Пример #1
0
        static async Task Test()
        {
            var function = new LetsEncryptAccountKeySecretRotationFunction();

            var secretsManager = new AmazonSecretsManagerClient();


            var secretArn = string.Empty;

            secretArn = "arn:aws:secretsmanager:us-west-2:1234567890:secret:TestSecret-636999565209208171-icM7qC";

            if (string.IsNullOrEmpty(secretArn))
            {
                var createResult = await secretsManager.CreateSecretAsync(new CreateSecretRequest
                {
                    Name         = $"TestSecret-{DateTime.UtcNow.Ticks}",
                    SecretString = "{}"
                });

                secretArn = createResult.ARN;
            }


            var @event = new SecretRotationEvent
            {
                ClientRequestToken = Guid.NewGuid().ToString(),
                SecretId           = secretArn,
                Step = "createSecret"
            };

            var context = new TestContext();

            try
            {
                await function.Handler(@event, context);

                @event.Step = "setSecret";
                await function.Handler(@event, context);

                @event.Step = "testSecret";
                await function.Handler(@event, context);

                @event.Step = "finishSecret";
                await function.Handler(@event, context);
            }
            catch (Exception ex)
            {
                Console.Write(ex);
                throw;
            }
            finally
            {
                await secretsManager.DeleteSecretAsync(new DeleteSecretRequest
                {
                    SecretId = secretArn,
                    ForceDeleteWithoutRecovery = true
                });
            }
        }
Пример #2
0
        private async Task CreateSecret(ICollection <SecretManagerModel> secretsManager)
        {
            foreach (var secret in secretsManager)
            {
                var secretExisting = await GetSecret(secret.Chave);

                if (!string.IsNullOrEmpty(secretExisting))
                {
                    throw new Exception($"Secret já cadastrada: {secret.Chave}");
                }

                await _client.CreateSecretAsync(new CreateSecretRequest
                {
                    ClientRequestToken = Guid.NewGuid().ToString(),
                    Description        = "",
                    Name         = secret.Chave,
                    SecretString = secret.Valor
                });
            }
        }
Пример #3
0
        private bool CreateAwsAccount(string asset, string account, string password)
        {
            if (_awsClient == null || !ConfigurationIsValid)
            {
                _logger.Error("No vault connection. Make sure that the plugin has been configured.");
                return(false);
            }

            var name = $"{asset}-{account}";

            try
            {
                var createAccountRequest = new CreateSecretRequest
                {
                    Name         = name,
                    SecretString = password
                };

                var res = Task.Run(async() => await _awsClient.CreateSecretAsync(createAccountRequest));

                if (res.Result.HttpStatusCode == System.Net.HttpStatusCode.OK)
                {
                    _logger.Information($"Successfully created account {name} in vault.");
                    return(true);
                }
                else
                {
                    throw new Exception($"Http Status Code {res.Result.HttpStatusCode}");
                }
            }
            catch (Exception createEx)
            {
                _logger.Error(createEx, $"Failed to create account {name} in vault. Message: {createEx.Message}");
                return(false);
            }
        }