Review technical debt in repo and make plan for nearterm enhancements

[izgeri]

REVIEWING ca-conjur-api-dotnet-v5-master BRANCH

Review this repo and document items in the following categories with links to filed issues.

In addition, document succinctly whether this integration works with Conjur OSS / DAP and what methods are supported.

Supported flows

Note which flows are supported, and next to each that is supported note the method name. We can use this to improve the README documentation.

• Conjur OSS
• DAP
• Instantiate with API key
• Instantiate with access token
• Configure from environment
• Configure from .netrc
• Configure from .conjurrc
• Policy
  • Notes on what's possible: (PUT / PATCH / DELETE?)
  • Load Policy
• Get a secret value
• Set a secret value
• Batch secret value retrieval
• Get list of resources visible to authenticating user (eg as in conjur list)

Methods

Client

Client Client(uri, account)

• Create new Conjur instance
  • uri - URI of the Conjur server. Example: https://myconjur.org.com
  • account - Name of the Conjur account

LogIn(string userName, string password)

• Login to a Conjur user
  • userName - Username of Conjur user to login as
  • password - Passwordof user

TrustedCertificates.ImportPem (string certPath)

• Add Conjur root certificate to system trust store
  • certPath = Path to cert

<Client>.Credential = new NetworkCredential(string userName, string apiKey)

• To login with an API key, use it directly
  • userName - Username of user to login as
  • apiKey - API key of user

IEnumerable<Variable> ListVariables(string query = null)

• Returns a list of variable objects
  • name="query" - Additional Query parameters, not required

uint CountVariables(string query = null)

• Count Conjur resource of kind variable
  • name="query" - Additional Query parameters, not required

Host CreateHost(string name, string hostFactoryToken)

• Creates a host using a host factory token
  • name - Name of the host to create
  • hostFactoryToken - Host factory token

Policy

Policy <Client>.Policy(string policyName)

• Create a Conjur policy object
  • policyName - Name of policy

policy.LoadPolicy(Stream policyContent)

• Load policy into Conjur
  • policyContent - The policy

Variable

Variable <Client>.Variable(string name)

• Instantiate a Variable object
  • name - Name of the variable

Boolean Check(string privilege)

• Check if the current user has specified privilege on this variable
  • privilege - string name of the privilege to check for
    • Privileges: read, create, update, delete, execute

AddSecret(string val)

• Change current Variable to val
  • val - Value to update current Variable to

String GetValue()

• Return the value of the current Variable

Improvements to release process

• Tagging of images is weird (to say the least) (Tagging of artifacts needs to be investigated and improved #50)
• Jenkinsfile outdated (Update test/build automation to be in line with other projects #51)
• Could move more process to GitHub actions (Update test/build automation to be in line with other projects #51)
  
- Release of this project to NuGet (API wrapper library is available through NuGet #17)

• Release dll artifact (Investigate releasing .dll as a project artifact #52)

Repo documentation improvements

• The documentation is solid for IDE use but not for CLI use. Was buildable with VS2019, so maybe that could be updated in the README. (Improve usage documentation #53)
• The step in USAGE says to use -h in the conjur init command, this did not work in Conjur OSS and I needed to use -u (Conjur v4 leftover?) (Improve usage documentation #53)
• Example very limited (Improve usage documentation #53)
• Needs a bit more prod-like usage example (Improve usage documentation #53)
• Needs a bit better full-spectrum usage (similar to the demo given) (Improve usage documentation #53)

Test suite improvements (in particular, tests to add to alert us early to breakages)

• Address the list of failing tests that are currently failing. This is probably from the branch being updated to work with the REST API v5 routes, but not updating the tests along with them. (Fix Failing Tests "System.TypeLoadException" #46, Fix Failing Tests Using GetToken() #45)
• Tests use mono - I'm guessing this can be made better by .NET Core move (Library is compatible with both .Net Core and Framework #24)
• Signing of the code for test artifact is pretty gnarly and uses specific certs from Rafal (Investigate code signing usage #54)
• Tests coverage low (even with the above-mentioned ones fixed) (Add code coverage to conjur-api-dotnet #35, Increase unit test coverage #55)
• No integration tests as far as I can tell (Dotnet client library tests are run against the EE #34, Add integration tests #56)

Repo standard maintenance tasks

• This branch needs to be merged into master, because master is not current with the v5 Conjur API

Enhancement requests to consider

• Although you can get manually get the environment variables and assign them to the needed variables to instantiate a Client, it would be nice if there was a built in way to do this like the Java API. In general configuration from outside of code is practically non-existent and it's not centralized. (Retrieving Environment Variables for Authentication #47)
• Adding batch secret retrieval as a feature of The API, so it doesn't need to be done in manually by user. (Add Batch Secret Retrieval #49)
• .NET Framework base should be ideally moved to .NET Core. (Library is compatible with both .Net Core and Framework #24)
• Overlapping lock objects are misused - can cause unnecessary waits (code not merged yet - no issue)
• Policy loading from file is not supported (Policy loading from file isn't supported #57)
• Much of the string interpolations in code are extremely fragile and sprinkled everywhere. (code not merged yet - no issue)
• Variables use "string" type instead of a binary format (code not merged yet - no issue)
• Policy replace/delete is missing. (Add support for policy "replace" and "delete" flags #58)
• Certificate management is lackluster (Investigate and improve API certificate management #59)

• Updates to codebase/docs from Conjur -> CyberArk (References to Conjur have been updated to CyberArk #23)



## Bugs



- Fix error handling for policy loading for users/hosts w/ api_key_enabled (unconfirmed) - (#38)

Visual Studio 2019

• When running tests without making changes: 8 Fails, 9 Passed
  • api-dotnet.test.Conjur.Test.AuthenticatorTest.TestTokenCaching
  • api-dotnet.test.Conjur.Test.AuthenticatorTest.TestTokenThreadSafe
  • api-dotnet.test.Conjur.Test.ClientTest.ActingAsTest
  • api-dotnet.test.Conjur.Test.ClientTest.TestLogin
  • api-dotnet.test.Conjur.Test.HostFactoryTest.TestCreateHost
  • api-dotnet.test.Conjur.Test.ResourceTest.TestCheck
  • api-dotnet.test.Conjur.Test.UserTest.ListUserTest
  • api-dotnet.test.Conjur.Test.VariablesTest.GetVariableTest
  • api-dotnet.test.Conjur.Test.VariablesTest.ListVariableTest

[izgeri]

@sgnn7 / @JakeQuilty I added you both here the same as in the Java card, for @JakeQuilty to review the functionality available and @sgnn7 to review the tech debt.

@JakeQuilty if you run into issues using this with Conjur OSS, please let us know right away (before continuing to profile)

[sgnn7]

I've updated the post and I'll start opening up issues for those now.