fixes #129

Support for Transform Secrets Engine

CHANGELOG.md

@@ -22,6 +22,7 @@
 **ENTERPRISE VAULT FEATURES:**
 
   * [GH-122] Add support for ```KMIP``` Secrets Engine.
+  * [GH-129] Add support for ```Transform``` Secrets Engine.
 
 **BREAKING CHANGES:**
 

README.md

@@ -1019,6 +1019,54 @@ This endpoint deletes the key definition.
 await vaultClient.V1.Secrets.TOTP.DeleteKeyAsync(keyName);
 ```
 
+#### Transform Secrets Engine
+
+##### Encode Method
+
+###### Encode Single Item
+
+```cs
+
+var encodeOptions = new EncodeRequestOptions { Value = "ipsem" };
+Secret<EncodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transit.EncodeAsync(roleName, encodeOptions);
+response.Data.EncodedText;
+
+```
+
+###### Encode Batched Items
+
+```cs
+var encodeOptions = new EncodeRequestOptions 
+{ 
+  BatchItems = new List<EncodingItem> { new EncodingItem { Value = "ipsem1" }, new EncodingItem { Value = "ipsem2" } }
+};
+
+Secret<EncodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transit.EncodeAsync(roleName, encodeOptions);
+response.Data.BatchResults;
+```
+
+##### Decode Method
+
+###### Decode Single Item
+
+```cs
+var decodeOptions = new DecodeRequestOptions { Value = "ipsem" };
+Secret<DecodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transit.DecodeAsync(roleName, decodeOptions);
+response.Data.DecodedText;
+```
+
+###### Decode Batched Item
+
+```cs
+var decodeOptions = new DecodeRequestOptions 
+{ 
+  BatchItems = new List<DecodingItem> { new DecodingItem { Value = "ipsem1" }, new DecodingItem { Value = "ipsem2" } }
+};
+
+Secret<DecodedResponse> response = await _authenticatedVaultClient.V1.Secrets.Transit.DecodeAsync(roleName, decodeOptions);
+response.Data.BatchResults;
+```
+
 #### Transit Secrets Engine
 
 ##### Encrypt Method

src/VaultSharp/V1/SecretsEngines/ISecretsEngine.cs

@@ -17,6 +17,7 @@
 using VaultSharp.V1.SecretsEngines.RabbitMQ;
 using VaultSharp.V1.SecretsEngines.SSH;
 using VaultSharp.V1.SecretsEngines.TOTP;
+using VaultSharp.V1.SecretsEngines.Transform;
 using VaultSharp.V1.SecretsEngines.Transit;
 
 namespace VaultSharp.V1.SecretsEngines
@@ -121,6 +122,11 @@ public interface ISecretsEngine
         /// </summary>
         ITOTPSecretsEngine TOTP { get; }
 
+        /// <summary>
+        /// The Transform Secrets Engine.
+        /// </summary>
+        ITransformSecretsEngine Transform { get; }
+
         /// <summary>
         /// The Transit Secrets Engine.
         /// </summary>

src/VaultSharp/V1/SecretsEngines/SecretsEngineDefaultPaths.cs

@@ -24,6 +24,7 @@ public class SecretsEngineDefaultPaths
         public const string RabbitMQ = "rabbitmq";
         public const string SSH = "ssh";
         public const string TOTP = "totp";
+        public const string Transform = "transform";
         public const string Transit = "transit";
 
         public const string Cassandra = "cassandra";

src/VaultSharp/V1/SecretsEngines/SecretsEngineProvider.cs

@@ -18,6 +18,7 @@
 using VaultSharp.V1.SecretsEngines.RabbitMQ;
 using VaultSharp.V1.SecretsEngines.SSH;
 using VaultSharp.V1.SecretsEngines.TOTP;
+using VaultSharp.V1.SecretsEngines.Transform;
 using VaultSharp.V1.SecretsEngines.Transit;
 
 namespace VaultSharp.V1.SecretsEngines
@@ -45,6 +46,7 @@ public SecretsEngineProvider(Polymath polymath)
             RabbitMQ = new RabbitMQSecretsEngineProvider(polymath);
             SSH = new SSHSecretsEngineProvider(polymath);
             TOTP = new TOTPSecretsEngineProvider(polymath);
+            Transform = new TransformSecretsEngineProvider(polymath);
             Transit = new TransitSecretsEngineProvider(polymath);
         }
 
@@ -86,6 +88,8 @@ public SecretsEngineProvider(Polymath polymath)
 
         public ITOTPSecretsEngine TOTP { get; }
 
+        public ITransformSecretsEngine Transform { get; }
+
         public ITransitSecretsEngine Transit { get; }
     }
 }

src/VaultSharp/V1/SecretsEngines/Transform/DecodeRequestOptions.cs

@@ -0,0 +1,19 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Represents the Decode Request Options.
+    /// </summary>
+    public class DecodeRequestOptions : DecodingItem
+    {
+        /// <summary>
+        /// Specifies the transformation within the role that should be used for this decode operation. 
+        /// If a single transformation exists for role, this parameter may be skipped and will be inferred. 
+        /// If multiple transformations exist, one must be specified.
+        /// </summary>
+        [JsonProperty("batch_input")]
+        public List<DecodingItem> BatchItems { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/DecodedItem.cs

@@ -0,0 +1,22 @@
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Represents a single Decoded item.
+    /// </summary>
+    public class DecodedItem
+    {
+        /// <summary>
+        /// Specifies the decoded value.
+        /// </summary>
+        [JsonProperty("decoded_value")]
+        public string DecodedValue { get; set; }
+
+        /// <summary>
+        /// Specifies the base64 encoded tweak that was provided during encoding.
+        /// </summary>
+        [JsonProperty("tweak")]
+        public string Tweak { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/DecodedResponse.cs

@@ -0,0 +1,17 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Response for decoding.
+    /// </summary>
+    public class DecodedResponse : DecodedItem
+    {
+        /// <summary>
+        /// Decoded items.
+        /// </summary>
+        [JsonProperty("batch_results")]
+        public List<DecodedItem> DecodedItems { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/DecodingItem.cs

@@ -0,0 +1,31 @@
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Represents a single Decoding item.
+    /// </summary>
+    public class DecodingItem
+    {
+        /// <summary>
+        /// Specifies the value to be decoded.
+        /// </summary>
+        [JsonProperty("value")]
+        public string Value { get; set; }
+
+        /// <summary>
+        /// Specifies the transformation within the role that should be used for this decode operation. 
+        /// If a single transformation exists for role, this parameter may be skipped and will be inferred. 
+        /// If multiple transformations exist, one must be specified.
+        /// </summary>
+        [JsonProperty("transformation")]
+        public string Transformation { get; set; }
+
+        /// <summary>
+        /// Specifies the base64 decoded tweak to use. 
+        /// Only applicable for FPE transformations with supplied as the tweak source.
+        /// </summary>
+        [JsonProperty("tweak")]
+        public string Tweak { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/EncodeRequestOptions.cs

@@ -0,0 +1,19 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Represents the Encode Request Options.
+    /// </summary>
+    public class EncodeRequestOptions : EncodingItem
+    {
+        /// <summary>
+        /// Specifies a list of items to be encoded in a single batch. 
+        /// When this parameter is set, the 'value', 'transformation' and 'tweak' parameters are ignored. 
+        /// Instead, the aforementioned parameters should be provided within each object in the list.
+        /// </summary>
+        [JsonProperty("batch_input")]
+        public List<EncodingItem> BatchItems { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/EncodedItem.cs

@@ -0,0 +1,22 @@
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Represents a single Encoded item.
+    /// </summary>
+    public class EncodedItem
+    {
+        /// <summary>
+        /// Specifies the encoded value.
+        /// </summary>
+        [JsonProperty("encoded_value")]
+        public string EncodedValue { get; set; }
+
+        /// <summary>
+        /// Specifies the base64 encoded tweak that was provided during encoding.
+        /// </summary>
+        [JsonProperty("tweak")]
+        public string Tweak { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/EncodedResponse.cs

@@ -0,0 +1,17 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Response for encoding.
+    /// </summary>
+    public class EncodedResponse : EncodedItem
+    {
+        /// <summary>
+        /// Encoded items.
+        /// </summary>
+        [JsonProperty("batch_results")]
+        public List<EncodedItem> EncodedItems { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/EncodingItem.cs

@@ -0,0 +1,31 @@
+using Newtonsoft.Json;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// Represents a single Encoding item.
+    /// </summary>
+    public class EncodingItem
+    {
+        /// <summary>
+        /// Specifies the value to be encoded.
+        /// </summary>
+        [JsonProperty("value")]
+        public string Value { get; set; }
+
+        /// <summary>
+        /// Specifies the transformation within the role that should be used for this encode operation. 
+        /// If a single transformation exists for role, this parameter may be skipped and will be inferred. 
+        /// If multiple transformations exist, one must be specified.
+        /// </summary>
+        [JsonProperty("transformation")]
+        public string Transformation { get; set; }
+
+        /// <summary>
+        /// Specifies the base64 encoded tweak to use. 
+        /// Only applicable for FPE transformations with supplied as the tweak source.
+        /// </summary>
+        [JsonProperty("tweak")]
+        public string Tweak { get; set; }
+    }
+}

src/VaultSharp/V1/SecretsEngines/Transform/ITransformSecretsEngine.cs

@@ -0,0 +1,57 @@
+using System.Threading.Tasks;
+using VaultSharp.V1.Commons;
+
+namespace VaultSharp.V1.SecretsEngines.Transform
+{
+    /// <summary>
+    /// The Transform Secrets Engine.
+    /// </summary>
+    public interface ITransformSecretsEngine
+    {
+        /// <summary>
+        /// This endpoint encodes the provided value using a named role.
+        /// </summary>
+        /// <param name="roleName">
+        /// [required]
+        /// Specifies the role name to use for this operation.
+        /// </param>
+        /// <param name="encodeRequestOptions"><para>[required]</para>
+        /// The options.
+        /// </param>
+        /// <param name="mountPoint"><para>[optional]</para>
+        /// The mount point for the Transform backend. Defaults to <see cref="SecretsEngineDefaultPaths.Transform" />
+        /// Provide a value only if you have customized the mount point.
+        /// </param>
+        /// <param name="wrapTimeToLive">
+        /// <para>[optional]</para>
+        /// The TTL for the token and can be either an integer number of seconds or a string duration of seconds.
+        /// </param>
+        /// <returns>
+        /// The secret with encoded text.
+        /// </returns>
+        Task<Secret<EncodedResponse>> EncodeAsync(string roleName, EncodeRequestOptions encodeRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transform, string wrapTimeToLive = null);
+
+        /// <summary>
+        /// This endpoint decodes the provided value using a named role.
+        /// </summary>
+        /// <param name="roleName">
+        /// [required]
+        /// Specifies the role name to use for this operation.
+        /// </param>
+        /// <param name="decodeRequestOptions"><para>[required]</para>
+        /// The options.
+        /// </param>
+        /// <param name="mountPoint"><para>[optional]</para>
+        /// The mount point for the Transform backend. Defaults to <see cref="SecretsEngineDefaultPaths.Transform" />
+        /// Provide a value only if you have customized the mount point.
+        /// </param>
+        /// <param name="wrapTimeToLive">
+        /// <para>[optional]</para>
+        /// The TTL for the token and can be either an integer number of seconds or a string duration of seconds.
+        /// </param>
+        /// <returns>
+        /// The secret with decoded text.
+        /// </returns>
+        Task<Secret<DecodedResponse>> DecodeAsync(string roleName, DecodeRequestOptions decodeRequestOptions, string mountPoint = SecretsEngineDefaultPaths.Transform, string wrapTimeToLive = null);
+    }
+}