private void StartMonitoring()
{
if (_eventListener != null)
{
throw new DevOpsException("Listener is already running.");
}
var sppAddress = _configDb.SafeguardAddress;
var userCertificate = _configDb.UserCertificateBase64Data;
var passPhrase = _configDb.UserCertificatePassphrase?.ToSecureString();
var apiVersion = _configDb.ApiVersion;
var ignoreSsl = _configDb.IgnoreSsl;
if (sppAddress == null || userCertificate == null || !apiVersion.HasValue || !ignoreSsl.HasValue)
{
_logger.Error("No safeguardConnection was found. Safeguard Secrets Broker for DevOps must be configured first");
return;
}
if (ignoreSsl.Value)
{
throw new DevOpsException("Monitoring cannot be enabled until a secure connection has been established. Trusted certificates may be missing.");
}
// This call will fail if the monitor is being started as part of the service start up.
// The reason why is because at service startup, the user has not logged into Secrets Broker yet
// so Secrets Broker does not have the SPP credentials that are required to query the current vault account credentials.
// However, the monitor can still be started using the existing vault credentials. If syncing doesn't appear to be working
// the monitor can be stopped and restarted which will cause a refresh of the vault credentials.
_pluginManager.RefreshPluginCredentials();
// connect to Safeguard
_a2AContext = Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, CertificateValidationCallback, apiVersion.Value);
// figure out what API keys to monitor
_retrievableAccounts = _configDb.GetAccountMappings().ToList();
if (_retrievableAccounts.Count == 0)
{
var msg = "No accounts have been mapped to plugins. Nothing to do.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
var apiKeys = new List <SecureString>();
foreach (var account in _retrievableAccounts)
{
apiKeys.Add(account.ApiKey.ToSecureString());
}
_eventListener = _a2AContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler);
_eventListener.Start();
InitialPasswordPull();
_logger.Information("Password change monitoring has been started.");
}
public void Stop()
{
_eventListener.Stop();
_eventListener?.Dispose();
_connection?.Dispose();
_serviceNowPassword?.Dispose();
_validator?.Dispose();
_eventListener = null;
_connection = null;
_serviceNowPassword = null;
_validator = null;
}
private void StopMonitoring()
{
try
{
_eventListener?.Stop();
_a2aContext?.Dispose();
_logger.Information("Password change monitoring has been stopped.");
}
finally
{
_eventListener = null;
_a2aContext = null;
_retrievableAccounts = null;
}
}
private void StartMonitoring()
{
if (_eventListener != null)
{
throw new DevOpsException("Listener is already running.");
}
var sppAddress = _configDb.SafeguardAddress;
var userCertificate = _configDb.UserCertificateBase64Data;
var passPhrase = _configDb.UserCertificatePassphrase?.ToSecureString();
var apiVersion = _configDb.ApiVersion;
var ignoreSsl = _configDb.IgnoreSsl;
if (sppAddress == null || userCertificate == null || !apiVersion.HasValue || !ignoreSsl.HasValue)
{
_logger.Error("No safeguardConnection was found. Safeguard Secrets Broker for DevOps must be configured first");
return;
}
_pluginManager.RefreshPluginCredentials();
// connect to Safeguard
_a2AContext = (ignoreSsl == true) ? Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, apiVersion.Value, true) :
Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, CertificateValidationCallback, apiVersion.Value);
// figure out what API keys to monitor
_retrievableAccounts = _configDb.GetAccountMappings().ToList();
if (_retrievableAccounts.Count == 0)
{
var msg = "No accounts have been mapped to plugins. Nothing to do.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
var apiKeys = new List <SecureString>();
foreach (var account in _retrievableAccounts)
{
apiKeys.Add(account.ApiKey.ToSecureString());
}
_eventListener = _a2AContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler);
_eventListener.Start();
_logger.Information("Password change monitoring has been started.");
}
public void Start()
{
_eventListener = Safeguard.Event.GetPersistentEventListener(_safeguardAddress,
_safeguardClientCertificateThumbprint, _safeguardApiVersion, _safeguardIgnoreSsl);
_connection = Safeguard.Connect(_safeguardAddress, _safeguardClientCertificateThumbprint,
_safeguardApiVersion, _safeguardIgnoreSsl);
using (var a2AContext = Safeguard.A2A.GetContext(_safeguardAddress, _safeguardClientCertificateThumbprint,
_safeguardApiVersion, _safeguardIgnoreSsl))
{
_serviceNowPassword = a2AContext.RetrievePassword(_safeguardA2AApiKeyForServiceNowPassword);
}
_validator = new ServiceNowTicketValidator(_serviceNowDnsName, _serviceNowClientSecret, _serviceNowUserName,
_serviceNowPassword);
_eventListener.RegisterEventHandler("AccessRequestPendingApproval", HandlePendingApprovalNotification);
_eventListener.Start();
}
private void StartMonitoring()
{
if (_eventListener != null)
{
throw new Exception("Listener is already running.");
}
var configuration = _configurationRepository.GetConfiguration();
if (configuration == null)
{
_logger.Error("No configuration was found. DevOps service must be configured first");
return;
}
// connect to Safeguard
_a2aContext = Safeguard.A2A.GetContext(configuration.SppAddress, configuration.CertificateUserThumbPrint,
_safeguardApiVersion, _safeguardIgnoreSsl);
// figure out what API keys to monitor
_retrievableAccounts = GetRetrievableAccounts().ToList();
if (_retrievableAccounts.Count == 0)
{
_logger.Error("No API keys found in A2A registrations. Nothing to do.");
throw new Exception("No API keys found in A2A registrations. Nothing to do.");
}
var apiKeys = new List <SecureString>();
foreach (var account in _retrievableAccounts)
{
apiKeys.Add(account.ApiKey.ToSecureString());
}
_eventListener = _a2aContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler);
_eventListener.Start();
_logger.Information("Password change monitoring has been started.");
}