protected string ResolveToken(VaultProfile profile = null)
{
// Resolve Vault Token
var token = VaultToken ?? profile?.VaultToken;
if (string.IsNullOrEmpty(token) &&
!base.MyInvocation.BoundParameters.ContainsKey(nameof(VaultToken)))
{
WriteVerbose("Trying to resolve Vault Token from env");
token = Environment.GetEnvironmentVariable(Global.CliVaultTokenEnvName);
if (string.IsNullOrWhiteSpace(token))
{
var cliTokenCacheFile = base.InvokeCommand.ExpandString(Global.CliVaultTokenCacheFile);
if (File.Exists(cliTokenCacheFile))
{
WriteVerbose($"Trying to load Vault Token from CLI user token cache file [{cliTokenCacheFile}]");
token = File.ReadAllText(cliTokenCacheFile)?.Trim();
}
}
}
if (!string.IsNullOrWhiteSpace(token))
{
WriteVerbose("Using Vault Token");
}
return(token);
}
#pragma warning disable CS1591 // Missing XML comment for publicly visible type or member
protected override void EndProcessing()
{
VaultProfile vp = null;
if (!string.IsNullOrEmpty(VaultProfile))
{
vp = Global.GetVaultProfile(this, VaultProfile);
}
var addr = VaultAddress ?? vp?.VaultAddress;
var token = VaultToken ?? vp?.VaultToken;
Global.SetVaultProfile(this, SaveAs, Remove.IsPresent, Force.IsPresent,
addr, token, Label);
}
public static void SetVaultProfile(PSCmdlet ctx, string name, bool Remove = false,
bool force = false, string vaultAddress = null, string vaultToken = null,
string label = null)
{
var profileDir = ctx.InvokeCommand.ExpandString(Global.VaultProfilesDir);
ctx.WriteVerbose($"Resolved user profiles root directory [{profileDir}]");
var profileFile = Path.Combine(profileDir,
string.Format(Global.VaultProfileFileFormat, name));
ctx.WriteVerbose($"Resolved user profile file [{profileFile}]");
if (Remove)
{
if (File.Exists(profileFile))
{
ctx.WriteVerbose("Removing profile file");
File.Delete(profileFile);
}
}
else
{
if (!Directory.Exists(profileDir))
{
// TODO: need to provide a default Directory ACL to
// protect the profiles directory
ctx.WriteVerbose("Creating user profiles root directory");
Directory.CreateDirectory(profileDir);
}
if (File.Exists(profileFile) && !force)
{
throw new Exception("Existing profile found, use -Force to overwrite");
}
var vp = new VaultProfile
{
Label = label,
VaultAddress = vaultAddress,
VaultToken = vaultToken,
};
ctx.WriteVerbose("Saving VaultProfile to file");
File.WriteAllText(profileFile, JsonConvert.SerializeObject(vp));
}
}
#pragma warning disable CS1591 // Missing XML comment for publicly visible type or member
/// <summary>
/// Resolves a Vault Client instance based on the common parameters passed into
/// this cmdlet instance, the current environment (variables), and the context
/// of the invocation, such as user-specific Vault CLI cache and configuration
/// files, and PowerShell configuration, such as profiles.
/// </summary>
/// <returns></returns>
protected IVaultClient ResolveVaultClient()
{
VaultProfile profile = null;
_session = VaultSession as VaultSession;
if (_session == null)
{
// First see if user specified a named profile
if (!string.IsNullOrEmpty(VaultProfile))
{
profile = Global.GetVaultProfile(this, VaultProfile);
if (profile == null)
{
throw new FileNotFoundException($"missing user profile [{VaultProfile}]");
}
}
else
{
// Then default to possible default profile, may be null
profile = Global.GetVaultProfile(this, Global.DefaultVaultProfileName);
}
var address = ResolveAddress(profile);
var token = ResolveToken(profile);
WriteVerbose($"Creating Vault Session with address [{address}]");
_session = new VaultSession(address, token);
}
_client = _session.VaultClient;
// Make sure TLS1.2 is enabled as that's often a requirement with Vault Server
if (!ServicePointManager.SecurityProtocol.HasFlag(SecurityProtocolType.Tls12))
{
WriteVerbose("Enabling TLS 1.2 support, typically required for Vault");
System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12;
}
return(_client);
}
protected string ResolveAddress(VaultProfile profile = null)
{
// Resolve Vault Address
var address = VaultAddress ?? profile?.VaultAddress;
if (string.IsNullOrWhiteSpace(address))
{
WriteVerbose("Trying to resolve Vault address from env");
address = Environment.GetEnvironmentVariable(Global.CliVaultAddressEnvName);
}
var addressCacheFile = base.InvokeCommand.ExpandString(Global.VaultAddressCacheFile);
if (string.IsNullOrWhiteSpace(address))
{
if (File.Exists(addressCacheFile))
{
WriteVerbose($"Trying to load Vault address from user address cache file [{addressCacheFile}]");
address = File.ReadAllText(addressCacheFile)?.Trim();
}
}
else if (base.MyInvocation.BoundParameters.ContainsKey(nameof(VaultAddress)))
{
WriteVerbose($"Saving manually-specified Vault address to user cache file [{addressCacheFile}]");
File.WriteAllText(addressCacheFile, address);
}
// Absolute last resort -- assume the default address for a local DEV address
if (string.IsNullOrWhiteSpace(address))
{
WriteVerbose("Defaulting to local dev Vault address");
address = "http://127.0.0.1:8200";
}
return(address);
}
