PKI Secrets Engine Role endpoints. #374
Conversation
| @@ -103,7 +103,7 @@ private static VaultClientSettings GetVaultClientSettings(IAuthMethodInfo authMe | |||
| Console.WriteLine(_responseContent); | |||
| } | |||
| }, | |||
| Namespace = "bhjk", | |||
| //Namespace = "bhjk", // ?? | |||
There was a problem hiding this comment.
I'm not sure why the namespace was in there, but it was causing my runs to fail until I commented it out.
There was a problem hiding this comment.
namespaces is a feature available on enterprise versions of Vault. This is a placeholder I reckon. Uncomment before this is merged.
| @@ -103,7 +103,7 @@ private static VaultClientSettings GetVaultClientSettings(IAuthMethodInfo authMe | |||
| Console.WriteLine(_responseContent); | |||
| } | |||
| }, | |||
| Namespace = "bhjk", | |||
| //Namespace = "bhjk", // ?? | |||
There was a problem hiding this comment.
namespaces is a feature available on enterprise versions of Vault. This is a placeholder I reckon. Uncomment before this is merged.
| @@ -1,3 +1,4 @@ | |||
|
|
|||
There was a problem hiding this comment.
An extra line has been added by mistake.
| /// Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA. | ||
| /// </summary> | ||
| [JsonPropertyName("ttl")] | ||
| public string TTL { get; set; } |
There was a problem hiding this comment.
Following the convention used elsewhere in the project. Can we rename this to TimeToLive
|
|
||
| namespace VaultSharp.V1.SecretsEngines.PKI | ||
| { | ||
| public class PKIRole |
There was a problem hiding this comment.
Suggestion, just Role should be fine.
| /// allowing for arbitrary non-Hostname, non-Email address CNs. | ||
| /// </summary> | ||
| [JsonPropertyName("cn_validations")] | ||
| public List<string> CNVAlidations { get; set; } |
There was a problem hiding this comment.
typo CNValidations, A has been capitalized
| /// ".example.net" or "bz.example.net". See the documentation for more information. | ||
| /// </summary> | ||
| [JsonPropertyName("allow_wildcard_certificates")] | ||
| public bool AllowWildcardIdentifiers { get; set; } |
There was a problem hiding this comment.
The default value of this flag is true
https://developer.hashicorp.com/vault/api-docs/secret/pki#create-update-role
| /// If set, an array of allowed user-ids to put in user system login name specified here: https://www.rfc-editor.org/rfc/rfc1274#section-9.3.1 | ||
| /// </summary> | ||
| [JsonPropertyName("allowed_user_ids")] | ||
| public List<string> AllowedUserIds { get; set; } |
There was a problem hiding this comment.
This is a string field according to the docs.
| /// If set, an array of allowed serial numbers to put in Subject. These values support globbing. | ||
| /// </summary> | ||
| [JsonPropertyName("allowed_serial_numbers")] | ||
| public List<string> AllowedSerialNumbers { get; set; } |
There was a problem hiding this comment.
This is a string field. Check and confirm behavior. Should be fine.
| /// The maximum allowed lease duration. If not set, defaults to the system maximum lease TTL. | ||
| /// </summary> | ||
| [JsonPropertyName("max_ttl")] | ||
| public long MaxTTL { get; set; } |
| // if the role list is empty, we will get a 404 response with { "errors": [] } | ||
| // make sure it's that error only, and return the empty list if so | ||
| if (ex.StatusCode != 404) | ||
| { | ||
| throw; | ||
| } |
There was a problem hiding this comment.
I am not sure about this. A HTTP Status Code 404 can be returned even in the case when the mountPoint is incorrect. Handling the 404 exception might be an application layer decision. I will let @rajanadar comment.
GH-373 PKI Secrets Engine - added methods for interacting with PKI Roles, and method for generating a self-signed root CA.