Update To Support v5 API

[JakeQuilty]

This PR updates the .NET API to support the v5 API.

Functionality Added

• Update support from v4 to v5
• Update README to show functionality of this API
• Added option to control "limit" and "offset" for ListUsers() and ListVariables()

These methods were tested to make sure they support the v5 API. More details

• Conjur OSS
• DAP
• Instantiate with API key
• Instantiate with access token
• Configure from environment (See "Functionality to Add" bellow)
• Configure from .netrc
• Configure from .conjurrc
• Policy
  • Notes on what's possible: (PUT / PATCH / DELETE?)
  • Load Policy
• Get a secret value
• Set a secret value
• Batch secret value retrieval
• Get list of resources visible to authenticating user (eg as in conjur list)

Methods

Client

Client Client(uri, account)

• Create new Conjur instance
  • uri - URI of the Conjur server. Example: https://myconjur.org.com
  • account - Name of the Conjur account

LogIn(string userName, string password)

• Login to a Conjur user
  • userName - Username of Conjur user to login as
  • password - Passwordof user

TrustedCertificates.ImportPem (string certPath)

• Add Conjur root certificate to system trust store
  • certPath = Path to cert

<Client>.Credential = new NetworkCredential(string userName, string apiKey)

• To login with an API key, use it directly
  • userName - Username of user to login as
  • apiKey - API key of user

IEnumerable<Variable> ListVariables(string query = null)

• Returns a list of variable objects
  • name="query" - Additional Query parameters, not required

uint CountVariables(string query = null)

• Count Conjur resource of kind variable
  • name="query" - Additional Query parameters, not required

Host CreateHost(string name, string hostFactoryToken)

• Creates a host using a host factory token
  • name - Name of the host to create
  • hostFactoryToken - Host factory token

Policy

Policy <Client>.Policy(string policyName)

• Create a Conjur policy object
  • policyName - Name of policy

policy.LoadPolicy(Stream policyContent)

• Load policy into Conjur
  • policyContent - The policy

Variable

Variable <Client>.Variable(string name)

• Instantiate a Variable object
  • name - Name of the variable

Boolean Check(string privilege)

• Check if the current user has specified privilege on this variable
  • privilege - string name of the privilege to check for
    • Privileges: read, create, update, delete, execute

AddSecret(string val)

• Change current Variable to val
  • val - Value to update current Variable to

String GetValue()

• Return the value of the current Variable

Tests Fixed

api-dotnet.test.Conjur.Test.VariablesTest.GetVariableTest

• Error: System.Collections.Generic.KeyNotFoundException : test:///secrets/test-account/variable/foo bar
• Uses Uri.EscapeDataString
• Changed + to %20

api-dotnet.test.Conjur.Test.UserTest.ListUserTest
api-dotnet.test.Conjur.Test.VariablesTest.ListVariableTest

• Error: System.Collections.Generic.KeyNotFoundException : test:///resources/test-account/variable?offset=0&limit=10000
• Both list tests have limit=10000 that's not in expected URIs
• verify<>Info is the same for both
• Test was assuming that offset and limit were variable in the API. They are static.
• ListResources at the lowest level was not static, BUT for listing resources at the Variable and User level, there was no parameter that would go all the way down to Resources.ListResources to make limit and offset dynamic
• Tests do not account for the multiple calls the ListResources method makes.
• ListResources will make calls until the returned call has a count of 0, so a second call will be made that has a count of 0 for these tests but with an offset equal to limit

api-dotnet.test.Conjur.Test.ClientTest.ActingAsTest

• Similar problem to ListUser and ListVariable of the default limit did not match the specified limit in the test

Outstanding Work

Tests to Fix

api-dotnet.test.Conjur.Test.AuthenticatorTest.TestTokenCaching
api-dotnet.test.Conjur.Test.AuthenticatorTest.TestTokenThreadSafe
api-dotnet.test.Conjur.Test.ClientTest.TestLogin

• These 3 all use GetToken() which uses HttpWebRequest request = WebRequest.CreateHttp(this.uri), and it's not configured in WebMocker.
• Cannot override the CreateHttp method to return a mocked HttpWebRequest object because "cannot override inherited member, because it is not marked abstract, virtual or override"
• Issue: Fix Failing Tests Using GetToken() #45

api-dotnet.test.Conjur.Test.HostFactoryTest.TestCreateHost
api-dotnet.test.Conjur.Test.ResourceTest.TestCheck

• System.TypeLoadException
• Issue: Fix Failing Tests "System.TypeLoadException" #46

Functionality to Add

• Although you can get manually get the environment variables and assign them to the needed variables to instantiate a Client, it would be nice if there was a built in way to do this like the Java API
  • Issue: Retrieving Environment Variables for Authentication #47
• Adding batch secret retrieval as a feature of The API, so it doesn't need to be done in manually by user
  • Issue: Add Batch Secret Retrieval #49

[sgnn7]

@JakeQuilty I did what I could to CR it. Let me know if you have any questions.

[sgnn7]

@JakeQuilty Also make sure to update the wording of the "update to dev" commit since it seems really slim and un-useful

[JakeQuilty]

@uCatu can you take a look at some of @sgnn7 's suggestions to your commit?

[uCatu]

I don't know if it's the best pattern but we are locking a singleton so it looks good
@sashaCher - adding as a reviewer

[uCatu]

We can extract a method that get values from configuration or use default and use it twice in thie class

[uCatu]

We can add - cleaning secrets from memory footprint :)

[sgnn7]

@JakeQuilty Just a few more comments

[sgnn7]

All files still need copyright section updated

[sgnn7]

II read some more on this - I think that due to this being an int, you can just mark it as volatile instead of locking.

[JakeQuilty]

All cosmetic changes are done. The last commit is failing to build for the tests though

[sgnn7]

@JakeQuilty / @uCatu Can we figure out how to get the current tests passing so that we can get this merged?

[sgnn7]

Current errors:

[2020-05-22T17:11:00.545Z] /build/conjur-api/conjur-api.csproj (default targets) ->
[2020-05-22T17:11:00.545Z] /usr/lib/mono/4.5/Microsoft.CSharp.targets (CoreCompile target) ->
[2020-05-22T17:11:00.545Z] 
[2020-05-22T17:11:00.545Z] 	Client.cs(66,16): error CS1043: Invalid accessor body `=>', expecting `;' or `{'
[2020-05-22T17:11:00.545Z] 	Client.cs(66,45): error CS1014: A get or set accessor expected
[2020-05-22T17:11:00.545Z] 	ApiConfigurationManager.cs(49,16): error CS1043: Invalid accessor body `=>', expecting `;' or `{'
[2020-05-22T17:11:00.545Z] 	ApiConfigurationManager.cs(73,16): error CS1043: Invalid accessor body `=>', expecting `;' or `{'
[2020-05-22T17:11:00.545Z] 
[2020-05-22T17:11:00.545Z] 	 0 Warning(s)
[2020-05-22T17:11:00.545Z] 	 4 Error(s)

[izgeri]

@sgnn7 @JakeQuilty is this even with some of the tests commented out, to be updated in follow-up issues? or are we not commenting out any test cases anymore?

I am ok with commenting some test cases and fixing them in follow-up issues, as long as we log the issues for them and reference them here

[sgnn7]

@izgeri the failures are with some tests already commented out. As far as I can tell, the project cannot build.

[sashaCher]

@sgnn7 The origin of those error is C#7 syntax.
In our environment we are building the SDK with up to date msbuild toolset so we even haven't pay an attention to this.
You can read more about syntax and versions there.
You can "rephrase" those code segments using C#6 or lower convention or to upgrade mono compiler. It looks that it supports "Expression-bodied constructors, finalizers and accessors".

[sgnn7]

@sashaCher Thanks for the explanation - makes sense! It may be useful to use the old syntax until we figure out what the bottom version for this API should be though but feel free to update the test runner instead if C#6 is end-of-life already.

[JakeQuilty]

Fixed the failing build by reverting all the get and set with => back to curly brackets

[sgnn7]

I noticed some nits but at this point we need to get this code into the repo and we can improve afterwards.

Outdated