public override async Task Write(Secret secret, string clientOperation)
{
// Try to read the secret
var existingSecret = await UnauditedReadSecret(secret.Name, GetFileName(secret.Name));
// Try to undelete the secret, in case a deleted form exists
if (existingSecret == null && await Undelete(secret.Name, clientOperation))
{
existingSecret = await UnauditedReadSecret(secret.Name, GetFileName(secret.Name));
}
if (existingSecret != null)
{
// Copy the new data and add audit records
existingSecret.AddAuditEntry(await SecretAuditEntry.CreateForLocalUser(clientOperation, SecretAuditAction.Changed, existingSecret.Value));
existingSecret.Update(secret);
// Now resave the existing secret instead
secret = existingSecret;
}
else
{
// Add an audit record
secret.AddAuditEntry(await SecretAuditEntry.CreateForLocalUser(clientOperation, SecretAuditAction.Created));
}
// Write the secret
await UnauditedWriteSecret(secret);
}
public void AddAuditEntry(SecretAuditEntry entry)
{
_auditLog.Add(entry);
if (_auditLog.Count > 100)
{
// Truncate the log
_auditLog = _auditLog.OrderByDescending(a => a.TimestampUtc).Take(100).ToList();
}
}
public void AddAuditEntry(SecretAuditEntry entry)
{
_auditLog.Add(entry);
if (_auditLog.Count > 100)
{
// Truncate the log
_auditLog = _auditLog.OrderByDescending(a => a.TimestampUtc).Take(100).ToList();
}
}
public override async Task <bool> Delete(SecretName name, string clientOperation)
{
// Write an audit record
var fileName = GetFileName(name);
var existingSecret = await UnauditedReadSecret(name, fileName);
if (existingSecret == null)
{
return(false);
}
existingSecret.AddAuditEntry(await SecretAuditEntry.CreateForLocalUser(clientOperation, SecretAuditAction.Deleted));
await UnauditedWriteSecret(existingSecret);
// Change the file extension
File.Move(fileName, Path.ChangeExtension(fileName, ".del"));
return(true);
}
public override async Task <Secret> Read(SecretName name, string clientOperation)
{
// Read the secret
var secret = await UnauditedReadSecret(name, GetFileName(name));
if (secret == null)
{
return(null);
}
// Add audit log entry and rewrite
secret.AddAuditEntry(await SecretAuditEntry.CreateForLocalUser(clientOperation, SecretAuditAction.Retrieved));
await UnauditedWriteSecret(secret);
// Return the secret value
return(secret);
}
public override async Task <bool> Undelete(SecretName name, string clientOperation)
{
// Locate the deleted file
var fileName = GetFileName(name);
var deletedName = Path.ChangeExtension(fileName, ".del");
var deletedSecret = await UnauditedReadSecret(name, deletedName);
if (deletedSecret == null)
{
return(false);
}
// Write it back to a normal secret file
deletedSecret.AddAuditEntry(await SecretAuditEntry.CreateForLocalUser(clientOperation, SecretAuditAction.Restored));
await UnauditedWriteSecret(deletedSecret);
// Delete the deleted secret :)
File.Delete(deletedName);
return(true);
}