public async Task <IActionResult> Create([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets")] ManagedSecretViewModel inputSecret)
{
if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.SecretAdmin))
{
return(new UnauthorizedResult());
}
var resources = await _resources.Get();
var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList();
if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id)))
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(AdminApi.ManagedSecrets.Create), "New Managed Secret attempted to use one or more invalid Resource IDs");
return(new NotFoundObjectResult("One or more Resource IDs not found!"));
}
ManagedSecret newManagedSecret = new ManagedSecret()
{
Name = inputSecret.Name,
Description = inputSecret.Description,
ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
LastChanged = DateTimeOffset.UtcNow - TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies,
ResourceIds = resourceIds,
Nonce = await _cryptographicImplementation.GenerateCryptographicallySecureString(_configuration.DefaultNonceLength)
};
await _managedSecrets.Create(newManagedSecret);
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.SecretCreated, nameof(AdminApi.ManagedSecrets.Create), newManagedSecret);
return(new OkObjectResult(_managedSecretViewModel(newManagedSecret)));
}
public async Task <IActionResult> Update(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets/{secretId:guid}")] ManagedSecretViewModel inputSecret,
HttpRequest req,
Guid secretId,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.SecretAdmin, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Updating Managed Secret {0}", secretId);
if (!await ManagedSecrets.ContainsIdAsync(secretId))
{
return(new BadRequestErrorMessageResult("Secret not found!"));
}
var resources = await Resources.ListAsync();
var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList();
if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id)))
{
var invalidIds = resourceIds.Where(id => !resources.Any(r => r.ObjectId == id));
log.LogError("New Managed Secret attempted to link one or more invalid Resource IDs: {0}", invalidIds);
return(new BadRequestErrorMessageResult("One or more ResourceIds not found!"));
}
ManagedSecret newManagedSecret = new ManagedSecret()
{
ObjectId = secretId,
Name = inputSecret.Name,
Description = inputSecret.Description,
ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies,
ResourceIds = resourceIds
};
await ManagedSecrets.UpdateAsync(newManagedSecret);
log.LogInformation("Updated Managed Secret '{0}'", newManagedSecret.Name);
return(new OkObjectResult(GetViewModel(newManagedSecret)));
}
public async Task <IActionResult> Update(ManagedSecretViewModel inputSecret, Guid secretId, CancellationToken cancellationToken)
{
if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.SecretAdmin))
{
return(new UnauthorizedResult());
}
if (!await _managedSecrets.ContainsId(secretId, cancellationToken))
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(ManagedSecretsService.Update), "Secret ID not found");
return(new NotFoundObjectResult("Secret not found!"));
}
var resources = await _resources.Get(cancellationToken);
var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList();
if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id)))
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(ManagedSecretsService.Update), "New Managed Secret attempted to use one or more invalid Resource IDs");
return(new NotFoundObjectResult("One or more Resource IDs not found!"));
}
ManagedSecret newManagedSecret = new ManagedSecret()
{
ObjectId = secretId,
Name = inputSecret.Name,
Description = inputSecret.Description,
ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies,
ResourceIds = resourceIds,
Nonce = await _cryptographicImplementation.GenerateCryptographicallyRandomString(_configuration.DefaultNonceLength)
};
await _managedSecrets.Update(newManagedSecret, cancellationToken);
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.SecretUpdated, nameof(ManagedSecretsService.Update), newManagedSecret);
return(new OkObjectResult(_managedSecretViewModel(newManagedSecret)));
}
private static RekeyingTaskViewModel GetViewModel(IServiceProvider serviceProvider, RekeyingTask rekeyingTask, CancellationToken cancellationToken)
{
ManagedSecretViewModel secret;
try
{
secret = serviceProvider.GetRequiredService <Func <ManagedSecret, ManagedSecretViewModel> >()(
serviceProvider.GetRequiredService <IDataStore <ManagedSecret> >().GetOne(rekeyingTask.ManagedSecretId, cancellationToken).Result);
}
catch (Exception) { secret = new ManagedSecretViewModel()
{
ObjectId = Guid.Empty
}; }
string errorMessage = string.Empty;
var mostRecentAttempt = rekeyingTask?.Attempts
.OrderByDescending(a => a.AttemptStarted)
.FirstOrDefault();
if (mostRecentAttempt != null)
{
errorMessage = mostRecentAttempt.IsSuccessfulAttempt ?
string.Empty : mostRecentAttempt.OuterException;
}
return(new RekeyingTaskViewModel()
{
ObjectId = rekeyingTask.ObjectId,
Queued = rekeyingTask.Queued,
Expiry = rekeyingTask.Expiry,
PersistedCredentialUser = rekeyingTask.PersistedCredentialUser,
ConfirmationType = rekeyingTask.ConfirmationType,
RekeyingCompleted = rekeyingTask.RekeyingCompleted,
RekeyingErrorMessage = errorMessage,
RekeyingInProgress = rekeyingTask.RekeyingInProgress,
ManagedSecret = secret,
Attempts = rekeyingTask.Attempts
});
}
public async Task <IActionResult> Update(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets/{secretId:guid}")] ManagedSecretViewModel inputSecret,
Guid secretId, CancellationToken cancellationToken)
{
return(await _service.Update(inputSecret, secretId, cancellationToken));
}
public async Task <IActionResult> Create([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets")] ManagedSecretViewModel inputSecret, CancellationToken cancellationToken)
{
return(await _service.Create(inputSecret, cancellationToken));
}
