Skip to content

Commit

Permalink
token-capabilities-api
Browse files Browse the repository at this point in the history 
hashicorp/vault#1171 and hashicorp/vault#1188
  • Loading branch information
@rajanadar
rajanadar committed Aug 30, 2016
1 parent 7f10e5c commit 1b3ad65
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 2 deletions.
29 changes: 29 additions & 0 deletions src/VaultSharp/IVaultClient.cs
View file
Expand Up @@ -331,6 +331,35 @@ public interface IVaultClient
/// </returns>
Task DeletePolicyAsync(string policyName);

/// <summary>
/// Gets the capabilities of the token on the given path.
/// </summary>
/// <param name="token"><para>[required]</para>
/// Token for which capabilities are being queried.</param>
/// <param name="path"><para>[required]</para>
/// Path on which the token's capabilities will be checked.</param>
/// <returns>The list of capabilities.</returns>
Task<IEnumerable<string>> GetTokenCapabilitiesAsync(string token, string path);

/// <summary>
/// Gets the capabilities of client token on the given path.
/// Client token is the Vault token with which this API call is made.
/// </summary>
/// <param name="path"><para>[required]</para>
/// Path on which the token's capabilities will be checked.</param>
/// <returns>The list of capabilities.</returns>
Task<IEnumerable<string>> GetCallingTokenCapabilitiesAsync(string path);

/// <summary>
/// Gets the capabilities of the token associated with an accessor, on the given path.
/// </summary>
/// <param name="tokenAccessor"><para>[required]</para>
/// Token accessor for which capabilities are being queried.</param>
/// <param name="path"><para>[required]</para>
/// Path on which the token's capabilities will be checked.</param>
/// <returns>The list of capabilities.</returns>
Task<IEnumerable<string>> GetTokenAccessorCapabilitiesAsync(string tokenAccessor, string path);

/// <summary>
/// Gets all the enabled audit backends.
/// </summary>
Expand Down
47 changes: 47 additions & 0 deletions src/VaultSharp/VaultClient.cs
View file
Expand Up @@ -326,6 +326,53 @@ public async Task DeletePolicyAsync(string policyName)
await MakeVaultApiRequest("sys/policy/" + policyName, HttpMethod.Delete).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
}

public async Task<IEnumerable<string>> GetTokenCapabilitiesAsync(string token, string path)
{
Checker.NotNull(token, "token");
Checker.NotNull(path, "path");

var requestData = new {token = token, path = path};
var response = await MakeVaultApiRequest<dynamic>("sys/capabilities", HttpMethod.Post, requestData).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);

if (response != null && response.capabilities != null)
{
return response.capabilities.ToObject<List<string>>();
}

return Enumerable.Empty<string>();
}

public async Task<IEnumerable<string>> GetCallingTokenCapabilitiesAsync(string path)
{
Checker.NotNull(path, "path");

var requestData = new { path = path };
var response = await MakeVaultApiRequest<dynamic>("sys/capabilities-self", HttpMethod.Post, requestData).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);

if (response != null && response.capabilities != null)
{
return response.capabilities.ToObject<List<string>>();
}

return Enumerable.Empty<string>();
}

public async Task<IEnumerable<string>> GetTokenAccessorCapabilitiesAsync(string tokenAccessor, string path)
{
Checker.NotNull(tokenAccessor, "tokenAccessor");
Checker.NotNull(path, "path");

var requestData = new { accessor = tokenAccessor, path = path };
var response = await MakeVaultApiRequest<dynamic>("sys/capabilities-accessor", HttpMethod.Post, requestData).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);

if (response != null && response.capabilities != null)
{
return response.capabilities.ToObject<List<string>>();
}

return Enumerable.Empty<string>();
}

public async Task<IEnumerable<AuditBackend>> GetAllEnabledAuditBackendsAsync()
{
var response = await MakeVaultApiRequest<Dictionary<string, AuditBackend>>("sys/audit", HttpMethod.Get).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
Expand Down
12 changes: 10 additions & 2 deletions test/VaultSharp.UnitTests/End2End/VaultClientEnd2EndTests.cs
View file
Expand Up @@ -44,15 +44,15 @@ public async Task AllTests()
// await GithubAuthenticationProviderTests();
}

await _authenticatedClient.StepDownActiveNodeAsync();
await TokenTests();
// await _authenticatedClient.StepDownActiveNodeAsync();

await EncryptStrongTests();
await MountedSecretBackendTests();
await MountedAuthenticationBackendTests();
await PoliciesTests();
await AuditBackendsTests();
await SecretTests();
await TokenTests();
await EncryptTests();
await AppIdAuthenticationProviderTests();
await UsernamePasswordAuthenticationProviderTests();
Expand Down Expand Up @@ -658,6 +658,14 @@ private async Task TokenTests()
var secret1 = await _authenticatedClient.CreateTokenAsync();
Assert.NotNull(secret1);

// capabilities.
var caps =
await _authenticatedClient.GetTokenCapabilitiesAsync(secret1.AuthorizationInfo.ClientToken, "sys");
Assert.NotNull(caps);

var caps2 = await _authenticatedClient.GetCallingTokenCapabilitiesAsync("sys");
Assert.NotNull(caps2);

var secret2 = await _authenticatedClient.CreateTokenAsync(new TokenCreationOptions { NoParent = true });
Assert.NotNull(secret2);

Expand Down

0 comments on commit 1b3ad65

Please sign in to comment.