search

rajanadar / VaultSharp

A comprehensive cross-platform .NET Library for HashiCorp's Vault, a secret management tool
http://rajanadar.github.io/VaultSharp
Apache License 2.0
488 stars 130 forks source link

REST API calls seem wrong #326

Closed quintonn closed 1 week ago

quintonn commented 1 year ago

Describe the bug I set up a docker instance with hashicorp/vault with the very basic.
Now I'm trying to run VaultSharp code against it.
But I noticed the API Request URLs seem wrong.

I created a proxy and compared the requests to running the "vault" commands directly inside the container, but setting the -address flag to go through my router.

An example is:
vaultClient.V1.Secrets.KeyValue.V2.WriteSecretAsync("/my-app", secretData, null, "my-auth/servers")
This creates a REST call to: /v1/my-auth/servers/data/my-app
The same command from vault makes a request to v1/my-auth/servers/my-app Notice the extra data part.

I checked the source code and it adds whatever I give for secretData to an object called data.

What is the reason for this?

If I leave my code as is, I get an error "missing client ID".

I am trying to write the following: 

var secretData = new Dictionary<string, object>()
{ 
    { "provider", "oidc" } ,
    { "provider_options", "issuer_url=https://test.my.salesforce.com" },
    { "client_id", "123" },
    { "client_secret", "456" }
};

I am trying to add the oauthapp plugin via c-sharp, but can't get passed this step.

I also couldn't find the equivalent of vault secrets enable -path=oauth2 oauthapp. Is this possible via the VaultSharp library?

VaultSharp Version 1.13.0.1

Vault Version Vault v1.14.1 (bf23fe8636b04d554c0fa35a756c75c2f59026c0), built 2023-07-21T10:15:14Z

Does this work with Vault CLI? Yes

Sample Code Snippet See above

Exception Details/Stack Trace/Error Message I get "missing client id"

Any additional info n/a

konidev20 commented 1 year ago

Hey @quintonn,

As I see it in the documentation https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#create-update-secret. The URL path VaultSharp is generating is correct.

As I see it, you are using vaultClient.V1.Secrets.KeyValue.V2.WriteSecretAsync.. which is used to update the KVv2 secret engine not to configure an Auth method.

You're trying to configure an OAuth auth method, which is a plugin, which I don't think we support yet. We only have APIs to fetch tokens from custom auth providers. Refer: https://github.com/rajanadar/VaultSharp/tree/master#custom-auth-method---bring-your-own-vault-token

I consider this a feature request. In the custom auth provider we must be able to add an interface to configure any auth provider plugins.