protected override async Task OnProcessRequestAsync(FormattedProcessRequest request, ProcessResult result, CancellationToken token) { try { SecretManagement.DataAccess.ISecretMetadataDataAccessProvider dataProvider = Config.ServiceProvider.GetRequiredService <SecretManagement.DataAccess.ISecretMetadataDataAccessProvider>(); string key = SecretManagement.Contracts.Data.SecretBase.FromKeyvaultUri(request.ObjectUri).Key; //var secret = await dataProvider.GetSecretAsync(key, token); //if (null != secret && secret.SecretType == SecretManagement.Contracts.Data.SecretType.Dependency) // result.Status |= ProcessResult.ProcessingStatus.Skipped; // skip scheduling dependencies for //else //{ var dependencies = await dataProvider.GetDependentSecretsAsync(key, token); List <Task> workers = new List <Task>(); foreach (var dependency in dependencies) { FormattedProcessRequest fpr = new FormattedProcessRequest(request.OriginalMessageJson, FormattedProcessRequest.RequestedAction.PerformDependencyUpdate) { ParentTransactionId = request.TransactionId, Event = request.Event, ObjectName = dependency.ObjectName, SubscriptionId = dependency.SubscriptionId, VaultName = dependency.VaultName, ObjectUri = dependency.Uri, ObjectType = FormattedProcessRequest.SecretType.Secret //todo: should this be parsed out? }; workers.Add(Helpers.QueueClientHelper.CreateQueueClient(Config, Config.FormattedMessagesQueueName).SendMessageAsync(fpr.Serialize())); } Task.WaitAll(workers.ToArray()); // } result.Status |= ProcessResult.ProcessingStatus.Success; } catch (Exception ex) //todo: filter for specific exceptions... { result.Status |= ProcessResult.ProcessingStatus.Failed; result.Description = ex.Message; } }
public async Task CreateSampleDataSetAsync(CancellationToken token, bool savePolicies, bool saveServices, bool saveSecrets) { string subscriptionId = "e4e151a2-0cd9-4598-aa8d-cb8d5f72eeef"; SecretManagement.DataAccess.ISecretMetadataDataAccessProvider dataProvider = _config.ServiceProvider.GetRequiredService <SecretManagement.DataAccess.ISecretMetadataDataAccessProvider>(); Dictionary <Guid, SecretManagement.Contracts.Data.SecretPolicy> policies = new Dictionary <Guid, SecretManagement.Contracts.Data.SecretPolicy>(); #region Create Policies //Near expiry is raised 30 days before expiration, so use "Expiring" only for long term rotations Guid id = Guid.Parse("86705a80-4f30-466d-900a-25e80c0e15e4"); policies.Add(id, new SecretManagement.Contracts.Data.SecretPolicy() { PolicyId = id, Name = "15-Day Rotation", Description = "Rotates secrets every 15 days", RotationIntervalInSec = (long)TimeSpan.FromDays(15).TotalSeconds }); id = Guid.Parse("d5bfb8a3-bc76-4a1E-bb46-50904ebb9273"); policies.Add(id, new SecretManagement.Contracts.Data.SecretPolicy() { PolicyId = id, Name = "30-Day Rotation", Description = "Rotates secrets every 30 days", RotationIntervalInSec = (long)TimeSpan.FromDays(30).TotalSeconds }); id = Guid.Parse("6CADA23D-76B1-4B50-A773-E4D0822D6821"); policies.Add(id, new SecretManagement.Contracts.Data.SecretPolicy() { PolicyId = id, Name = "24-Hour Rotation", Description = "Rotates secrets every 24 hours", RotationIntervalInSec = (long)TimeSpan.FromDays(1).TotalSeconds }); id = Guid.Parse("520FD7E3-04EF-48F6-B163-99B7DC74B216"); policies.Add(id, new SecretManagement.Contracts.Data.SecretPolicy() { PolicyId = id, Name = "1-Hour Rotation", Description = "Rotates secrets every 1 hour", RotationIntervalInSec = (long)TimeSpan.FromHours(1).TotalSeconds });; if (savePolicies) { foreach (var policy in policies.Values) { await dataProvider.SavePolicyAsync(policy, token); } } #endregion Dictionary <Guid, SecretManagement.Contracts.Data.SecretConfiguration> configs = new Dictionary <Guid, SecretManagement.Contracts.Data.SecretConfiguration>(); #region Create Configurations id = Guid.Parse("5c09346e-bd0a-4a6b-b26d-c89b5111cae3"); configs.Add(id, new SecretManagement.Contracts.Data.SecretConfiguration() { ConfigurationId = id, Name = "harpocratestest1", Description = "Harpocratestest1 storage account", ServiceType = SecretManagement.Contracts.Data.ServiceType.StorageAccountKey, SourceConnectionString = "AccountEndpoint=https://harpocratestest1.core.windows.net;ResourceGroup=harpocrates;", SubscriptionId = subscriptionId, Policy = policies[Guid.Parse("86705a80-4f30-466d-900a-25e80c0e15e4")] }); id = Guid.Parse("5f72a920-040a-4750-8974-d29629bbe20f"); configs.Add(id, new SecretManagement.Contracts.Data.SecretConfiguration() { ConfigurationId = id, Name = "harpocratestest2", Description = "Harpocratestest2 storage account", ServiceType = SecretManagement.Contracts.Data.ServiceType.StorageAccountKey, SourceConnectionString = "AccountEndpoint=https://harpocratestest2.core.windows.net;ResourceGroup=harpocrates;", SubscriptionId = subscriptionId, Policy = policies[Guid.Parse("d5bfb8a3-bc76-4a1E-bb46-50904ebb9273")] }); id = Guid.Parse("DFA55385-9ADB-4AF4-BCBA-990E129A3D46"); configs.Add(id, new SecretManagement.Contracts.Data.SecretConfiguration() { ConfigurationId = id, Name = "esri-poc-db master", Description = "esri-poc-db cosmsodb account", ServiceType = SecretManagement.Contracts.Data.ServiceType.CosmosDbAccountKey, SourceConnectionString = "AccountEndpoint=https://esri-poc-db.documents.azure.com:443;ResourceGroup=ESRI-POC;", SubscriptionId = subscriptionId, Policy = policies[Guid.Parse("d5bfb8a3-bc76-4a1E-bb46-50904ebb9273")] }); id = Guid.Parse("F43A49AC-C8B9-46D3-9DE3-5E552634F953"); configs.Add(id, new SecretManagement.Contracts.Data.SecretConfiguration() { ConfigurationId = id, Name = "esri-poc-db ro", Description = "esri-poc-db cosmsodb account - read only", ServiceType = SecretManagement.Contracts.Data.ServiceType.CosmosDbAccountReadOnlyKey, SourceConnectionString = "AccountEndpoint=https://esri-poc-db.documents.azure.com:443;ResourceGroup=ESRI-POC;", SubscriptionId = subscriptionId, Policy = policies[Guid.Parse("520FD7E3-04EF-48F6-B163-99B7DC74B216")] }); id = Guid.Parse("DC40A993-2C44-4B48-96F5-7A98CC1F9A59"); configs.Add(id, new SecretManagement.Contracts.Data.SecretConfiguration() { ConfigurationId = id, Name = "redis cache", Description = "harpocrates redis REDIS Cache service", ServiceType = SecretManagement.Contracts.Data.ServiceType.RedisCache, SourceConnectionString = "AccountEndpoint=harpocrates-redis.redis.cache.windows.net:6380;ResourceGroup=harpocrates;", SubscriptionId = subscriptionId, Policy = policies[Guid.Parse("520FD7E3-04EF-48F6-B163-99B7DC74B216")] }); if (saveServices) { foreach (var config in configs.Values) { await dataProvider.SaveConfigurationAsync(config, token); } } #endregion string[] urls = new string[] { "https://harpocrates-test2.vault.azure.net/secrets/harpocratestest2-key/d239cec181a24ce1b382dd2cb514c0ee", //0 "https://harpocrates-test1.vault.azure.net/secrets/harpocratestest1-key/b349f2ecea8b4306af2fb0b1b5aff7e9", //1 "https://harpocrates-test2.vault.azure.net/secrets/App2-Connection-String/0d91baac50b746f9af3d4fdce8c93cb7", //2 "https://harpocrates-test2.vault.azure.net/secrets/App1-Connection-String/50ddd0d3e6d248cfa1ebb56145848189", //3 "https://harpocrates-test1.vault.azure.net/secrets/Custom-app-composite-string/cb0fe84f326540309c5d151283206fa7", //4 "https://harpocrates-test1.vault.azure.net/secrets/cosmosDb-master-key/b053d0f8e7ec4d9b954f87bee16a02f6", //5 "https://harpocrates-test1.vault.azure.net/secrets/cosmosDb-readonly0key/e7067013110a45cfa38871f26d9cbcd6", //6 "https://harpocrates-test2.vault.azure.net/secrets/Esri-Db-MasterConnectionString/cc5b3bad3ac1481e9ed63cdb9a6cc95d", //7 "https://harpocrates-test2.vault.azure.net/secrets/Esri-Db-ReadOnlyConnectionString/dea4ba396bcb49baa926227f79f9cc92", //8 "https://harpocrates-test1.vault.azure.net/secrets/redis-MasterKey/68621ef295514c7fb69f052b9bb0678e" }; //9 List <SecretManagement.Contracts.Data.Secret> secrets = new List <SecretManagement.Contracts.Data.Secret>(); #region Create Secrets SecretManagement.Contracts.Data.SecretBase sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[0]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, CurrentKeyName = "Key1", Name = "harpocratestest2-key", Description = "Harpocratestest2 storage account access key", FormatExpression = null, SecretType = SecretManagement.Contracts.Data.SecretType.Attached, Configuration = configs[Guid.Parse("5f72a920-040a-4750-8974-d29629bbe20f")] }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[1]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, CurrentKeyName = "Key1", Name = "harpocratestest1-key", Description = "Harpocratestest1 storage account access key", FormatExpression = null, SecretType = SecretManagement.Contracts.Data.SecretType.Attached, Configuration = configs[Guid.Parse("5c09346e-bd0a-4a6b-b26d-c89b5111cae3")] }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[2]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, CurrentKeyName = "Key1", Name = "App1 Connection String", Description = "Storage account connection string used by App1", FormatExpression = $"DefaultEndpointsProtocol=https;AccountName=harpocrates;AccountKey={{{{{secrets[1].Key}}}}};EndpointSuffix=core.windows.net", SecretType = SecretManagement.Contracts.Data.SecretType.Dependency }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[3]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "App2 Connection String", Description = "Storage account connection string used by App2", FormatExpression = $"DefaultEndpointsProtocol=https;AccountName=harpocrates;AccountKey={{{{{secrets[0].Key}}}}};EndpointSuffix=core.windows.net", SecretType = SecretManagement.Contracts.Data.SecretType.Dependency }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[4]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "Custom app composite string", Description = "Storage account connection string used by App2", FormatExpression = $"AccountKey1={{{{{secrets[0].Key}}}}};AccountKey2={{{{{secrets[1].Key}}}}};", SecretType = SecretManagement.Contracts.Data.SecretType.Dependency }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[5]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "CosmosDb Master Key", Description = "ComsosDb Account Master Key", SecretType = SecretManagement.Contracts.Data.SecretType.Attached, FormatExpression = null, Configuration = configs[Guid.Parse("DFA55385-9ADB-4AF4-BCBA-990E129A3D46")] }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[6]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "CosmosDb Readonly Key", Description = "ComsosDb Account Read-Only Key", SecretType = SecretManagement.Contracts.Data.SecretType.Attached, FormatExpression = null, Configuration = configs[Guid.Parse("F43A49AC-C8B9-46D3-9DE3-5E552634F953")] }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[7]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "Esri Db Master", Description = "ComsoDb account connection string for esri-db app", FormatExpression = $"AccountEndpoint=https://esri-poc-db.documents.azure.com:443/;AccountKey={{{{{secrets[5].Key}}}}};", SecretType = SecretManagement.Contracts.Data.SecretType.Dependency }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[8]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "Esri Db RO", Description = "ComsoDb account read-only connection string for esri-db app", FormatExpression = $"AccountEndpoint=https://esri-poc-db.documents.azure.com:443/;AccountKey={{{{{secrets[6].Key}}}}};", SecretType = SecretManagement.Contracts.Data.SecretType.Dependency }); sb = SecretManagement.Contracts.Data.Secret.FromKeyvaultUri(urls[9]); secrets.Add(new SecretManagement.Contracts.Data.Secret() { ObjectName = sb.ObjectName, ObjectType = sb.ObjectType, VaultName = sb.VaultName, Version = sb.Version, SubscriptionId = subscriptionId, Name = "Sample REDIS", Description = "REDIS Cache account", FormatExpression = null, SecretType = SecretManagement.Contracts.Data.SecretType.Attached, Configuration = configs[Guid.Parse("DC40A993-2C44-4B48-96F5-7A98CC1F9A59")] }); #endregion if (saveSecrets) { foreach (var secret in secrets) { await dataProvider.SaveSecretAsync(secret, token); } } await dataProvider.AddSecretDependencyAsync(secrets[1].Key, secrets[2].Key, token); await dataProvider.AddSecretDependencyAsync(secrets[0].Key, secrets[3].Key, token); await dataProvider.AddSecretDependencyAsync(secrets[0].Key, secrets[4].Key, token); await dataProvider.AddSecretDependencyAsync(secrets[1].Key, secrets[4].Key, token); await dataProvider.AddSecretDependencyAsync(secrets[5].Key, secrets[7].Key, token); await dataProvider.AddSecretDependencyAsync(secrets[6].Key, secrets[8].Key, token); var children = await dataProvider.GetDependentSecretsAsync(secrets[0].Key, token); }
public MetadataController(SecretManagement.DataAccess.ISecretMetadataDataAccessProvider dataProvider) { DataAccessProvider = dataProvider; CancellationToken = CancellationToken.None; }