public void DoesNotLoadFilteredItems()
{
var client = new Mock <IVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var secret2Id = GetSecretId("Secret2");
client.Setup(c => c.ReadSecretAsync(SecretPath)).ReturnsAsync(new Secret <Dictionary <string, object> >
{
Data = new Dictionary <string, object> {
{ secret1Id, "Value1" },
{ secret2Id, "Value2" },
}
});
// Act
var provider = new VaultConfigurationProvider(client.Object, new EndsWithOneVaultSecretManager(), new[] { SecretPath });
provider.Load();
// Assert
client.VerifyAll();
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
}
public void SupportsReload()
{
var client = new Mock <IVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var value = "Value1";
client.Setup(c => c.ReadSecretAsync(SecretPath)).Returns((string path) => Task.FromResult(new Secret <Dictionary <string, object> >
{
Data = new Dictionary <string, object> {
{ secret1Id, value },
}
}));
// Act & Assert
var provider = new VaultConfigurationProvider(client.Object, new DefaultVaultSecretManager(), new[] { SecretPath });
provider.Load();
client.VerifyAll();
Assert.Equal("Value1", provider.Get("Secret1"));
value = "Value2";
provider.Load();
Assert.Equal("Value2", provider.Get("Secret1"));
}
public void LoadsAllSecretsFromVaultIfLooksLikeV2Data()
{
var client = new Mock <IVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var secret2Id = GetSecretId("Secret2");
client.Setup(c => c.ReadSecretAsync(SecretPath)).ReturnsAsync(new Secret <Dictionary <string, object> >
{
Data = new Dictionary <string, object> {
{ DataKey, new JObject {
[secret1Id] = "Value1",
[secret2Id] = "Value2",
} },
{ MetaDataKey, "" }
}
});
// Act
var provider = new VaultConfigurationProvider(client.Object, new DefaultVaultSecretManager(), new[] { SecretPath });
provider.Load();
// Assert
client.VerifyAll();
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal(new[] { "Secret1", "Secret2" }, childKeys);
Assert.Equal("Value1", provider.Get("Secret1"));
Assert.Equal("Value2", provider.Get("Secret2"));
}
public void LoadsAllSecretsFromVaultAsJson()
{
var client = new Mock <IVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Secret1");
var secret2Id = GetSecretId("Secret2");
client.Setup(c => c.ReadSecretAsync(SecretPath)).ReturnsAsync(new Secret <Dictionary <string, object> >
{
Data = new Dictionary <string, object> {
{ secret1Id, "{ \"Key1\": [ \"Value1\", \"Value2\" ] }" },
{ secret2Id, "{ \"test\": { \"value\": \"something\" } }" },
}
});
// Act
var provider = new VaultConfigurationProvider(client.Object, new DefaultVaultSecretManager(), new[] { SecretPath }, asJson: true);
provider.Load();
// Assert
client.VerifyAll();
var childKeys = provider.GetChildKeys(Enumerable.Empty <string>(), null).ToArray();
Assert.Equal("something", provider.Get("test:value"));
Assert.Equal("Value1", provider.Get("Key1:0"));
Assert.Equal("Value2", provider.Get("Key1:1"));
}
public void ThrowsIfLoadingAsJsonAndInvalidJson(string invalidJson)
{
var client = new Mock <IVaultClient>(MockBehavior.Strict);
var secretId = GetSecretId("Secret1");
client.Setup(c => c.ReadSecretAsync(SecretPath)).ReturnsAsync(new Secret <Dictionary <string, object> >
{
Data = new Dictionary <string, object> {
{ secretId, invalidJson },
}
});
// Act
var provider = new VaultConfigurationProvider(client.Object, new DefaultVaultSecretManager(), new[] { SecretPath }, asJson: true);
// Assert
Assert.Throws <JsonReaderException>(() => provider.Load());
}
public void SupportsReload()
{
// Arrange
var mockClient = new Mock <IVaultClient>();
var secret1Id = "Section:Secret1";
var secret1ValueIn = "Value1";
mockClient.Setup(c => c.V1.Secrets.KeyValue.V2.ReadSecretAsync(_secretPath, null, _secretMountPoint, null))
.Returns((string path, int version, string mountPoint, string wrapTimeToLive) =>
{
return(Task.FromResult(
new Secret <SecretData>
{
Data = new SecretData
{
Data = new Dictionary <string, object> {
{ secret1Id, secret1ValueIn }
}
}
}
));
});
// Act
var provider = new VaultConfigurationProvider(mockClient.Object, new DefaultVaultSecretManager(), _secretMountPoint, new[] { _secretPath });
provider.Load();
// Assert
mockClient.VerifyAll();
var secret1ValueOut = "";
provider.TryGet(secret1Id, out secret1ValueOut);
Assert.AreEqual(secret1ValueIn, secret1ValueOut);
secret1ValueIn = "Value1Updated";
provider.Load();
provider.TryGet(secret1Id, out secret1ValueOut);
Assert.AreEqual(secret1ValueIn, secret1ValueOut);
}
public void SupportsColonInSecretKeys()
{
// Arrange
var mockClient = new Mock <IVaultClient>();
var secret1Id = "Section:Secret1";
var secret1ValueIn = "Value1";
var secret2Id = "Section:Secret2";
var secret2ValueIn = "Value2";
var fakeReturnSecretData = new Secret <SecretData>
{
Data = new SecretData
{
Data = new Dictionary <string, object> {
{ secret1Id, secret1ValueIn },
{ secret2Id, secret2ValueIn }
}
}
};
mockClient.Setup(c => c.V1.Secrets.KeyValue.V2.ReadSecretAsync(_secretPath, null, _secretMountPoint, null))
.ReturnsAsync(fakeReturnSecretData);
// Act
var provider = new VaultConfigurationProvider(mockClient.Object, new DefaultVaultSecretManager(), _secretMountPoint, new[] { _secretPath });
provider.Load();
// Assert
mockClient.VerifyAll();
var secret1ValueOut = "";
var secret2ValueOut = "";
provider.TryGet(secret1Id, out secret1ValueOut);
provider.TryGet(secret2Id, out secret2ValueOut);
Assert.AreEqual(secret1ValueIn, secret1ValueOut);
Assert.AreEqual(secret2ValueIn, secret2ValueOut);
}
public void PreservesColonInSecretName()
{
var client = new Mock <IVaultClient>(MockBehavior.Strict);
var secret1Id = GetSecretId("Section:Secret1");
client.Setup(c => c.ReadSecretAsync(SecretPath)).ReturnsAsync(new Secret <Dictionary <string, object> >
{
Data = new Dictionary <string, object> {
{ secret1Id, "Value1" },
}
});
// Act
var provider = new VaultConfigurationProvider(client.Object, new DefaultVaultSecretManager(), new[] { SecretPath });
provider.Load();
// Assert
client.VerifyAll();
Assert.Equal("Value1", provider.Get("Section:Secret1"));
}