private async Task CreateAndNotify(IEnumerable <RekeyingTask> tasks)
{
if (!tasks.Any())
{
return;
}
await Task.WhenAll(tasks.Select(t => RekeyingTasks.CreateAsync(t)));
foreach (var task in tasks)
{
var secret = await ManagedSecrets.GetAsync(task.ManagedSecretId);
if (task.ConfirmationType == TaskConfirmationStrategies.AdminCachesSignOff ||
task.ConfirmationType == TaskConfirmationStrategies.AdminSignsOffJustInTime)
{
await NotificationProvider.DispatchNotification_AdminApprovalRequiredTaskCreated(
secret.AdminEmails.ToArray(), task);
}
else if (task.ConfirmationType == TaskConfirmationStrategies.AutomaticRekeyingAsNeeded ||
task.ConfirmationType == TaskConfirmationStrategies.AutomaticRekeyingScheduled)
{
await NotificationProvider.DispatchNotification_AutoRekeyingTaskCreated(
secret.AdminEmails.ToArray(), task);
}
}
}
public async Task <IActionResult> Create(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "tasks")] string secretId,
HttpRequest req,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.ServiceOperator, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Creating new Task.");
if (!await ManagedSecrets.ContainsIdAsync(Guid.Parse(secretId)))
{
return(new BadRequestErrorMessageResult("Invalid Managed Secret ID"));
}
var secret = await ManagedSecrets.GetAsync(Guid.Parse(secretId));
if (!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminCachesSignOff) &&
!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminSignsOffJustInTime))
{
return(new BadRequestErrorMessageResult("Managed Secret does not support administrator approval!"));
}
RekeyingTask newTask = new RekeyingTask()
{
Queued = DateTimeOffset.UtcNow,
Expiry = secret.Expiry,
ManagedSecretId = secret.ObjectId
};
await RekeyingTasks.CreateAsync(newTask);
return(new OkObjectResult(newTask));
}
