public async Task <IActionResult> Update(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets/{secretId:guid}")] ManagedSecretViewModel inputSecret,
HttpRequest req,
Guid secretId,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.SecretAdmin, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Updating Managed Secret {0}", secretId);
if (!await ManagedSecrets.ContainsIdAsync(secretId))
{
return(new BadRequestErrorMessageResult("Secret not found!"));
}
var resources = await Resources.ListAsync();
var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList();
if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id)))
{
var invalidIds = resourceIds.Where(id => !resources.Any(r => r.ObjectId == id));
log.LogError("New Managed Secret attempted to link one or more invalid Resource IDs: {0}", invalidIds);
return(new BadRequestErrorMessageResult("One or more ResourceIds not found!"));
}
ManagedSecret newManagedSecret = new ManagedSecret()
{
ObjectId = secretId,
Name = inputSecret.Name,
Description = inputSecret.Description,
ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies,
ResourceIds = resourceIds
};
await ManagedSecrets.UpdateAsync(newManagedSecret);
log.LogInformation("Updated Managed Secret '{0}'", newManagedSecret.Name);
return(new OkObjectResult(GetViewModel(newManagedSecret)));
}
public async Task <IActionResult> Get(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "managedSecrets/{secretId:guid}")] HttpRequest req,
Guid secretId,
ILogger log)
{
if (!req.IsValidUser())
{
return(new UnauthorizedResult());
}
log.LogInformation("Retrieving Managed Secret {0}.", secretId);
if (!await ManagedSecrets.ContainsIdAsync(secretId))
{
return(new BadRequestErrorMessageResult("Secret not found!"));
}
return(new OkObjectResult(GetViewModel(await ManagedSecrets.GetAsync(secretId))));
}
public async Task <IActionResult> Delete(
[HttpTrigger(AuthorizationLevel.Anonymous, "delete", Route = "managedSecrets/{secretId:guid}")] HttpRequest req,
Guid secretId,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.SecretAdmin, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Deleting Managed Secret {0}", secretId);
if (!await ManagedSecrets.ContainsIdAsync(secretId))
{
return(new BadRequestErrorMessageResult("Secret not found!"));
}
await ManagedSecrets.DeleteAsync(secretId);
log.LogInformation("Deleted Managed Secret {0}", secretId);
return(new OkResult());
}
public async Task <IActionResult> Create(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "tasks")] string secretId,
HttpRequest req,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.ServiceOperator, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Creating new Task.");
if (!await ManagedSecrets.ContainsIdAsync(Guid.Parse(secretId)))
{
return(new BadRequestErrorMessageResult("Invalid Managed Secret ID"));
}
var secret = await ManagedSecrets.GetAsync(Guid.Parse(secretId));
if (!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminCachesSignOff) &&
!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminSignsOffJustInTime))
{
return(new BadRequestErrorMessageResult("Managed Secret does not support administrator approval!"));
}
RekeyingTask newTask = new RekeyingTask()
{
Queued = DateTimeOffset.UtcNow,
Expiry = secret.Expiry,
ManagedSecretId = secret.ObjectId
};
await RekeyingTasks.CreateAsync(newTask);
return(new OkObjectResult(newTask));
}
