public void RefreshPluginCredentials()
{
try
{
var sgConnection = _safeguardLogic.Connect();
var plugins = _configDb.GetAllPlugins();
foreach (var plugin in plugins)
{
RefreshPluginCredential(sgConnection, plugin);
}
}
catch (Exception ex)
{
_logger.Warning(ex, $"Failed to refresh the plugin vault credentials. If account credentials are not being synced correctly, try stopping and restarting the monitor. Reason: {ex.Message}.");
}
}
public IEnumerable <AccountMapping> SaveAccountMappings(string name, IEnumerable <A2ARetrievableAccount> accounts)
{
if (_configDb.A2aRegistrationId == null)
{
var msg = "A2A registration not configured";
_logger.Error(msg);
throw new DevOpsException(msg);
}
if (_configDb.GetPluginByName(name) == null)
{
var msg = $"Plugin {name} not found";
_logger.Error(msg);
throw new DevOpsException(msg);
}
var retrievableAccounts = accounts.ToArray();
if (retrievableAccounts.All(x => x.AccountId == 0))
{
var msg = "Invalid list of accounts. Expecting a list of retrievable accounts.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
using var sg = _safeguardLogic.Connect();
var newAccounts = new List <AccountMapping>();
foreach (var account in retrievableAccounts)
{
try
{
var result = sg.InvokeMethodFull(Service.Core, Method.Get, $"A2ARegistrations/{_configDb.A2aRegistrationId}/RetrievableAccounts/{account.AccountId}");
if (result.StatusCode == HttpStatusCode.OK)
{
var retrievableAccount = JsonHelper.DeserializeObject <A2ARetrievableAccount>(result.Body);
var accountMapping = new AccountMapping()
{
AccountName = retrievableAccount.AccountName,
AccountId = retrievableAccount.AccountId,
ApiKey = retrievableAccount.ApiKey,
AssetName = retrievableAccount.SystemName,
SystemId = retrievableAccount.SystemId,
DomainName = retrievableAccount.DomainName,
NetworkAddress = retrievableAccount.NetworkAddress,
VaultName = name
};
newAccounts.Add(accountMapping);
}
}
catch (Exception ex)
{
var msg = $"Failed to add account {account.AccountId} - {account.AccountName}: {ex.Message}";
_logger.Error(msg);
}
}
if (newAccounts.Count > 0)
{
_configDb.SaveAccountMappings(newAccounts);
}
return(GetAccountMappings(name));
}
public IEnumerable <AccountMapping> SaveAccountMappings(ISafeguardConnection sgConnection, string name, IEnumerable <A2ARetrievableAccount> accounts)
{
if (_configDb.A2aRegistrationId == null)
{
var msg = "A2A registration not configured";
_logger.Error(msg);
throw new DevOpsException(msg);
}
if (_configDb.GetPluginByName(name) == null)
{
var msg = $"Plugin {name} not found";
_logger.Error(msg);
throw new DevOpsException(msg, HttpStatusCode.NotFound);
}
var retrievableAccounts = accounts.ToArray();
if (retrievableAccounts.All(x => x.AccountId == 0))
{
var msg = "Invalid list of accounts. Expecting a list of retrievable accounts.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
var allAccounts = _configDb.GetAccountMappings().ToArray();
foreach (var account in retrievableAccounts)
{
if (!string.IsNullOrEmpty(account.AltAccountName))
{
// Make sure that no other existing account has the same altAccountName
// Make sure that none of the accounts that are being added, have the same altAccountName
if (allAccounts.Any(x => x.AltAccountName != null &&
x.AltAccountName.Equals(account.AltAccountName, StringComparison.OrdinalIgnoreCase) &&
!x.VaultName.Equals(name, StringComparison.OrdinalIgnoreCase)) ||
retrievableAccounts.Any(x => x.AccountId != account.AccountId &&
x.AltAccountName != null &&
x.AltAccountName.Equals(account.AltAccountName, StringComparison.OrdinalIgnoreCase)))
{
var msg = $"Invalid alternate account name. The account name {account.AltAccountName} is already in use.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
}
}
var sg = sgConnection ?? _safeguardLogic.Connect();
try
{
var newAccounts = new List <AccountMapping>();
foreach (var account in retrievableAccounts)
{
try
{
var retrievableAccount =
_safeguardLogic.GetA2ARetrievableAccountById(sg, A2ARegistrationType.Account, account.AccountId);
if (retrievableAccount != null)
{
var accountMapping = new AccountMapping()
{
AccountName = retrievableAccount.AccountName,
AltAccountName = account.AltAccountName,
AccountId = retrievableAccount.AccountId,
ApiKey = retrievableAccount.ApiKey,
AssetName = retrievableAccount.SystemName,
SystemId = retrievableAccount.SystemId,
DomainName = retrievableAccount.DomainName,
NetworkAddress = retrievableAccount.NetworkAddress,
VaultName = name
};
newAccounts.Add(accountMapping);
}
}
catch (Exception ex)
{
var msg = $"Failed to add account {account.AccountId} - {account.AccountName}: {ex.Message}";
_logger.Error(ex, msg);
}
}
if (newAccounts.Count > 0)
{
_configDb.SaveAccountMappings(newAccounts);
}
return(GetAccountMappings(name));
}
finally
{
if (sgConnection == null)
{
sg.Dispose();
}
}
}
public void ConfigureDevOpsAddOn(string addonName)
{
var sg = _safeguardLogic.Connect();
try
{
var addon = _configDb.GetAddonByName(addonName);
if (addon == null)
{
throw LogAndException($"Add-on {addonName} not found.");
}
if (!addon.VaultCredentials.Any())
{
throw LogAndException($"Waiting for the Add-on {addonName} to post the vault credentials. Try again later...");
}
if ((_configDb.AssetPartitionId ?? 0) == 0 || (_configDb.AssetId ?? 0) == 0)
{
var assetPartition = _safeguardLogic.CreateAssetPartition(sg);
_safeguardLogic.CreateAsset(sg, assetPartition);
_safeguardLogic.CreateAssetAccountGroup(sg, addon);
}
var assetId = _configDb.AssetId;
if ((assetId ?? 0) == 0)
{
throw LogAndException($"Failed to configure the Add-on {addonName}. No associated asset found in Safeguard.");
}
if (addon.VaultCredentials.Any() && !SafeguardHasVaultCredentials(addon))
{
var tasks = new List <Task>();
foreach (var vaultCredential in addon.VaultCredentials)
{
var newAccount = new AssetAccount()
{
Name = vaultCredential.Key,
AssetId = assetId.Value
};
var p = addon.VaultCredentials[newAccount.Name];
tasks.Add(Task.Run(() =>
{
newAccount = _safeguardLogic.AddAssetAccount(sg, newAccount);
_safeguardLogic.SetAssetAccountPassword(sg, newAccount, p);
}));
}
if (tasks.Any())
{
Task.WaitAll(tasks.ToArray());
}
}
var asset = _safeguardLogic.GetAsset(sg);
if (asset != null)
{
addon.VaultAssetId = asset.Id;
addon.VaultAssetName = asset.Name;
if (addon.VaultAccountName != null)
{
var account = _safeguardLogic.GetAssetAccounts(sg, asset.Id)
.FirstOrDefault(x => x.Name.StartsWith(addon.VaultAccountName, StringComparison.OrdinalIgnoreCase));
addon.VaultAccountId = account?.Id ?? 0;
addon.VaultAccountName = account?.Name ?? addon.VaultAccountName;
}
_configDb.SaveAddon(addon);
}
var plugin = _configDb.GetPluginByName(addon.Manifest.PluginName);
if (plugin != null && plugin.VaultAccountId != addon.VaultAccountId)
{
plugin.VaultAccountId = addon.VaultAccountId;
_pluginsLogic.SavePluginVaultAccount(sg, plugin.Name, new AssetAccount()
{
Id = addon.VaultAccountId.Value
});
}
}
finally
{
sg.Dispose();
}
}