Esempio n. 1
0
        public static async Task Main(string[] args)
        {
            var parserResult = Parser.Default.ParseArguments <Arguments>(args);

            if (parserResult.Tag == ParserResultType.NotParsed)
            {
                Environment.Exit(1);
            }

            Arguments arguments = null;

            parserResult.WithParsed(_ => arguments = _);

            var token =
                await new AuthenticationContext($"https://login.microsoftonline.com/{arguments.TenantId.ToLower()}").
                AcquireTokenAsync(
                    arguments.ServiceFabricClusterApplicationId.ToLower(),
                    new ClientAssertionCertificate(
                        arguments.ClientId.ToLower(),
                        GetCertificate(
                            arguments.CertificateStoreName,
                            arguments.CertificateStoreLocation,
                            arguments.CertificateThumbprint)));

            var connectionEndpoint =
                new DnsEndPoint(
                    arguments.ServiceFabricManagementDnsName,
                    arguments.ServiceFabricClientConnectionEndpointPort);

            var claimsCredentials = new ClaimsCredentials();

            claimsCredentials.ServerCommonNames.Add(connectionEndpoint.Host);
            claimsCredentials.LocalClaims = token.AccessToken;

            using (var client = new FabricClient(claimsCredentials, $"{connectionEndpoint.Host}:{connectionEndpoint.Port}"))
            {
                await client.QueryManager.GetApplicationListAsync();
            }

            Console.WriteLine("Everything Works!");
        }
Esempio n. 2
0
        public int ExecuteHealthCheck(CalamariVariableDictionary variables)
        {
            if (!ServiceFabricHelper.IsServiceFabricSdkKeyInRegistry())
            {
                throw new Exception("Could not find the Azure Service Fabric SDK on this server. This SDK is required before running health checks on Service Fabric targets.");
            }

            var connectionEndpoint   = variables.Get(SpecialVariables.Action.ServiceFabric.ConnectionEndpoint);
            var securityMode         = (AzureServiceFabricSecurityMode)Enum.Parse(typeof(AzureServiceFabricSecurityMode), variables.Get(SpecialVariables.Action.ServiceFabric.SecurityMode));
            var serverCertThumbprint = variables.Get(SpecialVariables.Action.ServiceFabric.ServerCertThumbprint);

            var clientCertVariable = variables.Get(SpecialVariables.Action.ServiceFabric.ClientCertVariable);

            var certificateStoreLocation = variables.Get(SpecialVariables.Action.ServiceFabric.CertificateStoreLocation);

            if (string.IsNullOrWhiteSpace(certificateStoreLocation))
            {
                certificateStoreLocation = StoreLocation.LocalMachine.ToString();
            }

            var certificateStoreName = variables.Get(SpecialVariables.Action.ServiceFabric.CertificateStoreName);

            if (string.IsNullOrWhiteSpace(certificateStoreName))
            {
                certificateStoreName = "My";
            }

            var aadUserCredentialUsername = variables.Get(SpecialVariables.Action.ServiceFabric.AadUserCredentialUsername);
            var aadUserCredentialPassword = variables.Get(SpecialVariables.Action.ServiceFabric.AadUserCredentialPassword);

            log.Verbose($"Checking connectivity to Service Fabric cluster '{connectionEndpoint}' with security-mode '{securityMode}'");
            FabricClient fabricClient = null;

            // ReSharper disable once SwitchStatementMissingSomeCases
            switch (securityMode)
            {
            case AzureServiceFabricSecurityMode.SecureClientCertificate:
            {
                log.Info("Connecting with Secure Client Certificate");

                var clientCertThumbprint = variables.Get(clientCertVariable + ".Thumbprint");
                var commonName           = variables.Get(clientCertVariable + ".SubjectCommonName");

                certificateStore.GetOrAdd(variables, clientCertVariable, certificateStoreName, certificateStoreLocation);

                var xc = GetCredentials(clientCertThumbprint, certificateStoreLocation, certificateStoreName, serverCertThumbprint, commonName);
                try
                {
                    fabricClient = new FabricClient(xc, connectionEndpoint);
                }
                catch (Exception ex)
                {
                    // SF throw weird exception messages if you don't have the certificate installed.
                    if (ex.InnerException != null && ex.InnerException.Message.Contains("0x80071C57"))
                    {
                        throw new Exception($"Service Fabric was unable to to find certificate with thumbprint '{clientCertThumbprint}' in Cert:\\{certificateStoreLocation}\\{certificateStoreName}. Please make sure you have installed the certificate on the Octopus Server before attempting to use/reference it in a Service Fabric Cluster target.");
                    }
                    throw;
                }
                break;
            }

            case AzureServiceFabricSecurityMode.SecureAzureAD:
            {
                log.Info("Connecting with Secure Azure Active Directory");
                var claimsCredentials = new ClaimsCredentials();
                claimsCredentials.ServerThumbprints.Add(serverCertThumbprint);
                // ReSharper disable once UseObjectOrCollectionInitializer
                fabricClient = new FabricClient(claimsCredentials, connectionEndpoint);
                fabricClient.ClaimsRetrieval += (o, e) =>
                {
                    try
                    {
                        return(GetAccessToken(e.AzureActiveDirectoryMetadata, aadUserCredentialUsername, aadUserCredentialPassword));
                    }
                    catch (Exception ex)
                    {
                        log.Error($"Connect failed: {ex.PrettyPrint()}");
                        return("BAD_TOKEN");        //TODO: mark.siedle - You cannot return null or an empty value here or the Azure lib spazzes out trying to call a lib that doesn't exist "System.Fabric.AzureActiveDirectory.Client"  :(
                    }
                };
                break;
            }

            case AzureServiceFabricSecurityMode.SecureAD:
            {
                log.Info("Connecting with Secure Azure Active Directory");
                log.Verbose("Using the service account of the octopus service as windows credentials");
                var windowsCredentials = new WindowsCredentials();
                fabricClient = new FabricClient(windowsCredentials, connectionEndpoint);
                break;
            }

            default:
            {
                log.Info("Connecting unsecurely");
                fabricClient = new FabricClient(connectionEndpoint);
                break;
            }
            }

            if (fabricClient == null)
            {
                throw new Exception("Unable to create Service Fabric client.");
            }

            try
            {
                fabricClient.ClusterManager.GetClusterManifestAsync().GetAwaiter().GetResult();
                log.Verbose("Successfully received a response from the Service Fabric client");
            }
            finally
            {
                fabricClient.Dispose();
            }

            return(0);
        }