public async Task CreateToken() { // SETUP // We need our own vault since we will be manipulating the token value VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest"); TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); // Need a Token Role so we can autogenerate a token TokenRole tokenRole = new TokenRole(); tokenRole.Name = UK.GetKey(); await ourTokenAuthEngine.SaveTokenRole(tokenRole); string tokenName = "Name" + tokenRole.Name; TokenNewSettings tokenNewSettings = new TokenNewSettings() { Name = tokenName, NumberOfUses = 6, NoParentToken = true, RoleName = tokenRole.Name }; Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings); Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value."); // Read the token we just created. //Token token = await _tokenAuthEngine.GetTokenWithID(tokenID); Assert.IsNotNull(token, "A20: No Token returned. Was expecting one."); ourVault.TokenID = token.ID; Assert.AreEqual(ourVault.TokenID, token.ID, "A30: Vault did not store token correctly"); }
public async Task TokenEngineSetup() { // Build Connection to Vault. vault = await VaultServerRef.ConnectVault("TokenEng"); _tokenAuthEngine = (TokenAuthEngine)vault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); }
public async Task ChangingToken_ChangesHTTPHeaders() { // Get current token: Token currentToken = await vault.RefreshActiveToken(); // We will need to create a new token. TokenAuthEngine _tokenAuthEngine = (TokenAuthEngine)vault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); TokenNewSettings tokenNewSettings = new TokenNewSettings(); tokenNewSettings.Name = "NewToken"; tokenNewSettings.MaxTTL = "60s"; tokenNewSettings.NumberOfUses = 14; Token newToken = await _tokenAuthEngine.CreateToken(tokenNewSettings); Assert.NotNull(newToken, "A1: Created a token, expected it to not be null."); Assert.AreNotEqual(currentToken.ID, newToken.ID); // Now set token. vault.Token = newToken; // Now retrieve the current token. This will force it to go back to the Vault instance with the new token. should be the same as newToken. Token newCurrentToken = await vault.RefreshActiveToken(); Assert.AreEqual(newToken.ID, newCurrentToken.ID); Assert.AreNotEqual(currentToken.ID, newCurrentToken.ID); }
// Create the token engines for a successful test and then the control test. private async Task <(KV2SecretEngine engKV2OK, KV2SecretEngine engKV2FAIL)> SetupTokenEngines(string policyWithPermission) { // Get connection to Token Engine so we can create tokens. TokenAuthEngine tokenEng = (TokenAuthEngine)_vaultAgentAPI.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); // AA - The token that will have the policy. TokenNewSettings tokenASettings = new TokenNewSettings(); tokenASettings.Policies.Add(policyWithPermission); Token tokenOK = await tokenEng.CreateToken(tokenASettings); // AB - The token that will not have the policy. TokenNewSettings tokenBSettings = new TokenNewSettings(); tokenBSettings.Policies.Add("default"); Token tokenFAIL = await tokenEng.CreateToken(tokenBSettings); // AC - Create 2 Vault Instances that will use each Token. VaultAgentAPI vaultOK = await VaultServerRef.ConnectVault("OKVault", tokenOK.ID); VaultAgentAPI vaultFail = await VaultServerRef.ConnectVault("FailVault", tokenFAIL.ID); //VaultAgentAPI vaultOK = new VaultAgentAPI("OKToken", _vaultAgentAPI.IP, _vaultAgentAPI.Port, tokenOK.ID); //VaultAgentAPI vaultFail = new VaultAgentAPI("FAILToken", _vaultAgentAPI.IP, _vaultAgentAPI.Port, tokenFAIL.ID); _vaultAgents.Add(vaultOK); _vaultAgents.Add(vaultFail); // AD - Create the KeyValue Engines for each Token KV2SecretEngine engKV2OK = (KV2SecretEngine)vaultOK.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, _beName, _beName); KV2SecretEngine engKV2FAIL = (KV2SecretEngine)vaultFail.ConnectToSecretBackend(EnumSecretBackendTypes.KeyValueV2, _beName, _beName); return(engKV2OK, engKV2FAIL); }
/// <summary> /// Sets up the vault /// </summary> /// <param name="name"></param> /// <param name="vaultUri"></param> public void Initialize(string name, Uri vaultUri) { Name = name; Uri = vaultUri; _vaultAccessTokenID = string.Empty; // Create the Secret Backend list. _secretBackends = new Dictionary <string, VaultSecretBackend>(); // Create the Authentication backends Dictionary _authenticationBackends = new Dictionary <string, VaultAuthenticationBackend>(); try { // Create HTTP Connector object _httpConnector = new VaultAPI_Http(vaultUri); // Establish a connection to the token backend. _tokenEngine = (TokenAuthEngine)ConnectAuthenticationBackend(EnumBackendTypes.A_Token); } catch (Exception e) { if (e.InnerException != null) { if (e.InnerException.Message.StartsWith("No connection")) { throw new ApplicationException("Unable to establish connection to remote Vault Server."); } } throw e; } }
public async Task RevokeTokenWithChildren_ChildrenOrphaned() { // Create a new token. string tokenName = UK.GetKey("ParentOrp"); TokenNewSettings tokenNewSettings = new TokenNewSettings() { Name = tokenName, }; Token parent = await _tokenAuthEngine.CreateToken(tokenNewSettings); Assert.NotNull(parent, "A1: Error creating the parent token - expected to receive the new token back, instead we received a null value."); VaultAgentAPI v1 = await VaultServerRef.ConnectVault("TokenAuth2", parent.ID); TokenAuthEngine TAE = (TokenAuthEngine)v1.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); // Now create 3 child tokens. Token token1 = await TAE.CreateToken(tokenNewSettings); Assert.NotNull(token1, "A2: Error creating a new token - expected to receive the new token back, instead we received a null value."); // Token 2. tokenNewSettings.Name = "Token2"; Token token2 = await TAE.CreateToken(tokenNewSettings); Assert.NotNull(token2, "A3: Error creating a new token - expected to receive the new token back, instead we received a null value."); // Token 3. tokenNewSettings.Name = "Token3"; Token token3 = await TAE.CreateToken(tokenNewSettings); Assert.NotNull(token3, "A4: Error creating a new token - expected to receive the new token back, instead we received a null value."); // Now revoke the Parent token. Assert.IsTrue(await _tokenAuthEngine.RevokeToken(parent.ID, false), "A5: Revocation of parent token was not successful."); Token parent2 = await _tokenAuthEngine.GetTokenWithID(parent.ID); Assert.IsNull(parent2, "A6: The parent token should have been revoked. But it still exists."); // Validate that each of the child tokens is revoked as well. Token a1 = await _tokenAuthEngine.GetTokenWithID(token1.ID); Token a2 = await _tokenAuthEngine.GetTokenWithID(token2.ID); Token a3 = await _tokenAuthEngine.GetTokenWithID(token3.ID); Assert.IsNotNull(a1, "A7: Expected the child token to still exist. But it is null"); Assert.IsNotNull(a2, "A8: Expected the child token to still exist. But it is null"); Assert.IsNotNull(a3, "A9: Expected the child token to still exist. But it is null"); Assert.IsTrue(a1.IsOrphan, "A10: Expected token to be marked as an orphan."); Assert.IsTrue(a2.IsOrphan, "A11: Expected token to be marked as an orphan."); Assert.IsTrue(a3.IsOrphan, "A12: Expected token to be marked as an orphan."); }
public async Task NormalLogin() { // SETUP // We need our own vault since we will be manipulating the token value VaultAgentAPI ourVault = await VaultServerRef.ConnectVault("TokenTest"); TokenAuthEngine ourTokenAuthEngine = (TokenAuthEngine)ourVault.ConnectAuthenticationBackend(EnumBackendTypes.A_Token); // Need a Token Role so we can autogenerate a token TokenRole tokenRole = new TokenRole(); UniqueKeys UK = new UniqueKeys("", ""); // Unique Key generator tokenRole.Name = UK.GetKey(); await ourTokenAuthEngine.SaveTokenRole(tokenRole); string tokenName = "Name" + tokenRole.Name; TokenNewSettings tokenNewSettings = new TokenNewSettings() { Name = tokenName, NumberOfUses = 6, NoParentToken = true, RoleName = tokenRole.Name }; Token token = await ourTokenAuthEngine.CreateToken(tokenNewSettings); Assert.NotNull(token, "A10: Expected to receive the new token back, instead we received a null value."); // Read the token we just created. //Token token = await _tokenAuthEngine.GetTokenWithID(tokenID); Assert.IsNotNull(token, "A20: No Token returned. Was expecting one."); VaultAgentAPI vault2 = await VaultServerRef.ConnectVault("TokenLoginTest"); TokenLoginConnector loginConnector = new TokenLoginConnector(vault2, "test"); loginConnector.TokenId = token.ID; Assert.IsTrue(await loginConnector.Connect(), "A30: Login Failed"); }
/// <summary> /// Creates a TokenLoginConnector object which enables logging in with a Vault Token /// </summary> /// <param name="vaultAgent">The Vault instance to connect to</param> /// <param name="description">Descriptive name for this Token Connector</param> /// <param name="tokenId">The token ID you wish to use to connect with</param> /// <param name="authenticatorMountName">The actual name of the Vault Token Backend you wish to connect to</param> public TokenLoginConnector(VaultAgentAPI vaultAgent, string description, string tokenId, string authenticatorMountName = TokenAuthEngine.TOKEN_DEFAULT_MOUNT_NAME) : base( vaultAgent, authenticatorMountName, description) { _tokenAuthEngine = new TokenAuthEngine(vaultAgent); TokenId = tokenId; }