Merge pull request #8 from Conjur-Enterprise/enable-tests

CNJR-7227 Fix and re-enable tests

.gitleaksignore

@@ -0,0 +1 @@
+test/HostFactoryTest.cs:generic-api-key:21

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [3.0.3] - 2024-11-22
+
+### Fixed
+- Resolve build warnings
+- Fix and re-enable broken tests (CNJR-7227)
+
 ## [3.0.2] - 2024-08-02
 
 ### Changed

README.md

@@ -6,90 +6,104 @@ invoking our Conjur API to perform operations on stored data (add, retrieve, etc
 
 ## Table of Contents
 
-- [Using this Project With Conjur Open Source](#Using-conjur-api-dotnet-with-Conjur-Open-Source)
+- [Using this Project With Conjur Open Source](#using-conjur-api-dotnet-with-conjur-open-source)
 - [Requirements](#requirements)
 - [Building](#building)
 - [Methods](#methods)
-- [Example](#example)
+- [Examples](#examples)
 - [Contributing](#contributing)
 - [License](#license)
 
-## Using conjur-api-dotnet with Conjur Open Source 
+## Using conjur-api-dotnet with Conjur Open Source
 
-Are you using this project with [Conjur Open Source](https://github.com/cyberark/conjur)? Then we 
-**strongly** recommend choosing the version of this project to use from the latest [Conjur OSS 
-suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html). 
-Conjur maintainers perform additional testing on the suite release versions to ensure 
-compatibility. When possible, upgrade your Conjur version to match the 
-[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm); 
-when using integrations, choose the latest suite release that matches your Conjur version. For any 
+Are you using this project with [Conjur Open Source](https://github.com/cyberark/conjur)? Then we
+**strongly** recommend choosing the version of this project to use from the latest [Conjur OSS
+suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html).
+Conjur maintainers perform additional testing on the suite release versions to ensure
+compatibility. When possible, upgrade your Conjur version to match the
+[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm);
+when using integrations, choose the latest suite release that matches your Conjur version. For any
 questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).
 
 ## Requirements
 
-- Conjur Enterprise (formerly DAP) v10+ or Conjur Open Source v1+
-
-For Conjur Enterprise V4, use the [V4 branch](https://github.com/cyberark/conjur-api-dotnet/tree/v4)
+- Conjur Enterprise v10+ or Conjur Open Source v1+
 
 - When using the **AWS Authenticator**, Conjur Enterprise v13+ or Conjur Cloud (Conjur OSS was not tested)
 
 ## Building
 
-This sample was built and tested with Visual Studio 2015.
+### Visual Studio
 
 To load in Visual Studio, from the Visual Studio File menu select Open > Project/Solution > api-dotnet.sln
- and build the solution. This will create:
+and build the solution. This will create:
+
+- conjur-api.dll: the .NET version of the Conjur API.
+- ConjurTest.dll: test DLL used for automated testing of the Conjur .NET API
+- example.exe: sample application that uses the Conjur API.
 
-    - conjur-api.dll: the .NET version of the Conjur API.
-    - ConjurTest.dll: test DLL used for automated testing of the Conjur .NET API
-    - example.exe: sample application that uses the Conjur API.
+### Docker
 
-Optionally, to build in a Docker container, it is recommended to use Mono and xbuild.
+To build in a Docker container, run the following commands:
+
+```bash
+make -C docker
+./build.sh
+```
 
 ## Methods
 
 ### `Client`
 
 #### `Client Client(uri, account)`
+
 - Create new Conjur instance
-   - `uri` - URI of the Conjur server. Example: `https://myconjur.org.com/api`
-   - `account` - Name of the Conjur account
+  - `uri` - URI of the Conjur server. Example: `https://myconjur.org.com/api`
+  - `account` - Name of the Conjur account
 
 #### `void client.LogIn(string userName, string password)`
+
 - Login to a Conjur user
-   - `userName` - Username of Conjur user to login as
-   - `password` - Password of user
+  - `userName` - Username of Conjur user to login as
+  - `password` - Password of user
 
 #### `void client.TrustedCertificates.ImportPem (string certPath)`
+
 - Add Conjur root certificate to system trust store
-   - `certPath` = Path to cert
+  - `certPath` = Path to cert
 
 #### `void client.DisableCertCheck()`
+
 - Disable SSL Cert check -- used when Conjur is configured with self-signed cert. Do not use in production.
 
 #### `void client.EnableCertCheck()`
-- Enable SSL Cert check -- Default is to perform cert check; this method is used if there is a need to disable and enable the cert check.
 
+- Enable SSL Cert check -- Default is to perform cert check; this method is used if there is a need to disable and enable the cert check.
 
 #### `client.Credential = new NetworkCredential(string userName, string apiKey)`
+
 - To login with an API key, use it directly
-   - `userName` - Username of user to login as
-   - `apiKey` - API key of user/host/etc
+  - `userName` - Username of user to login as
+  - `apiKey` - API key of user/host/etc
 
 #### `IEnumerable<Variable> client.ListVariables(string query = null)`
+
 - Returns a list of variable objects
-   - `query` - Additional query parameters (not required)
+  - `query` - Additional query parameters (not required)
 
 #### `uint client.CountVariables(string query = null)`
+
 - Return count of Conjur variables conforming to the `query` parameter
-    - `query` - Additional query parameters (not required)
+  - `query` - Additional query parameters (not required)
 
 #### `Host client.CreateHost(string name, string hostFactoryToken)`
+
 - Creates a host using a host factory token
-   - `name` - Name of the host to create
-   - `hostFactoryToken` - Host factory token
+  - `name` - Name of the host to create
+  - `hostFactoryToken` - Host factory token
 
 #### `client.Authenticator = new Conjur.AWSIAMAuthenticator(Conjur.Client client, string Identity, string Authenticator, string roleArn = "", string ConjurAWSRegion = "us-east-1")`
+
 - **REQUIREMENTS**: Conjur Enterprise v13+ or Conjur Cloud (Conjur OSS was not tested)
 - Configure the client to use the AWS IAM Authenticator
   - Client must be instantiated with these attributes before instantiating the AWS authenticator:
@@ -100,82 +114,88 @@ Optionally, to build in a Docker container, it is recommended to use Mono and xb
 ### `Policy`
 
 #### `Policy client.Policy(string policyName)`
-- Create a Conjur policy object 
-   - `policyName` - Name of policy
+
+- Create a Conjur policy object
+  - `policyName` - Name of policy
 
 #### `policy.LoadPolicy(Stream policyContent)`
+
 - Load policy into Conjur
-   -  `policyContent` - The policy
+  - `policyContent` - The policy
 
 ### `Variable`
 
 #### `Variable client.Variable(string name)`
+
 - Instantiate a Variable object
-   - `name` - Name of the variable
+  - `name` - Name of the variable
 
 #### `Boolean variable.Check(string privilege)`
+
 - Check if the current entity has the specified privilege on this variable
-   - `privilege` - string name of the privilege to check for
-      - Privileges: read, create, update, delete, execute
+  - `privilege` - string name of the privilege to check for
+    - Privileges: read, create, update, delete, execute
 
 #### `void variable.AddSecret(bytes val)`
+
 - Change current variable to val
-   - `val` - Value in bytes to update current variable to
+  - `val` - Value in bytes to update current variable to
 
 #### `String variable.GetValue()`
+
 - Return the value of the current Variable
 
 ## Examples
 
-#### Example Code
+### Example Code
 
 ```csharp
-    // Instantiate a Conjur Client object.
-    //  parameter: URI - conjur appliance URI
-    //  parameter: ACCOUNT - conjur account name
-    //  return: Client object - if URI is incorrect errors thrown when used
-    Client conjurClient = new Client("https://myorg.com", account);
-
-    // Login with Conjur credentials like userid and password,
-    // or hostid and api_key, etc
-    //  parameters: username - conjur user or host id for example
-    //              password - conjur user password or host api key for example
-    string conjurAuthToken = conjurClient.Login(username, password);
-
-    // Check if this user has permission to get the value of variableId
-    // That requires execute permissions on the variable
-
-    // Instantiate a Variable object
-    //   parameters: client - contains authentication token and conjur URI
-    //               name - the name of the variable
-    Variable conjurVariable = new Variable(conjurClient, variableId);
-
-    // Check if the current user has "execute" privilege required to get
-    // the value of the variable
-    //   parameters: privilege - string name of the priv to check for
-    bool isAllowed = conjurVariable.Check("execute");
-    if (!isAllowed)
-    {
-        Console.WriteLine("You do not have permissions to get the value of {0}", variableId);
-    }
-    else
-    {
-        Console.WriteLine("{0} has the value: {1}", variableId, conjurVariable.GetValue());
-    }
+// Instantiate a Conjur Client object.
+//  parameter: URI - conjur appliance URI
+//  parameter: ACCOUNT - conjur account name
+//  return: Client object - if URI is incorrect errors thrown when used
+Client conjurClient = new Client("https://myorg.com", account);
+
+// Login with Conjur credentials like userid and password,
+// or hostid and api_key, etc
+//  parameters: username - conjur user or host id for example
+//              password - conjur user password or host api key for example
+string conjurAuthToken = conjurClient.Login(username, password);
+
+// Check if this user has permission to get the value of variableId
+// That requires execute permissions on the variable
+
+// Instantiate a Variable object
+//   parameters: client - contains authentication token and conjur URI
+//               name - the name of the variable
+Variable conjurVariable = new Variable(conjurClient, variableId);
+
+// Check if the current user has "execute" privilege required to get
+// the value of the variable
+//   parameters: privilege - string name of the priv to check for
+bool isAllowed = conjurVariable.Check("execute");
+if (!isAllowed)
+{
+    Console.WriteLine("You do not have permissions to get the value of {0}", variableId);
+}
+else
+{
+    Console.WriteLine("{0} has the value: {1}", variableId, conjurVariable.GetValue());
+}
 ```
 
-#### Example App
+### Example App
 
 This example app shows how to:
 
-    - Authenticate
-    - Load Policy
-    - Check permissions to get the value of a variable
-    - Get the value of a variable
-    - Use a Host Factory token to create a new Host and get an apiKey to use with Conjur
+- Authenticate
+- Load Policy
+- Check permissions to get the value of a variable
+- Get the value of a variable
+- Use a Host Factory token to create a new Host and get an apiKey to use with Conjur
 
 To run the sample in Visual Studio, set the `example` project as the Startup
- Project.  To do so, in 
+ Project.  To do so, in
 the Solution Explorer right click over `example` and select `Set as Startup Project`.
 
 ```txt
@@ -191,7 +211,7 @@ Usage: Example  <applianceURL>
 `applianceURL`: the applianceURL e.g. `https://conjur.myorg.com/`
 
 `applianceCertificatePath`: the path and name of the Conjur appliance
- certificate. The easiest way to get the certifiate is to use the Conjur 
+ certificate. The easiest way to get the certifiate is to use the Conjur
 CLI command `conjur init -u conjur.myorg.com -f .conjurrc`. The certificate can be taken from any system you have run the Conjur CLI from.
 
 `accountName`: The name of the account in Conjur.
@@ -203,9 +223,9 @@ CLI command `conjur init -u conjur.myorg.com -f .conjurrc`. The certificate can
 `variableId`: The name of an existing variable in Conjur that has a value set and for which the `username` has execute permissions.
 
 `hostFactoryToken`: A host factory token. The easiest way to get a host
- factory token for testing is to add a hostfactory to a layer using 
+ factory token for testing is to add a hostfactory to a layer using
 the Conjur CLI command `conjur hostfactory create` and
- `conjur hostfactory token create`. Take the token returned from that call 
+ `conjur hostfactory token create`. Take the token returned from that call
 and pass it as the hostFactoryToken parameter to this example.
 
 #### Example Code with AWS Authenticator

build.sh

@@ -19,7 +19,14 @@ if [ ! -f "$PWD/VERSION" ]; then
 fi
 
 CIDFILE=$(mktemp -u)
-docker run -v "$PWD":/src:ro --cidfile="$CIDFILE" -e WRITE_ARTIFACTORY_USERNAME -e WRITE_ARTIFACTORY_PASSWORD -e WRITE_ARTIFACTORY_URL "$TAG"
+docker run \
+  -v "$PWD":/src:ro \
+  --cidfile="$CIDFILE" \
+  -e WRITE_ARTIFACTORY_USERNAME \
+  -e WRITE_ARTIFACTORY_PASSWORD \
+  -e WRITE_ARTIFACTORY_URL \
+  -e RUN_AWS_TESTS \
+  "$TAG"
 
 CID=$(cat "$CIDFILE")
 

conjur-api/AWSIAMAuthenticator.cs

@@ -72,12 +72,6 @@ private Credentials GetSTSToken()
             // For now this can be handled by assuming the same role and allowing the AssumeRole permission for the role
             // for itself.
 
-            // TODO: Handle case where we're running on an EC2 instance that has the assigned role equal to the role
-            // used to authenticate to Conjur. Then we don't need to assume a different role and we already have
-            // the session token we need.
-            // For now this can be handled by assuming the same role and allowing the AssumeRole permission for the role
-            // for itself.
-
             if (!String.IsNullOrEmpty(this.conjurIAMRole))
             {
                 var assumeRoleReq = new AssumeRoleRequest()

conjur-api/ApiKeyAuthenticator.cs

@@ -9,7 +9,6 @@
 using System.IO;
 using System.Net;
 using System.Net.Http;
-using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Threading;
 
@@ -26,6 +25,7 @@ public class ApiKeyAuthenticator : IAuthenticator
 
         private string token = null;
         private Timer timer = null;
+        private readonly HttpClient httpClient;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="Conjur.ApiKeyAuthenticator"/> class.
@@ -35,10 +35,11 @@ public class ApiKeyAuthenticator : IAuthenticator
         /// <param name="account">The name of the Conjur organization account.</param>
         /// <param name="credential">User name and API key to use, where
         /// username is for example "bob" or "host/jenkins".</param>
-        public ApiKeyAuthenticator(Uri authnUri, string account, NetworkCredential credential)
+        public ApiKeyAuthenticator(Uri authnUri, string account, NetworkCredential credential, HttpClient httpClient = null)
         {
             this.credential = credential;
             this.uri = new Uri($"{authnUri}/{Uri.EscapeDataString(account)}/{Uri.EscapeDataString(credential.UserName)}/authenticate");
+            this.httpClient = httpClient ?? new HttpClient();
         }
 
         #region IAuthenticator implementation
@@ -60,8 +61,6 @@ public string GetToken()
             {
                 if (this.token == null)
                 {
-                    HttpClient httpClient = new HttpClient();
-                    httpClient.Timeout = TimeSpan.FromMilliseconds(ApiConfigurationManager.GetInstance().HttpRequestTimeout);
                     HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, this.uri);
 
                     IntPtr bstr = IntPtr.Zero;
@@ -83,7 +82,7 @@ public string GetToken()
                                 stream.Headers.ContentLength = credential.SecurePassword.Length;
                                 httpRequestMessage.Content = stream;
 
-                                var response = httpClient.Send(httpRequestMessage);
+                                var response = this.httpClient.Send(httpRequestMessage);
                                 response.EnsureSuccessStatusCode();
 
                                 Interlocked.Exchange(ref this.token, response.Read());

conjur-api/Client.cs

@@ -97,7 +97,8 @@ public NetworkCredential Credential
                 this.Authenticator = new ApiKeyAuthenticator(
                   new Uri(this.ApplianceUri + "authn"),
                   this.GetAccountName(),
-                  value);
+                  value,
+                  this.httpClient);
             }
         }