/// <summary>
/// Perform validation for a specific deployment task configuration
/// </summary>
/// <param name="managedCertificate"></param>
/// <param name="taskConfig"></param>
/// <returns></returns>
public async Task <List <ActionResult> > ValidateDeploymentTask(ManagedCertificate managedCertificate, DeploymentTaskConfig taskConfig)
{
var provider = DeploymentTaskProviderFactory.Create(taskConfig.TaskTypeId.ToLower(), _pluginManager.DeploymentTaskProviders);
Dictionary <string, string> credentials = null;
if (!string.IsNullOrEmpty(taskConfig.ChallengeCredentialKey))
{
credentials = await _credentialsManager.GetUnlockedCredentialsDictionary(taskConfig.ChallengeCredentialKey);
}
try
{
var execParams = new DeploymentTaskExecutionParams(null, _credentialsManager, managedCertificate, taskConfig, credentials, true, provider.GetDefinition(), CancellationToken.None, new DeploymentContext {
PowershellExecutionPolicy = _serverConfig.PowershellExecutionPolicy
});
var validationResult = await provider.Validate(execParams);
return(validationResult);
}
catch (Exception exp)
{
return(new List <ActionResult> {
new ActionResult("Failed to validate task: " + exp.ToString(), false)
});
}
}
public async Task <List <ActionResult> > ValidateDeploymentTask(ManagedCertificate managedCertificate, DeploymentTaskConfig taskConfig)
{
var credentialsManager = new CredentialsManager();
var provider = DeploymentTaskProviderFactory.Create(taskConfig.TaskTypeId.ToLower(), _pluginManager.DeploymentTaskProviders);
Dictionary <string, string> credentials = null;
if (!string.IsNullOrEmpty(taskConfig.ChallengeCredentialKey))
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(taskConfig.ChallengeCredentialKey);
}
try
{
var validationResult = await provider.Validate(managedCertificate, taskConfig, credentials, provider.GetDefinition());
return(validationResult);
}
catch (Exception exp)
{
return(new List <ActionResult> {
new ActionResult("Failed to validate task: " + exp.ToString(), false)
});
}
}
public async Task TestGetAllDeploymentTaskProviders()
{
var allProviders = await DeploymentTaskProviderFactory.GetDeploymentTaskProviders(_pluginManager.DeploymentTaskProviders);
// all providers have a unique title
Assert.IsTrue(allProviders.Select(p => p.Title).Distinct().Count() == allProviders.Count);
// all providers have a unique id
Assert.IsTrue(allProviders.Select(p => p.Id).Distinct().Count() == allProviders.Count);
// all providers have a unique description
Assert.IsTrue(allProviders.Select(p => p.Description).Distinct().Count() == allProviders.Count);
}
public async Task <List <ActionResult> > ValidateDeploymentTask(ManagedCertificate managedCertificate, DeploymentTaskConfig taskConfig)
{
var credentialsManager = new CredentialsManager();
var provider = DeploymentTaskProviderFactory.Create(taskConfig.TaskTypeId.ToLower(), _pluginManager.DeploymentTaskProviders);
Dictionary <string, string> credentials = null;
if (!string.IsNullOrEmpty(taskConfig.ChallengeCredentialKey))
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(taskConfig.ChallengeCredentialKey);
}
return(await provider.Validate(managedCertificate, taskConfig, credentials, provider.GetDefinition()));
}
public async Task TestDeployToKeyVault()
{
var deploymentTasks = new List <DeploymentTask>();
var azureKeyVaultUri = ConfigSettings["Azure_TestKeyVaultUri"];
var inputFile = ConfigSettings["TestLocalPath"] + "\\testcert.pfx";
var tasktypeId = Plugin.DeploymentTasks.Azure.AzureKeyVault.Definition.Id.ToLower();
var config = new DeploymentTaskConfig
{
TaskTypeId = tasktypeId,
TaskName = "A test pfx export task",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("vault_uri", azureKeyVaultUri)
}
};
var credentialsManager = new CredentialsManager();
var credentials = await credentialsManager.GetUnlockedCredentialsDictionary(ConfigSettings["TestCredentialsKey_AzureKeyVault"]);
var provider = DeploymentTaskProviderFactory.Create(tasktypeId, _pluginManager.DeploymentTaskProviders);
var t = new DeploymentTask(provider, config, credentials);
deploymentTasks.Add(t);
// perform preview deployments
var managedCert = GetMockManagedCertificate("DeploymentTest", "123", PrimaryTestDomain, PrimaryIISRoot);
managedCert.CertificatePath = inputFile;
foreach (var task in deploymentTasks)
{
var results = await task.Execute(_log, null, managedCert, CancellationToken.None, new DeploymentContext { }, isPreviewOnly : false);
// assert new valid pfx exists in destination
Assert.IsTrue(results.All(r => r.IsSuccess));
}
}
public async Task TestServiceManagerValidation()
{
var taskTypeId = Certify.Providers.DeploymentTasks.ServiceManager.Definition.Id.ToLower();
var provider = DeploymentTaskProviderFactory.Create(taskTypeId, _pluginManager.DeploymentTaskProviders);
var svcName = "aspnet_state";
var restartTaskConfig = new DeploymentTaskConfig
{
TaskTypeId = taskTypeId,
TaskName = "A test service manager task restart",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("servicename", svcName),
new ProviderParameterSetting("action", "restart"),
new ProviderParameterSetting("maxwait", "20")
}
};
var managedCert = GetMockManagedCertificate("Test", "123", PrimaryTestDomain, PrimaryIISRoot);
List <ActionResult> results = new List <ActionResult>();
var task = new DeploymentTask(provider, restartTaskConfig, null);
var validationResult = await task.TaskProvider.Validate(
new DeploymentTaskExecutionParams(
_log,
null,
managedCert,
task.TaskConfig,
null,
isPreviewOnly : false,
task.TaskProvider.GetDefinition(), CancellationToken.None,
new DeploymentContext {
}
)
);
Assert.IsFalse(validationResult.Any());
}
public async Task TestPemApacheExport()
{
var deploymentTasks = new List <DeploymentTask>();
var outputPath = ConfigSettings["TestLocalPath"] + "\\test_pfx_export";
var config = new DeploymentTaskConfig
{
TaskTypeId = Certify.Providers.DeploymentTasks.Apache.Definition.Id.ToLower(),
TaskName = "A test Apache export task",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("path_cert", outputPath + ".crt"),
new ProviderParameterSetting("path_key", outputPath + ".key"),
new ProviderParameterSetting("path_chain", outputPath + ".chain")
}
};
var provider = DeploymentTaskProviderFactory.Create(Certify.Providers.DeploymentTasks.Apache.Definition.Id.ToLower(), _pluginManager.DeploymentTaskProviders);
var t = new DeploymentTask(provider, config, null);
deploymentTasks.Add(t);
// perform preview deployments
var managedCert = GetMockManagedCertificate("LocalApacheDeploymentTest", "123", PrimaryTestDomain, PrimaryIISRoot);
foreach (var task in deploymentTasks)
{
var result = await task.Execute(_log, null, managedCert, CancellationToken.None, new DeploymentContext { }, isPreviewOnly : false);
}
// assert output exists in destination
Assert.IsTrue(File.Exists(outputPath + ".crt"));
Assert.IsTrue(File.Exists(outputPath + ".key"));
Assert.IsTrue(File.Exists(outputPath + ".chain"));
File.Delete(outputPath + ".crt");
File.Delete(outputPath + ".key");
File.Delete(outputPath + ".chain");
}
public async Task TestServiceManager()
{
var deploymentTasks = new List <DeploymentTask>();
var taskTypeId = Certify.Providers.DeploymentTasks.ServiceManager.Definition.Id.ToLower();
var provider = DeploymentTaskProviderFactory.Create(taskTypeId, _pluginManager.DeploymentTaskProviders);
var svcName = "aspnet_state";
var restartTaskConfig = new DeploymentTaskConfig
{
TaskTypeId = taskTypeId,
TaskName = "A test service manager task restart",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("servicename", svcName),
new ProviderParameterSetting("action", "restart"),
new ProviderParameterSetting("maxwait", "20")
}
};
deploymentTasks.Add(new DeploymentTask(provider, restartTaskConfig, null));
var stopTaskConfig = new DeploymentTaskConfig
{
TaskTypeId = taskTypeId,
TaskName = "A test service manager task stop",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("servicename", svcName),
new ProviderParameterSetting("action", "stop"),
new ProviderParameterSetting("maxwait", "20")
}
};
deploymentTasks.Add(new DeploymentTask(provider, stopTaskConfig, null));
var startTaskConfig = new DeploymentTaskConfig
{
TaskTypeId = taskTypeId,
TaskName = "A test service manager task start",
ChallengeProvider = StandardAuthTypes.STANDARD_AUTH_LOCAL,
Parameters = new List <ProviderParameterSetting>
{
new ProviderParameterSetting("servicename", svcName),
new ProviderParameterSetting("action", "start"),
new ProviderParameterSetting("maxwait", "20")
}
};
deploymentTasks.Add(new DeploymentTask(provider, startTaskConfig, null));
// perform preview deployments
var managedCert = GetMockManagedCertificate("Test", "123", PrimaryTestDomain, PrimaryIISRoot);
List <ActionResult> results = new List <ActionResult>();
foreach (var task in deploymentTasks)
{
results.AddRange(await task.Execute(_log, null, managedCert, CancellationToken.None, new DeploymentContext {
}, isPreviewOnly: false));
}
// assert output exists in destination
Assert.IsTrue(results.All(r => r.IsSuccess == true));
}
private async Task <List <ActionStep> > PerformTaskList(ILog log, bool isPreviewOnly, bool skipDeferredTasks, CertificateRequestResult result, IEnumerable <DeploymentTaskConfig> taskList, bool forceTaskExecute = false)
{
if (taskList == null || !taskList.Any())
{
// nothing to do
return(new List <ActionStep>());
}
if (log == null)
{
log = ManagedCertificateLog.GetLogger(result.ManagedItem.Id, _loggingLevelSwitch);
}
// perform or preview each task
var deploymentTasks = new List <DeploymentTask>();
var steps = new List <ActionStep>();
foreach (var taskConfig in taskList)
{
// add task to execution list unless the task is deferred/manual and we are currently skipping deferred tasks
if (taskConfig.TaskTrigger != TaskTriggerType.MANUAL || (taskConfig.TaskTrigger == TaskTriggerType.MANUAL && !skipDeferredTasks))
{
try
{
var provider = DeploymentTaskProviderFactory.Create(taskConfig.TaskTypeId.ToLower(), _pluginManager.DeploymentTaskProviders);
Dictionary <string, string> credentials = null;
if (!string.IsNullOrEmpty(taskConfig.ChallengeCredentialKey))
{
credentials = await _credentialsManager.GetUnlockedCredentialsDictionary(taskConfig.ChallengeCredentialKey);
}
var deploymentTask = new DeploymentTask(provider, taskConfig, credentials);
deploymentTasks.Add(deploymentTask);
}
catch (Exception exp)
{
steps.Add(new ActionStep {
HasError = true, Title = "Task: " + taskConfig.TaskName, Description = "Cannot create task provider for deployment task: " + exp.ToString()
});
}
}
}
ActionStep previousActionStep = null;
bool shouldRunCurrentTask = true;
string taskTriggerReason = "Task will run for any status";
foreach (var task in deploymentTasks)
{
if (previousActionStep != null && (previousActionStep.HasError && !task.TaskConfig.RunIfLastStepFailed))
{
shouldRunCurrentTask = false;
taskTriggerReason = "Task will not run because previous task failed.";
}
else
{
if (task.TaskConfig.TaskTrigger == TaskTriggerType.ANY_STATUS)
{
shouldRunCurrentTask = true;
taskTriggerReason = "Task will run for any status";
}
else if (task.TaskConfig.TaskTrigger == TaskTriggerType.NOT_ENABLED)
{
shouldRunCurrentTask = false;
taskTriggerReason = "Task is not enabled and will be skipped.";
}
else if (task.TaskConfig.TaskTrigger == TaskTriggerType.ON_SUCCESS)
{
if (result != null && (!result.Abort && result.IsSuccess))
{
shouldRunCurrentTask = true;
taskTriggerReason = "Task is enabled and primary request was successful.";
}
else
{
shouldRunCurrentTask = false;
taskTriggerReason = "Task is enabled but will not run because primary request unsuccessful.";
}
}
else if (task.TaskConfig.TaskTrigger == TaskTriggerType.ON_ERROR)
{
if (result != null && (!result.Abort && result.IsSuccess))
{
shouldRunCurrentTask = false;
taskTriggerReason = "Task is enabled but will not run because primary request was successful.";
}
else
{
shouldRunCurrentTask = true;
taskTriggerReason = "Task is enabled and will run because primary request was unsuccessful.";
}
}
else if (task.TaskConfig.TaskTrigger == TaskTriggerType.MANUAL)
{
if (skipDeferredTasks)
{
shouldRunCurrentTask = false;
taskTriggerReason = "Task is enabled but will not run because execution is deferred/manual.";
}
else
{
shouldRunCurrentTask = true;
taskTriggerReason = "Task is enabled and will run because deferred/manual tasks are not being skipped.";
}
}
}
if (forceTaskExecute == true)
{
if (!shouldRunCurrentTask)
{
shouldRunCurrentTask = true;
taskTriggerReason = $"Task is being has been forced to run. Normal status would be [{taskTriggerReason}]";
}
}
var taskResults = new List <ActionResult>();
if (shouldRunCurrentTask)
{
log.Information($"Task [{task.TaskConfig.TaskName}] :: {taskTriggerReason}");
task.TaskConfig.DateLastExecuted = DateTime.Now;
taskResults = await task.Execute(log, result, CancellationToken.None, isPreviewOnly : isPreviewOnly);
if (!isPreviewOnly)
{
if (taskResults?.All(t => t.IsSuccess) == true)
{
_tc?.TrackEvent("TaskCompleted", new Dictionary <string, string> {
{ "TaskType", task.TaskConfig.TaskTypeId }
});
}
else
{
if (!forceTaskExecute)
{
_tc?.TrackEvent("TaskFailed", new Dictionary <string, string> {
{ "TaskType", task.TaskConfig.TaskTypeId }
});
}
}
}
}
else
{
taskResults.Add(new ActionResult($"Task [{task.TaskConfig.TaskName}] :: {taskTriggerReason}", true));
}
var subSteps = new List <ActionStep>();
var stepIndex = 1;
foreach (var r in taskResults)
{
subSteps.Add(new ActionStep
{
HasError = !r.IsSuccess,
Description = r.Message,
Title = $"Task Step {stepIndex} of {task.TaskConfig.TaskName}",
Key = task.TaskConfig.Id + "_" + stepIndex,
Category = "Task Step"
});
if (r.IsSuccess)
{
log?.Information(r.Message);
}
else
{
log?.Error(r.Message);
}
stepIndex++;
}
var overallTaskResult = "Unknown";
if (taskResults != null && taskResults.Any(t => t.IsSuccess == false))
{
overallTaskResult = taskResults.First(t => t.IsSuccess == false).Message;
}
else
{
if (isPreviewOnly)
{
overallTaskResult = taskTriggerReason;
}
else
{
if (shouldRunCurrentTask)
{
overallTaskResult = "Task Completed OK";
}
else
{
overallTaskResult = taskTriggerReason;
}
}
}
var hasError = (taskResults != null && taskResults.Any(t => t.IsSuccess == false) ? true : false);
var currentStep = new ActionStep
{
Key = task.TaskConfig.Id,
Title = task.TaskConfig.TaskName,
Category = "Task",
HasError = hasError,
Description = overallTaskResult,
HasWarning = !shouldRunCurrentTask,
Substeps = subSteps
};
task.TaskConfig.LastRunStatus = hasError ? RequestState.Error : RequestState.Success;
task.TaskConfig.LastResult = overallTaskResult;
steps.Add(currentStep);
previousActionStep = currentStep;
}
return(steps);
}
/// <summary>
/// Get the current definition for a provider including dynamic elements affected by the given config
/// </summary>
/// <param name="id"></param>
/// <param name="config"></param>
/// <returns></returns>
public async Task <DeploymentProviderDefinition> GetDeploymentProviderDefinition(string id, DeploymentTaskConfig config = null)
{
var provider = DeploymentTaskProviderFactory.Create(id, _pluginManager.DeploymentTaskProviders);
return(provider.GetDefinition());
}
public async Task <List <ActionStep> > PerformDeploymentTask(ILog log, string managedCertificateId, string taskId, bool isPreviewOnly, bool skipDeferredTasks)
{
var steps = new List <ActionStep>();
var managedCert = await GetManagedCertificate(managedCertificateId);
if (managedCert == null)
{
steps.Add(new ActionStep {
HasError = true, Title = "Deployment", Description = "Managed certificate not found. Could not deploy."
});
}
if (log == null)
{
log = ManagedCertificateLog.GetLogger(managedCert.Id, _loggingLevelSwitch);
}
// perform or preview each task
var credentialsManager = new CredentialsManager();
var deploymentTasks = new List <DeploymentTask>();
var taskList = managedCert.DeploymentTasks?.Where(t => string.IsNullOrEmpty(taskId) || taskId == t.Id);
foreach (var taskConfig in taskList)
{
// add task to execution list unless the task is deferred and we are currently skipping deferred tasks
if (!taskConfig.IsDeferred || (taskConfig.IsDeferred && !skipDeferredTasks))
{
try
{
var provider = DeploymentTaskProviderFactory.Create(taskConfig.TaskTypeId.ToLower(), _pluginManager.DeploymentTaskProviders);
Dictionary <string, string> credentials = null;
if (!string.IsNullOrEmpty(taskConfig.ChallengeCredentialKey))
{
credentials = await credentialsManager.GetUnlockedCredentialsDictionary(taskConfig.ChallengeCredentialKey);
}
var deploymentTask = new DeploymentTask(provider, taskConfig, credentials);
deploymentTasks.Add(deploymentTask);
}
catch (Exception exp)
{
steps.Add(new ActionStep {
HasError = true, Title = "Deployment Task: " + taskConfig.TaskName, Description = "Cannot create task provider for deployment task: " + exp.ToString()
});
}
}
}
foreach (var task in deploymentTasks)
{
var results = await task.Execute(log, managedCert, isPreviewOnly : isPreviewOnly);
foreach (var r in results)
{
steps.Add(new ActionStep {
HasError = !r.IsSuccess, Description = r.Message
});
}
}
return(steps);
}
