From 9abf2d1f0641930f58e316bba2b9d454080e0f29 Mon Sep 17 00:00:00 2001
From: Raja Nadar <rajanadar@gmail.com>
Date: Tue, 30 Aug 2016 23:52:41 -0700
Subject: [PATCH] new token accessor endpoints

for hashicorp/vault#1188 and hashicorp/vault#1676
---
 src/VaultSharp/IVaultClient.cs                | 21 +++++++++++++++++++
 src/VaultSharp/VaultClient.cs                 | 19 ++++++++++++++++-
 .../End2End/VaultClientEnd2EndTests.cs        |  8 +++++++
 3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/src/VaultSharp/IVaultClient.cs b/src/VaultSharp/IVaultClient.cs
index 6d40c146..626cb974 100644
--- a/src/VaultSharp/IVaultClient.cs
+++ b/src/VaultSharp/IVaultClient.cs
@@ -705,6 +705,17 @@ public interface IVaultClient
         /// </returns>
         Task<Secret<TokenInfo>> GetTokenInfoAsync(string token);
 
+        /// <summary>
+        /// Gets the properties of the token associated with the accessor, 
+        /// except the token ID. 
+        /// This is meant for purposes where there is no access to token ID 
+        /// but there is need to fetch the properties of a token.
+        /// </summary>
+        /// <param name="tokenAccessor"><para>[required]</para>
+        ///  Accessor of the token to lookup.</param>
+        /// <returns>The token info.</returns>
+        Task<Secret<TokenInfo>> GetTokenInfoByAccessorAsync(string tokenAccessor);
+
         /// <summary>
         /// Revokes a token and all child tokens if the <see cref="revokeAllChildTokens" /> value is <value>true</value>.
         /// When the token is revoked, all secrets generated with it are also revoked.
@@ -719,6 +730,16 @@ public interface IVaultClient
         /// </returns>
         Task RevokeTokenAsync(string token, bool revokeAllChildTokens);
 
+        /// <summary>
+        /// Revokes the token associated with the accessor and all the child tokens. 
+        /// This is meant for purposes where there is no access to token ID 
+        /// but there is need to revoke a token and its children.
+        /// </summary>
+        /// <param name="tokenAccessor"><para>[required]</para>
+        /// Accessor of the token.</param>
+        /// <returns>The token info.</returns>
+        Task RevokeTokenByAccessorAsync(string tokenAccessor);
+
         /// <summary>
         /// Revokes the calling client token and all child tokens.
         /// When the token is revoked, all secrets generated with it are also revoked.
diff --git a/src/VaultSharp/VaultClient.cs b/src/VaultSharp/VaultClient.cs
index 8885175a..0f9b132d 100644
--- a/src/VaultSharp/VaultClient.cs
+++ b/src/VaultSharp/VaultClient.cs
@@ -640,7 +640,16 @@ public async Task<Secret<TokenInfo>> GetTokenInfoAsync(string token)
         {
             Checker.NotNull(token, "token");
 
-            return await MakeVaultApiRequest<Secret<TokenInfo>>("auth/token/lookup/" + token, HttpMethod.Get).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
+            var requestData = new {token = token};
+            return await MakeVaultApiRequest<Secret<TokenInfo>>("auth/token/lookup", HttpMethod.Post, requestData).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
+        }
+
+        public async Task<Secret<TokenInfo>> GetTokenInfoByAccessorAsync(string tokenAccessor)
+        {
+            Checker.NotNull(tokenAccessor, "tokenAccessor");
+
+            var requestData = new { accessor = tokenAccessor };
+            return await MakeVaultApiRequest<Secret<TokenInfo>>("auth/token/lookup-accessor", HttpMethod.Post, requestData).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
         }
 
         public async Task RevokeTokenAsync(string token, bool revokeAllChildTokens)
@@ -651,6 +660,14 @@ public async Task RevokeTokenAsync(string token, bool revokeAllChildTokens)
             await MakeVaultApiRequest("auth/token/" + action + "/" + token, HttpMethod.Post).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
         }
 
+        public async Task RevokeTokenByAccessorAsync(string tokenAccessor)
+        {
+            Checker.NotNull(tokenAccessor, "tokenAccessor");
+
+            var requestData = new { accessor = tokenAccessor };
+            await MakeVaultApiRequest("auth/token/revoke-accessor", HttpMethod.Post, requestData).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
+        }
+
         public async Task RevokeCallingTokenAsync()
         {
             await MakeVaultApiRequest("auth/token/revoke-self", HttpMethod.Post).ConfigureAwait(continueOnCapturedContext: _continueAsyncTasksOnCapturedContext);
diff --git a/test/VaultSharp.UnitTests/End2End/VaultClientEnd2EndTests.cs b/test/VaultSharp.UnitTests/End2End/VaultClientEnd2EndTests.cs
index dff8e413..53086582 100644
--- a/test/VaultSharp.UnitTests/End2End/VaultClientEnd2EndTests.cs
+++ b/test/VaultSharp.UnitTests/End2End/VaultClientEnd2EndTests.cs
@@ -672,6 +672,14 @@ private async Task TokenTests()
             var accessors = await _authenticatedClient.GetTokenAccessorListAsync();
             Assert.True(accessors.Data.Any());
 
+            var tokenInfoByAccessor = await _authenticatedClient.GetTokenInfoByAccessorAsync(accessors.Data.First());
+            Assert.NotNull(tokenInfoByAccessor);
+
+            await _authenticatedClient.RevokeTokenByAccessorAsync(accessors.Data.First());
+
+            var accessors2 = await _authenticatedClient.GetTokenAccessorListAsync();
+            Assert.True(accessors.Data.Count() - 1 == accessors2.Data.Count());
+
             var secret3 = await _authenticatedClient.CreateTokenAsync(new TokenCreationOptions { NoParent = true });
             Assert.NotNull(secret3);