Hotfix - vault-proxy support (#63)

* authMethod should be null for vault-agent

* customization on application side

* test

* Success_TokenNoAuthMethod - skip

---------

Co-authored-by: Mikhail Merkulov <[email protected]>

Author: k0st1x

Source/VaultSharp.Extensions.Configuration/VaultConfigurationProvider.cs

@@ -51,7 +51,7 @@ public override void Load()
             {
                 if (this.vaultClient == null)
                 {
-                    IAuthMethodInfo authMethod;
+                    IAuthMethodInfo? authMethod = null;
                     if (this.ConfigurationSource.Options.AuthMethod != null)
                     {
                         authMethod = this.ConfigurationSource.Options.AuthMethod;
@@ -64,7 +64,7 @@ public override void Load()
                             this.ConfigurationSource.Options.VaultRoleId,
                             this.ConfigurationSource.Options.VaultSecret);
                     }
-                    else
+                    else if (!string.IsNullOrEmpty(this.ConfigurationSource.Options.VaultToken))
                     {
                         this.logger?.LogDebug("VaultConfigurationProvider: using Token authentication");
                         authMethod = new TokenAuthMethodInfo(this.ConfigurationSource.Options.VaultToken);

Source/VaultSharp.Extensions.Configuration/VaultConfigurationSource.cs

@@ -7,7 +7,7 @@ namespace VaultSharp.Extensions.Configuration
     /// <summary>
     /// Vault configuration source.
     /// </summary>
-    public sealed class VaultConfigurationSource : IConfigurationSource
+    public class VaultConfigurationSource : IConfigurationSource
     {
         /// <summary>
         /// Default Vault URL.
@@ -56,6 +56,6 @@ public VaultConfigurationSource(VaultOptions options, string basePath, string? m
         /// </summary>
         /// <param name="builder">Configuration builder.</param>
         /// <returns>Instance of <see cref="IConfigurationProvider"/>.</returns>
-        public IConfigurationProvider Build(IConfigurationBuilder builder) => new VaultConfigurationProvider(this, this.logger);
+        public virtual IConfigurationProvider Build(IConfigurationBuilder builder) => new VaultConfigurationProvider(this, this.logger);
     }
 }

Tests/VaultSharp.Extensions.Configuration.Test/IntegrationTests.cs

@@ -16,6 +16,7 @@ namespace VaultSharp.Extensions.Configuration.Test
     using Serilog;
     using Serilog.Extensions.Logging;
     using VaultSharp.Core;
+    using VaultSharp.V1.AuthMethods;
     using VaultSharp.V1.AuthMethods.AppRole;
     using VaultSharp.V1.AuthMethods.Token;
     using Xunit;
@@ -35,15 +36,15 @@ public IntegrationTests()
             this.logger = new SerilogLoggerProvider(Log.Logger).CreateLogger(nameof(IntegrationTests));
         }
 
-        private IContainer PrepareVaultContainer(bool enableSSL = false, string? script = null)
+        private IContainer PrepareVaultContainer(bool enableSSL = false, string? script = null, string tokenId = "root")
         {
             var builder = new ContainerBuilder()
                 .WithImage("vault:1.13.3")
                 .WithName("vaultsharptest_"+Guid.NewGuid().ToString().Substring(0,8))
                 .WithPortBinding(8200, 8200)
                 .WithWaitStrategy(Wait.ForUnixContainer().UntilPortIsAvailable(8200))
                 .WithEnvironment("VAULT_UI", "true")
-                .WithEnvironment("VAULT_DEV_ROOT_TOKEN_ID", "root")
+                .WithEnvironment("VAULT_DEV_ROOT_TOKEN_ID", tokenId)
                 .WithEnvironment("VAULT_DEV_LISTEN_ADDRESS", "0.0.0.0:8200");
 
             if (enableSSL)
@@ -822,6 +823,56 @@ public async Task Success_Proxy_Verify_Custom_Hook_Invoked()
                 await container.DisposeAsync();
             }
         }
+
+        [Fact(Skip = "vault-proxy required")]
+        public async Task Success_TokenNoAuthMethod()
+        {
+            // arrange
+            using CancellationTokenSource cts = new CancellationTokenSource();
+            var values =
+              new Dictionary<string, IEnumerable<KeyValuePair<string, object>>>
+              {
+                    {
+                        "myservice-config", new[]
+                        {
+                            new KeyValuePair<string, object>("option1", "value1")
+                        }
+                    },
+              };
+
+            var container = this.PrepareVaultContainer(tokenId: "");
+            try
+            {
+                await container.StartAsync(cts.Token).ConfigureAwait(false);
+                await this.LoadDataAsync("http://localhost:8200", values).ConfigureAwait(false);
+
+                // Moq mock of PostProcessHttpClientHandlerAction implementation:
+                var mockConfigureProxyAction = new Mock<Action<HttpMessageHandler>>();
+
+                // act
+                ConfigurationBuilder builder = new ConfigurationBuilder();
+                builder.AddVaultConfiguration(
+                    () => new VaultOptions("http://localhost:8200", (IAuthMethodInfo)null!)
+                    {
+                        PostProcessHttpClientHandlerAction = mockConfigureProxyAction.Object
+                    },
+                    "myservice-config",
+                    "secret",
+                    this.logger);
+                var configurationRoot = builder.Build();
+
+                // assert secrets were loaded successfully:
+                configurationRoot.GetValue<string>("option1").Should().Be("value1");
+
+                // assert that PostProcessHttpClientHandlerAction was actually invoked, and a HttpMessageHandler was passed:
+                mockConfigureProxyAction.Verify(x => x(It.IsAny<HttpMessageHandler>()), Times.Once);
+            }
+            finally
+            {
+                cts.Cancel();
+                await container.DisposeAsync().ConfigureAwait(false);
+            }
+        }
     }
 
     public class TestConfigObject