/// <summary>
/// Removes the secret with the given <paramref name="secretName"/> from the cache;
/// so the next time <see cref="ISecretProvider.GetSecretAsync(string)"/> is called, a new version of the secret will be added back to the cache.
/// </summary>
/// <param name="secretName">The name of the secret that should be removed from the cache.</param>
public async Task InvalidateSecretAsync(string secretName)
{
Guard.NotNullOrWhitespace(secretName, nameof(secretName), "Requires a non-blank secret name when mutating secret names");
await SafeguardMutateSecretAsync(secretName, async mutatedSecretName =>
{
await _implementation.InvalidateSecretAsync(mutatedSecretName);
});
}
/// <summary>
/// Removes the secret with the given <paramref name="secretName"/> from the cache;
/// so the next time <see cref="CachedSecretProvider.GetSecretAsync(string)"/> is called, a new version of the secret will be added back to the cache.
/// </summary>
/// <param name="secretName">The name of the secret that should be removed from the cache.</param>
public async Task InvalidateSecretAsync(string secretName)
{
Guard.NotNullOrWhitespace(secretName, nameof(secretName));
ICachedSecretProvider provider = await WithCachedSecretStoreAsync(secretName, async source =>
{
Secret secret = await source.CachedSecretProvider.GetSecretAsync(secretName);
return(secret is null ? null : source.CachedSecretProvider);
});
await provider.InvalidateSecretAsync(secretName);
}
/// <summary>
/// Process a new message that was received
/// </summary>
/// <param name="message">Message that was received</param>
/// <param name="messageContext">Context providing more information concerning the processing</param>
/// <param name="correlationInfo">
/// Information concerning correlation of telemetry and processes by using a variety of unique
/// identifiers
/// </param>
/// <param name="cancellationToken">Cancellation token</param>
public async Task ProcessMessageAsync(
CloudEvent message,
AzureServiceBusMessageContext messageContext,
MessageCorrelationInfo correlationInfo,
CancellationToken cancellationToken)
{
Guard.NotNull(message, nameof(message), "Cannot invalidate Azure KeyVault secret from a 'null' CloudEvent");
var secretNewVersionCreated = message.GetPayload <SecretNewVersionCreated>();
if (secretNewVersionCreated is null)
{
throw new CloudException(
"Azure Key Vault job cannot map Event Grid event to CloudEvent because the event data isn't recognized as a 'SecretNewVersionCreated' schema");
}
await _cachedSecretProvider.InvalidateSecretAsync(secretNewVersionCreated.ObjectName);
_logger.LogInformation("Invalidated Azure Key Vault '{SecretName}' secret in vault '{VaultName}'", secretNewVersionCreated.ObjectName, secretNewVersionCreated.VaultName);
}
/// <summary>
/// Removes the secret with the given <paramref name="secretName" /> from the cache;
/// so the next time <see cref="M:Arcus.Security.Core.Caching.CachedSecretProvider.GetSecretAsync(System.String)" /> is called, a new version of the secret will be added back to the cache.
/// </summary>
/// <param name="secretName">The name of the secret that should be removed from the cache.</param>
public async Task InvalidateSecretAsync(string secretName)
{
Guard.NotNullOrWhitespace(secretName, nameof(secretName), "Requires a non-blank secret name to invalidate the secret");
await WhenAuthorized(() => _cachedSecretProvider.InvalidateSecretAsync(secretName));
}
