private async Task CreateAndNotify(IEnumerable <RekeyingTask> tasks)
{
if (!tasks.Any())
{
return;
}
await Task.WhenAll(tasks.Select(t => RekeyingTasks.CreateAsync(t)));
foreach (var task in tasks)
{
var secret = await ManagedSecrets.GetAsync(task.ManagedSecretId);
if (task.ConfirmationType == TaskConfirmationStrategies.AdminCachesSignOff ||
task.ConfirmationType == TaskConfirmationStrategies.AdminSignsOffJustInTime)
{
await NotificationProvider.DispatchNotification_AdminApprovalRequiredTaskCreated(
secret.AdminEmails.ToArray(), task);
}
else if (task.ConfirmationType == TaskConfirmationStrategies.AutomaticRekeyingAsNeeded ||
task.ConfirmationType == TaskConfirmationStrategies.AutomaticRekeyingScheduled)
{
await NotificationProvider.DispatchNotification_AutoRekeyingTaskCreated(
secret.AdminEmails.ToArray(), task);
}
}
}
private async Task <List <ManagedSecret> > GetSecretsForRekeyingTask(
TaskConfirmationStrategies taskConfirmationStrategies,
int leadTimeHours)
{
var secretsToRotate = await ManagedSecrets.GetAsync(s =>
s.TaskConfirmationStrategies.HasFlag(taskConfirmationStrategies) &&
s.Expiry < DateTimeOffset.UtcNow + TimeSpan.FromHours(leadTimeHours));
var rekeyingTasks = await RekeyingTasks.ListAsync();
return(secretsToRotate
.Where(s => !rekeyingTasks.Any(t =>
t.ManagedSecretId == s.ObjectId &&
!t.RekeyingCompleted))
.ToList());
}
public async Task <IActionResult> Get(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "managedSecrets/{secretId:guid}")] HttpRequest req,
Guid secretId,
ILogger log)
{
if (!req.IsValidUser())
{
return(new UnauthorizedResult());
}
log.LogInformation("Retrieving Managed Secret {0}.", secretId);
if (!await ManagedSecrets.ContainsIdAsync(secretId))
{
return(new BadRequestErrorMessageResult("Secret not found!"));
}
return(new OkObjectResult(GetViewModel(await ManagedSecrets.GetAsync(secretId))));
}
public async Task <IActionResult> Create(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "tasks")] string secretId,
HttpRequest req,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.ServiceOperator, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Creating new Task.");
if (!await ManagedSecrets.ContainsIdAsync(Guid.Parse(secretId)))
{
return(new BadRequestErrorMessageResult("Invalid Managed Secret ID"));
}
var secret = await ManagedSecrets.GetAsync(Guid.Parse(secretId));
if (!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminCachesSignOff) &&
!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminSignsOffJustInTime))
{
return(new BadRequestErrorMessageResult("Managed Secret does not support administrator approval!"));
}
RekeyingTask newTask = new RekeyingTask()
{
Queued = DateTimeOffset.UtcNow,
Expiry = secret.Expiry,
ManagedSecretId = secret.ObjectId
};
await RekeyingTasks.CreateAsync(newTask);
return(new OkObjectResult(newTask));
}
