</param> /// <exception cref="ArgumentNullException"> /// Thrown when the <paramref name="settings"/>, /// or <paramref name="secretPath"/> is blank, /// or <paramref name="options"/> is <c>null</c> /// or the <paramref name="settings"/> doesn't contain a authentication method.</exception> /// <exception cref="ArgumentException">Thrown the <paramref name="settings"/> doesn't contain a valid Vault URI.</exception> public HashiCorpSecretProvider( VaultClientSettings settings, string secretPath, HashiCorpVaultOptions options, ILogger <HashiCorpSecretProvider> logger) { Guard.NotNull(settings, nameof(settings), "Requires HashiCorp settings to successfully connect to the Vault"); Guard.NotNull(settings.AuthMethodInfo, nameof(settings.AuthMethodInfo), "Requires a authentication method to connect to the HashiCorp Vault"); Guard.NotNullOrWhitespace(secretPath, nameof(secretPath), "Requires a path where the HashiCorp Vault KeyValue secret engine should look for secrets"); Guard.For <ArgumentException>(() => !Uri.IsWellFormedUriString(settings.VaultServerUriWithPort, UriKind.RelativeOrAbsolute), "Requires a HashiCorp Vault server URI with HTTP port"); Options = options; SecretPath = secretPath; VaultClient = new VaultClient(settings); Logger = logger ?? NullLogger <HashiCorpSecretProvider> .Instance; }
private static SecretStoreBuilder AddHashiCorpVault( SecretStoreBuilder builder, VaultClientSettings settings, string secretPath, HashiCorpVaultOptions options, Action <SecretProviderOptions> configureSecretProviderOptions) { AddHashiCorpCriticalExceptions(builder); return(builder.AddProvider(serviceProvider => { var logger = serviceProvider.GetService <ILogger <HashiCorpSecretProvider> >(); var provider = new HashiCorpSecretProvider(settings, secretPath, options, logger); return provider; }, configureSecretProviderOptions)); }
private static SecretStoreBuilder AddHashiCorpVault( SecretStoreBuilder builder, VaultClientSettings settings, string secretPath, HashiCorpVaultOptions options, Func <string, string> mutateSecretName) { // Thrown when the HashiCorp Vault's authentication and/or authorization fails. builder.AddCriticalException <VaultApiException>(exception => { return(exception.HttpStatusCode == HttpStatusCode.BadRequest || exception.HttpStatusCode == HttpStatusCode.Forbidden); }); return(builder.AddProvider(serviceProvider => { var logger = serviceProvider.GetService <ILogger <HashiCorpSecretProvider> >(); var provider = new HashiCorpSecretProvider(settings, secretPath, options, logger); return provider; }, mutateSecretName)); }