public async Task <IActionResult> Create([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets")] ManagedSecretViewModel inputSecret) { if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.SecretAdmin)) { return(new UnauthorizedResult()); } var resources = await _resources.Get(); var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList(); if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id))) { await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(AdminApi.ManagedSecrets.Create), "New Managed Secret attempted to use one or more invalid Resource IDs"); return(new NotFoundObjectResult("One or more Resource IDs not found!")); } ManagedSecret newManagedSecret = new ManagedSecret() { Name = inputSecret.Name, Description = inputSecret.Description, ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes), LastChanged = DateTimeOffset.UtcNow - TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes), TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies, ResourceIds = resourceIds, Nonce = await _cryptographicImplementation.GenerateCryptographicallySecureString(_configuration.DefaultNonceLength) }; await _managedSecrets.Create(newManagedSecret); await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.SecretCreated, nameof(AdminApi.ManagedSecrets.Create), newManagedSecret); return(new OkObjectResult(_managedSecretViewModel(newManagedSecret))); }
public async Task <IActionResult> Update( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets/{secretId:guid}")] ManagedSecretViewModel inputSecret, HttpRequest req, Guid secretId, ILogger log) { if (!req.IsValidUser(AuthJanitorRoles.SecretAdmin, AuthJanitorRoles.GlobalAdmin)) { return(new UnauthorizedResult()); } log.LogInformation("Updating Managed Secret {0}", secretId); if (!await ManagedSecrets.ContainsIdAsync(secretId)) { return(new BadRequestErrorMessageResult("Secret not found!")); } var resources = await Resources.ListAsync(); var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList(); if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id))) { var invalidIds = resourceIds.Where(id => !resources.Any(r => r.ObjectId == id)); log.LogError("New Managed Secret attempted to link one or more invalid Resource IDs: {0}", invalidIds); return(new BadRequestErrorMessageResult("One or more ResourceIds not found!")); } ManagedSecret newManagedSecret = new ManagedSecret() { ObjectId = secretId, Name = inputSecret.Name, Description = inputSecret.Description, ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes), TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies, ResourceIds = resourceIds }; await ManagedSecrets.UpdateAsync(newManagedSecret); log.LogInformation("Updated Managed Secret '{0}'", newManagedSecret.Name); return(new OkObjectResult(GetViewModel(newManagedSecret))); }
public async Task <IActionResult> Update(ManagedSecretViewModel inputSecret, Guid secretId, CancellationToken cancellationToken) { if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.SecretAdmin)) { return(new UnauthorizedResult()); } if (!await _managedSecrets.ContainsId(secretId, cancellationToken)) { await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(ManagedSecretsService.Update), "Secret ID not found"); return(new NotFoundObjectResult("Secret not found!")); } var resources = await _resources.Get(cancellationToken); var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList(); if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id))) { await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(ManagedSecretsService.Update), "New Managed Secret attempted to use one or more invalid Resource IDs"); return(new NotFoundObjectResult("One or more Resource IDs not found!")); } ManagedSecret newManagedSecret = new ManagedSecret() { ObjectId = secretId, Name = inputSecret.Name, Description = inputSecret.Description, ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes), TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies, ResourceIds = resourceIds, Nonce = await _cryptographicImplementation.GenerateCryptographicallyRandomString(_configuration.DefaultNonceLength) }; await _managedSecrets.Update(newManagedSecret, cancellationToken); await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.SecretUpdated, nameof(ManagedSecretsService.Update), newManagedSecret); return(new OkObjectResult(_managedSecretViewModel(newManagedSecret))); }
private static RekeyingTaskViewModel GetViewModel(IServiceProvider serviceProvider, RekeyingTask rekeyingTask, CancellationToken cancellationToken) { ManagedSecretViewModel secret; try { secret = serviceProvider.GetRequiredService <Func <ManagedSecret, ManagedSecretViewModel> >()( serviceProvider.GetRequiredService <IDataStore <ManagedSecret> >().GetOne(rekeyingTask.ManagedSecretId, cancellationToken).Result); } catch (Exception) { secret = new ManagedSecretViewModel() { ObjectId = Guid.Empty }; } string errorMessage = string.Empty; var mostRecentAttempt = rekeyingTask?.Attempts .OrderByDescending(a => a.AttemptStarted) .FirstOrDefault(); if (mostRecentAttempt != null) { errorMessage = mostRecentAttempt.IsSuccessfulAttempt ? string.Empty : mostRecentAttempt.OuterException; } return(new RekeyingTaskViewModel() { ObjectId = rekeyingTask.ObjectId, Queued = rekeyingTask.Queued, Expiry = rekeyingTask.Expiry, PersistedCredentialUser = rekeyingTask.PersistedCredentialUser, ConfirmationType = rekeyingTask.ConfirmationType, RekeyingCompleted = rekeyingTask.RekeyingCompleted, RekeyingErrorMessage = errorMessage, RekeyingInProgress = rekeyingTask.RekeyingInProgress, ManagedSecret = secret, Attempts = rekeyingTask.Attempts }); }
public async Task <IActionResult> Update( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets/{secretId:guid}")] ManagedSecretViewModel inputSecret, Guid secretId, CancellationToken cancellationToken) { return(await _service.Update(inputSecret, secretId, cancellationToken)); }
public async Task <IActionResult> Create([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets")] ManagedSecretViewModel inputSecret, CancellationToken cancellationToken) { return(await _service.Create(inputSecret, cancellationToken)); }