private void AppendSecurity(ServiceFabricClientBuilder builder, Manifest manifest)
{
if (!string.IsNullOrWhiteSpace(manifest.ClusterDetails.FindByValue))
{
builder.UseX509Security(_ =>
{
var certificate = FindCertificate(manifest.ClusterDetails);
var remoteSettings = new RemoteX509SecuritySettings(
new List <string>(new[] { certificate.Thumbprint }));
var settings = new X509SecuritySettings(certificate, remoteSettings);
return(Task.FromResult <SecuritySettings>(settings));
});
}
}
/// <inheritdoc />
protected override void ProcessRecordInternal()
{
if (this.ConnectionEndpoint == null)
{
if (!this.TryConfiguringDefaultConnect())
{
throw new InvalidOperationException("Cluster Connection Information is not provided. Please try connecting again with correct connection information.");
}
}
// Create Builder
var builder = new ServiceFabricClientBuilder()
.UseEndpoints(this.ConnectionEndpoint.Select(e => new Uri(e)).ToArray());
// Configure Security for builder
if (this.WindowsCredential.IsPresent)
{
builder.UseWindowsSecurity();
}
else if (this.X509Credential.IsPresent)
{
var remoteX509SecuritySettings = this.GetServerX509SecuritySettings();
Func <CancellationToken, Task <SecuritySettings> > securitySettings;
if (this.ClientCertificate == null)
{
var clientCert = CredentialsUtil.GetCertificate(this.StoreLocation, this.StoreName, this.FindValue, this.FindType);
if (clientCert == null)
{
throw new PSInvalidOperationException(Resource.ErrorLoadingClientCertificate);
}
securitySettings = (ct) => Task.FromResult <SecuritySettings>(new X509SecuritySettings(clientCert, remoteX509SecuritySettings));
}
else
{
securitySettings = (ct) => Task.FromResult <SecuritySettings>(new X509SecuritySettings(this.ClientCertificate, remoteX509SecuritySettings));
}
builder.UseX509Security(securitySettings);
}
else if (this.AzureActiveDirectory.IsPresent)
{
var remoteX509SecuritySettings = this.GetServerX509SecuritySettings();
Func <CancellationToken, Task <SecuritySettings> > securitySettings;
if (this.GetMetadata.IsPresent)
{
securitySettings = (ct) => Task.FromResult <SecuritySettings>(new AzureActiveDirectorySecuritySettings("DummyTokenToGetMetadata", remoteX509SecuritySettings));
}
else
{
if (this.SecurityToken != null)
{
securitySettings = (ct) => Task.FromResult <SecuritySettings>(new AzureActiveDirectorySecuritySettings(this.SecurityToken, remoteX509SecuritySettings));
}
else
{
securitySettings = (ct) => Task.FromResult <SecuritySettings>(new AzureActiveDirectorySecuritySettings(CredentialsUtil.GetAccessTokenAsync, remoteX509SecuritySettings));
}
}
builder.UseAzureActiveDirectorySecurity(securitySettings);
}
else if (this.DSTS.IsPresent)
{
var remoteX509SecuritySettings = this.GetServerX509SecuritySettings();
Func <CancellationToken, Task <SecuritySettings> > securitySettings =
(ct) => Task.FromResult <SecuritySettings>(new DstsClaimsSecuritySettings(CredentialsUtil.GetAccessTokenDstsAsync, remoteX509SecuritySettings));
builder.UseClaimsSecurity(securitySettings);
}
// build the client
var client = builder.BuildAsync(cancellationToken: this.CancellationToken).GetAwaiter().GetResult() as ServiceFabricHttpClient;
// set the client type for Telemetry on HttpGateway.
client.ClientTypeHeaderValue = Constants.PowershellClientTypeHeaderValue;
if (this.GetMetadata.IsPresent)
{
var aadMetadata = client.Cluster.GetAadMetadataAsync(cancellationToken: this.CancellationToken).GetAwaiter().GetResult().Metadata;
var result = new PSObject();
result.Properties.Add(new PSNoteProperty(nameof(aadMetadata.Authority), aadMetadata.Authority));
result.Properties.Add(new PSNoteProperty(nameof(aadMetadata.Client), aadMetadata.Client));
result.Properties.Add(new PSNoteProperty(nameof(aadMetadata.Cluster), aadMetadata.Cluster));
result.Properties.Add(new PSNoteProperty(nameof(aadMetadata.Login), aadMetadata.Login));
result.Properties.Add(new PSNoteProperty(nameof(aadMetadata.Redirect), aadMetadata.Redirect));
result.Properties.Add(new PSNoteProperty(nameof(aadMetadata.Tenant), aadMetadata.Tenant));
this.WriteObject(result);
}
else
{
client.Cluster.GetClusterManifestAsync(cancellationToken: this.CancellationToken).GetAwaiter().GetResult();
Console.WriteLine(Resource.MsgConnectSuccess);
this.SetClusterConnection(client);
}
}