private async Task CreateAndNotify(IEnumerable <RekeyingTask> tasks) { if (!tasks.Any()) { return; } await Task.WhenAll(tasks.Select(t => RekeyingTasks.CreateAsync(t))); foreach (var task in tasks) { var secret = await ManagedSecrets.GetAsync(task.ManagedSecretId); if (task.ConfirmationType == TaskConfirmationStrategies.AdminCachesSignOff || task.ConfirmationType == TaskConfirmationStrategies.AdminSignsOffJustInTime) { await NotificationProvider.DispatchNotification_AdminApprovalRequiredTaskCreated( secret.AdminEmails.ToArray(), task); } else if (task.ConfirmationType == TaskConfirmationStrategies.AutomaticRekeyingAsNeeded || task.ConfirmationType == TaskConfirmationStrategies.AutomaticRekeyingScheduled) { await NotificationProvider.DispatchNotification_AutoRekeyingTaskCreated( secret.AdminEmails.ToArray(), task); } } }
private async Task <List <ManagedSecret> > GetSecretsForRekeyingTask( TaskConfirmationStrategies taskConfirmationStrategies, int leadTimeHours) { var secretsToRotate = await ManagedSecrets.GetAsync(s => s.TaskConfirmationStrategies.HasFlag(taskConfirmationStrategies) && s.Expiry < DateTimeOffset.UtcNow + TimeSpan.FromHours(leadTimeHours)); var rekeyingTasks = await RekeyingTasks.ListAsync(); return(secretsToRotate .Where(s => !rekeyingTasks.Any(t => t.ManagedSecretId == s.ObjectId && !t.RekeyingCompleted)) .ToList()); }
public async Task <IActionResult> Get( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "managedSecrets/{secretId:guid}")] HttpRequest req, Guid secretId, ILogger log) { if (!req.IsValidUser()) { return(new UnauthorizedResult()); } log.LogInformation("Retrieving Managed Secret {0}.", secretId); if (!await ManagedSecrets.ContainsIdAsync(secretId)) { return(new BadRequestErrorMessageResult("Secret not found!")); } return(new OkObjectResult(GetViewModel(await ManagedSecrets.GetAsync(secretId)))); }
public async Task <IActionResult> Create( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "tasks")] string secretId, HttpRequest req, ILogger log) { if (!req.IsValidUser(AuthJanitorRoles.ServiceOperator, AuthJanitorRoles.GlobalAdmin)) { return(new UnauthorizedResult()); } log.LogInformation("Creating new Task."); if (!await ManagedSecrets.ContainsIdAsync(Guid.Parse(secretId))) { return(new BadRequestErrorMessageResult("Invalid Managed Secret ID")); } var secret = await ManagedSecrets.GetAsync(Guid.Parse(secretId)); if (!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminCachesSignOff) && !secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminSignsOffJustInTime)) { return(new BadRequestErrorMessageResult("Managed Secret does not support administrator approval!")); } RekeyingTask newTask = new RekeyingTask() { Queued = DateTimeOffset.UtcNow, Expiry = secret.Expiry, ManagedSecretId = secret.ObjectId }; await RekeyingTasks.CreateAsync(newTask); return(new OkObjectResult(newTask)); }