cyberark / conjur-api-dotnet Goto Github PK
View Code? Open in Web Editor NEW.NET client for the CyberArk Conjur API
License: Apache License 2.0
.NET client for the CyberArk Conjur API
License: Apache License 2.0
Current build automation is obscure at best and rusty and we should ensure that it is optimal for the current needs.
The Dotnet client for the CyberArk Conjur API has tests today that are run only against the OSS.
As part of the configurable TLS change and because the client libraries are run and used by our customers we should add additional tests that run against the EE to reduce the manual testing around these.
Suggest adding to Readme.md a configuration step to ensure System.json package is intalled.
GIVEN I'm a .Net developer
WHEN I develop an app
THEN I should be able to retrieve secrets I have permission using the Conjur .Net library
Conjur v4 has a .Net API that wraps the REST API of Conjur.
In V5 the API has been changed in an uncompatible way.
Your task, if you wish to accept it, is to create a new .Net API compatible to v5 givving out the same functionality.
Please pay attention to the following:
A. Where can one fine usage example
B. What version on this API supports
Test coverage - should be the same as before
Understand if this can be part of the CE Github projects
To insure the broadest access possible, we want this library to be available through NuGet. This will allow people to install it directly into their projects. As part of the delivery of this feature, we'll need to understand the steps necessary to submit a project to NuGet.
REVIEWING ca-conjur-api-dotnet-v5-master BRANCH
Review this repo and document items in the following categories with links to filed issues.
In addition, document succinctly whether this integration works with Conjur OSS / DAP and what methods are supported.
Note which flows are supported, and next to each that is supported note the method name. We can use this to improve the README documentation.
conjur list
)Client Client(uri, account)
LogIn(string userName, string password)
TrustedCertificates.ImportPem (string certPath)
<Client>.Credential = new NetworkCredential(string userName, string apiKey)
IEnumerable<Variable> ListVariables(string query = null)
uint CountVariables(string query = null)
Host CreateHost(string name, string hostFactoryToken)
Policy <Client>.Policy(string policyName)
policy.LoadPolicy(Stream policyContent)
Variable <Client>.Variable(string name)
Boolean Check(string privilege)
AddSecret(string val)
String GetValue()
dll
artifact (#52)USAGE
says to use -h
in the conjur init
command, this did not work in Conjur OSS and I needed to use -u
(Conjur v4 leftover?) (#53)mono
- I'm guessing this can be made better by .NET Core move (#24).NET Framework
base should be ideally moved to .NET Core
. (#24)Conjur
-> CyberArk
(#23)## Bugs
- Fix error handling for policy loading for users/hosts w/ api_key_enabled (unconfirmed) - (#38)
api-dotnet.test.Conjur.Test.AuthenticatorTest.TestTokenCaching
api-dotnet.test.Conjur.Test.AuthenticatorTest.TestTokenThreadSafe
api-dotnet.test.Conjur.Test.ClientTest.ActingAsTest
api-dotnet.test.Conjur.Test.ClientTest.TestLogin
api-dotnet.test.Conjur.Test.HostFactoryTest.TestCreateHost
api-dotnet.test.Conjur.Test.ResourceTest.TestCheck
api-dotnet.test.Conjur.Test.UserTest.ListUserTest
api-dotnet.test.Conjur.Test.VariablesTest.GetVariableTest
api-dotnet.test.Conjur.Test.VariablesTest.ListVariableTest
In theory our artifact could be a droppable .dll
file instead of needing to deal with the whole project import.
.dll
s as an additional project artifactThere are currently no integration tests in this repo
Certificate management in the API is obscure and opaque. Expose certificate management better to the user.
These two tests are commented out, but fail when run. They give a "System.TypeLoadException" exception when run.
Update the master branch to add functionality to support Conjur OSS and DAP
AC:
We don't have a good release strategy for this project and the versioning "tag" seems arbitrary.
Although you can get manually get the environment variables and assign them to the needed variables to instantiate a Client, it would be nice if there was a built in way to do this like the Java API
Manually grabbing environment variables in the code, but this is an extra step that will have to be replicated for every application made.
Add the .NET version requirements to the README. Discussed in this comment, but moving to a separate issue for times sake.
There's a lot of unit tests in the repository but increasing coverage to cover all main usages is needed
Connected to #35
There are various issues with the documentation that should be addressed.
USAGE
says to use -h
in the conjur init
command, this did not work in Conjur OSS and I needed to use -u
(Conjur v4 leftover?)Let's get the copyright notices updated from Conjur to CyberArk.
These 3 tests are commented out, but fail when run. They use the GetToken() method in the ApiKeyAuthenticator class. This method uses:
HttpWebRequest request = WebRequest.CreateHttp(this.uri);
which causes an error, because the test uri is "test:///". The method expects an http uri, so it throws an error.
Notes:
There are two potential targets for .Net now, .Net Framework (and Mono) and .Net Core. The Conjur .Net API should support both of them.
Since httpClient
is currently an internal field it makes unit testing and expanding the Client
class significantly harder and involves vague techniques (e. g. to make possible HttpClient
substitution with a mocked one I've changed RootNamespace
property of my test project to Conjur
).
Make httpClient
field either protected, public or assignable from outside in some other way (e.g. parameter of constructor).
Mocking HttpClient
is essential in unit testing since we need predictable responses. In expanding of the Client
class, accessing to an HttpClient
instance also plays major role.
Add code coverage to this project.
Acceptance Criteria:
If the repo has a changelog that doesn't meet the standard, do try to change earlier entries to match the standard.
If the repo doesn't have a changelog use this as a starter:
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## [Unreleased]
Policy loading from file should be part of base functionality and it isn't
Signing of the code for test artifact is pretty gnarly and uses specific certs that are outdated. We may also need a real cert for distributing the dll (#52).
Adding batch secret retrieval similar to the REST API
This can be done manually, by using ListVariables() to grab the list and looping through to retrieve each secret, but will have to be done separately for each application.
Is there a way to access secrets form a dotnet client using the identity of the service under which code is running e.g. Windows Service or an API running in Kestrel/IIS under a service account?
Alternatively, can a machine be authenticated for access to secrets?
Validate and fix any errors with the following workflows:
Related to: cyberark/conjur/issues/1359
The API should support policy operations other than just simple addition.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.