add support for keymgmt secrets engine

CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.6.0.0 (TBD)
+
+**ENTERPRISE VAULT FEATURES:**
+
+  * Add support for ```Key Management``` Secrets Engine.
+
+**BREAKING CHANGES:**
+
+  * Moved Enterprise Secrets Engines under the Enterprise namespace (KMIP, Transform etc.)
+
 ## 1.4.0.7 (Nov 24, 2020)
 
 **BREAKING CHANGES:**

README.md

@@ -893,14 +893,39 @@ Secret<bool> activeResponse = await vaultClient.V1.Secrets.Identity.IntrospectTo
 bool active = activeResponse.Data;
 ```
 
-#### KMIP Secrets Engine
+#### KeyManagement Secrets Engine (Enterprise)
+
+##### Read Key
+
+- Returns information about a named key. 
+- The keys object will hold information regarding each key version. 
+- Different information will be returned depending on the key type. 
+- For example, an asymmetric key will return its public key in a standard format for the type.
+
+```cs
+Secret<KeyManagementKey> keyManagementKey = await vaultClient.V1.Secrets.Enterprise.KeyManagement.ReadKeyAsync(keyName);
+var keys = keyManagementKey.Data.Keys;
+```
+
+##### Read Key in KMS
+
+- Returns information about a named key in KMS. 
+
+```cs
+Secret<KeyManagementKMSKey> keyManagementKMSKey = await vaultClient.V1.Secrets.Enterprise.KeyManagement.ReadKeyInKMSAsync(kmsName, keyName);
+var name = keyManagementKMSKey.Data.Name;
+var purpose = keyManagementKMSKey.Data.Purpose;
+var protection = keyManagementKMSKey.Data.Protection;
+```
+
+#### KMIP Secrets Engine (Enterprise)
 
 ##### Generate dynamic credentials
 
 - Create a new client certificate tied to the given role and scope.
 
 ```cs
-Secret<KMIPCredentials> kmipCredentials = await vaultClient.V1.Secrets.KMIP.GetCredentialsAsync(scopeName, roleName);
+Secret<KMIPCredentials> kmipCredentials = await vaultClient.V1.Secrets.Enterprise.KMIP.GetCredentialsAsync(scopeName, roleName);
 string certificateContent = kmipCredentials.Data.CertificateContent;
 string privateKeyContent = kmipCredentials.Data.PrivateKeyContent;
 ```
@@ -914,7 +939,7 @@ string privateKeyContent = kmipCredentials.Data.PrivateKeyContent;
 ```cs
 Secret<MongoDBAtlasCredentials> creds = await vaultClient.V1.Secrets.MongoDBAtlas.GetCredentialsAsync(name);
 string privateKey = creds.Data.PrivateKey;
-string publicKey = nomadCredentials.Data.PublicKey;
+string publicKey = creds.Data.PublicKey;
 ```
 
 #### Nomad Secrets Engine
@@ -1073,7 +1098,7 @@ This endpoint deletes the key definition.
 await vaultClient.V1.Secrets.TOTP.DeleteKeyAsync(keyName);
 ```
 
-#### Transform Secrets Engine
+#### Transform Secrets Engine (Enterprise)
 
 ##### Encode Method
 
@@ -1082,7 +1107,7 @@ await vaultClient.V1.Secrets.TOTP.DeleteKeyAsync(keyName);
 ```cs
 
 var encodeOptions = new EncodeRequestOptions { Value = "ipsem" };
-Secret<EncodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transform.EncodeAsync(roleName, encodeOptions);
+Secret<EncodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Enterprise.Transform.EncodeAsync(roleName, encodeOptions);
 response.Data.EncodedValue;
 
 ```
@@ -1095,7 +1120,7 @@ var encodeOptions = new EncodeRequestOptions
   BatchItems = new List<EncodingItem> { new EncodingItem { Value = "ipsem1" }, new EncodingItem { Value = "ipsem2" } }
 };
 
-Secret<EncodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transform.EncodeAsync(roleName, encodeOptions);
+Secret<EncodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Enterprise.Transform.EncodeAsync(roleName, encodeOptions);
 response.Data.EncodedItems;
 ```
 
@@ -1105,7 +1130,7 @@ response.Data.EncodedItems;
 
 ```cs
 var decodeOptions = new DecodeRequestOptions { Value = "ipsem" };
-Secret<DecodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transform.DecodeAsync(roleName, decodeOptions);
+Secret<DecodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Enterprise.Transform.DecodeAsync(roleName, decodeOptions);
 response.Data.DecodedValue;
 ```
 
@@ -1117,7 +1142,7 @@ var decodeOptions = new DecodeRequestOptions
   BatchItems = new List<DecodingItem> { new DecodingItem { Value = "ipsem1" }, new DecodingItem { Value = "ipsem2" } }
 };
 
-Secret<DecodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transform.DecodeAsync(roleName, decodeOptions);
+Secret<DecodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Enterprise.Transform.DecodeAsync(roleName, decodeOptions);
 response.Data.DecodedItems;
 ```
 

src/VaultSharp/.AssemblyAttributes

@@ -1,4 +1,4 @@
 // <autogenerated />
 using System;
 using System.Reflection;
-[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
+[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETStandard,Version=v1.3", FrameworkDisplayName = "")]

src/VaultSharp/V1/SecretsEngines/Enterprise/EnterpriseProvider.cs

@@ -0,0 +1,24 @@
+using VaultSharp.Core;
+using VaultSharp.V1.SecretsEngines.Enterprise.KeyManagement;
+using VaultSharp.V1.SecretsEngines.Enterprise.KMIP;
+using VaultSharp.V1.SecretsEngines.Enterprise.Transform;
+
+namespace VaultSharp.V1.SecretsEngines.Enterprise
+{
+    /// <summary>
+    /// Enterprise Secrets Engines
+    /// </summary>
+    internal class EnterpriseProvider : IEnterprise
+    {
+        public EnterpriseProvider(Polymath polymath)
+        {
+            KeyManagement = new KeyManagementSecretsEngineProvider(polymath);
+            KMIP = new KMIPSecretsEngineProvider(polymath);
+            Transform = new TransformSecretsEngineProvider(polymath);
+        }
+
+        public IKeyManagementSecretsEngine KeyManagement { get; }
+        public IKMIPSecretsEngine KMIP { get; }
+        public ITransformSecretsEngine Transform { get; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Enterprise/IEnterprise.cs

@@ -0,0 +1,27 @@
+using VaultSharp.V1.SecretsEngines.Enterprise.KeyManagement;
+using VaultSharp.V1.SecretsEngines.Enterprise.KMIP;
+using VaultSharp.V1.SecretsEngines.Enterprise.Transform;
+
+namespace VaultSharp.V1.SecretsEngines.Enterprise
+{
+    /// <summary>
+    /// Enterprise Secrets Engines
+    /// </summary>
+    public interface IEnterprise
+    {
+        /// <summary>
+        /// The KeyManagement Secrets Engine.
+        /// </summary>
+        IKeyManagementSecretsEngine KeyManagement { get; }
+
+        /// <summary>
+        /// The KMIP Secrets Engine.
+        /// </summary>
+        IKMIPSecretsEngine KMIP { get; }
+
+        /// <summary>
+        /// The Transform Secrets Engine.
+        /// </summary>
+        ITransformSecretsEngine Transform { get; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/KMIP/CertificateFormat.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/KMIP/CertificateFormat.cs

@@ -1,7 +1,7 @@
 using Newtonsoft.Json;
 using Newtonsoft.Json.Converters;
 
-namespace VaultSharp.V1.SecretsEngines.KMIP
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KMIP
 {
     /// <summary>
     /// Represents the Certificate format.

src/VaultSharp/V1/SecretsEngines/KMIP/IKMIPSecretsEngine.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/KMIP/IKMIPSecretsEngine.cs

@@ -1,7 +1,7 @@
 using System.Threading.Tasks;
 using VaultSharp.V1.Commons;
 
-namespace VaultSharp.V1.SecretsEngines.KMIP
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KMIP
 {
     /// <summary>
     /// KMIP Secrets Engine.

src/VaultSharp/V1/SecretsEngines/KMIP/KMIPCredentials.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/KMIP/KMIPCredentials.cs

@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
 
-namespace VaultSharp.V1.SecretsEngines.KMIP
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KMIP
 {
     /// <summary>
     /// Represents the KMIP credentials.

src/VaultSharp/V1/SecretsEngines/KMIP/KMIPSecretsEngineProvider.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/KMIP/KMIPSecretsEngineProvider.cs

@@ -3,7 +3,7 @@
 using VaultSharp.Core;
 using VaultSharp.V1.Commons;
 
-namespace VaultSharp.V1.SecretsEngines.KMIP
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KMIP
 {
     internal class KMIPSecretsEngineProvider : IKMIPSecretsEngine
     {

src/VaultSharp/V1/SecretsEngines/Enterprise/KeyManagement/IKeyManagementSecretsEngine.cs

@@ -0,0 +1,49 @@
+using System.Threading.Tasks;
+using VaultSharp.V1.Commons;
+
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KeyManagement
+{
+    /// <summary>
+    /// The KeyManagement Secrets Engine.
+    /// </summary>
+    public interface IKeyManagementSecretsEngine
+    {
+        /// <summary>
+        /// Reads information about a named key.
+        /// The keys object will hold information regarding each key version. 
+        /// Different information will be returned depending on the key type. 
+        /// For example, an asymmetric key will return its public key in a standard format for the type.
+        /// </summary>
+        /// <param name="keyName"><para>[required]</para>
+        /// Specifies the name of the key to read.
+        /// </param>
+        /// <param name="mountPoint"><para>[optional]</para>
+        /// The mount point for the backend. Defaults to <see cref="SecretsEngineDefaultPaths.KeyManagement" />
+        /// Provide a value only if you have customized the mount point.</param>
+        /// <param name="wrapTimeToLive">
+        /// <para>[optional]</para>
+        /// The TTL for the token and can be either an integer number of seconds or a string duration of seconds.
+        /// </param>
+        /// <returns>Key Info.</returns>
+        Task<Secret<KeyManagementKey>> ReadKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.KeyManagement, string wrapTimeToLive = null);
+
+        /// <summary>
+        /// Reads information about a key that's been distributed to a KMS provider.
+        /// </summary>
+        /// <param name="kmsName"><para>[required]</para>
+        /// Specifies the name of the KMS provider.
+        /// </param>
+        /// <param name="keyName"><para>[required]</para>
+        /// Specifies the name of the key to read.
+        /// </param>
+        /// <param name="mountPoint"><para>[optional]</para>
+        /// The mount point for the backend. Defaults to <see cref="SecretsEngineDefaultPaths.KeyManagement" />
+        /// Provide a value only if you have customized the mount point.</param>
+        /// <param name="wrapTimeToLive">
+        /// <para>[optional]</para>
+        /// The TTL for the token and can be either an integer number of seconds or a string duration of seconds.
+        /// </param>
+        /// <returns>Key Info.</returns>
+        Task<Secret<KeyManagementKMSKey>> ReadKeyInKMSAsync(string kmsName, string keyName, string mountPoint = SecretsEngineDefaultPaths.KeyManagement, string wrapTimeToLive = null);
+    }
+}

src/VaultSharp/V1/SecretsEngines/Enterprise/KeyManagement/KeyManagementKMSKey.cs

@@ -0,0 +1,28 @@
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KeyManagement
+{
+    /// <summary>
+    /// Key in KMS
+    /// </summary>
+    public class KeyManagementKMSKey
+    {
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("name")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("protection")]
+        public string Protection { get; set; }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("purpose")]
+        public string Purpose { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Enterprise/KeyManagement/KeyManagementKey.cs

@@ -0,0 +1,47 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KeyManagement
+{
+    /// <summary>
+    /// The KeyMgmt key
+    /// </summary>
+    public class KeyManagementKey
+    {
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("deletion_allowed")]
+        public bool DeletionAllowed { get; set; }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("keys")]
+        public Dictionary<string, Dictionary<string, object>> Keys;
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("latest_version")]
+        public int LatestVersion { get; set; }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("min_enabled_version")]
+        public int MinimumEnabledVersion { get; set; }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("name")]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        [JsonProperty("type")]
+        public string Type { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Enterprise/KeyManagement/KeyManagementSecretsEngineProvider.cs

@@ -0,0 +1,34 @@
+using System.Net.Http;
+using System.Threading.Tasks;
+using VaultSharp.Core;
+using VaultSharp.V1.Commons;
+
+namespace VaultSharp.V1.SecretsEngines.Enterprise.KeyManagement
+{
+    internal class KeyManagementSecretsEngineProvider : IKeyManagementSecretsEngine
+    {
+        private readonly Polymath _polymath;
+
+        public KeyManagementSecretsEngineProvider(Polymath polymath)
+        {
+            _polymath = polymath;
+        }
+
+        public async Task<Secret<KeyManagementKey>> ReadKeyAsync(string keyName, string mountPoint = SecretsEngineDefaultPaths.KeyManagement, string wrapTimeToLive = null)
+        {
+            Checker.NotNull(mountPoint, "mountPoint");
+            Checker.NotNull(keyName, "keyName");
+
+            return await _polymath.MakeVaultApiRequest<Secret<KeyManagementKey>>("v1/" + mountPoint.Trim('/') + "/key/" + keyName.Trim('/'), HttpMethod.Get, wrapTimeToLive: wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
+        }
+
+        public async Task<Secret<KeyManagementKMSKey>> ReadKeyInKMSAsync(string kmsName, string keyName, string mountPoint = SecretsEngineDefaultPaths.KeyManagement, string wrapTimeToLive = null)
+        {
+            Checker.NotNull(mountPoint, "mountPoint");
+            Checker.NotNull(kmsName, "kmsName");
+            Checker.NotNull(keyName, "keyName");
+
+            return await _polymath.MakeVaultApiRequest<Secret<KeyManagementKMSKey>>("v1/" + mountPoint.Trim('/') + "/kms/" + kmsName.Trim('/') + "/key/" + keyName.Trim('/'), HttpMethod.Get, wrapTimeToLive: wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
+        }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/DecodeRequestOptions.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/Transform/DecodeRequestOptions.cs

@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
 
-namespace VaultSharp.V1.SecretsEngines.Transform
+namespace VaultSharp.V1.SecretsEngines.Enterprise.Transform
 {
     /// <summary>
     /// Represents the Decode Request Options.

src/VaultSharp/V1/SecretsEngines/Transform/DecodedItem.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/Transform/DecodedItem.cs

@@ -1,6 +1,6 @@
 using Newtonsoft.Json;
 
-namespace VaultSharp.V1.SecretsEngines.Transform
+namespace VaultSharp.V1.SecretsEngines.Enterprise.Transform
 {
     /// <summary>
     /// Represents a single Decoded item.

src/VaultSharp/V1/SecretsEngines/Transform/DecodedResponse.cs → src/VaultSharp/V1/SecretsEngines/Enterprise/Transform/DecodedResponse.cs

@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
 
-namespace VaultSharp.V1.SecretsEngines.Transform
+namespace VaultSharp.V1.SecretsEngines.Enterprise.Transform
 {
     /// <summary>
     /// Response for decoding.