public async Task <IActionResult> Create(ResourceViewModel resource, HttpRequest req, CancellationToken cancellationToken)
{
_ = req;
if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.ResourceAdmin))
{
return(new UnauthorizedResult());
}
var provider = _providerManager.GetProviderMetadata(resource.ProviderType);
if (provider == null)
{
return(new NotFoundObjectResult("Provider type not found"));
}
if (!_providerManager.TestProviderConfiguration(provider.ProviderTypeName, resource.SerializedProviderConfiguration))
{
return(new BadRequestErrorMessageResult("Invalid Provider configuration!"));
}
Resource newResource = new Resource()
{
Name = resource.Name,
Description = resource.Description,
ProviderType = provider.ProviderTypeName,
ProviderConfiguration = resource.SerializedProviderConfiguration
};
await _resources.Create(newResource, cancellationToken);
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.ResourceCreated, nameof(ResourcesService.Create), newResource);
return(new OkObjectResult(_resourceViewModel(newResource)));
}
public async Task <IActionResult> Create(ManagedSecretViewModel inputSecret, CancellationToken cancellationToken)
{
if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.SecretAdmin))
{
return(new UnauthorizedResult());
}
var resources = await _resources.Get(cancellationToken);
var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList();
if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id)))
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(ManagedSecretsService.Create), "New Managed Secret attempted to use one or more invalid Resource IDs");
return(new NotFoundObjectResult("One or more Resource IDs not found!"));
}
ManagedSecret newManagedSecret = new ManagedSecret()
{
Name = inputSecret.Name,
Description = inputSecret.Description,
ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
LastChanged = DateTimeOffset.UtcNow - TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes),
TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies,
ResourceIds = resourceIds,
Nonce = await _cryptographicImplementation.GenerateCryptographicallyRandomString(_configuration.DefaultNonceLength)
};
await _managedSecrets.Create(newManagedSecret, cancellationToken);
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.SecretCreated, nameof(ManagedSecretsService.Create), newManagedSecret);
return(new OkObjectResult(_managedSecretViewModel(newManagedSecret)));
}
public async Task <IActionResult> GetBlankConfiguration(HttpRequest req, string providerType)
{
_ = req;
if (!_identityService.IsUserLoggedIn)
{
return(new UnauthorizedResult());
}
var provider = _providerManager.LoadedProviders.FirstOrDefault(p => p.ProviderTypeName == providerType);
if (provider == null)
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(ProvidersService.GetBlankConfiguration), "Invalid Provider specified");
return(new NotFoundResult());
}
return(new OkObjectResult(_configViewModel(_providerManager.GetProviderConfiguration(provider.ProviderTypeName))));
}
private async Task CreateAndNotify(IEnumerable <RekeyingTask> tasks, CancellationToken cancellationToken)
{
if (!tasks.Any())
{
return;
}
await Task.WhenAll(tasks.Select(t => _rekeyingTasks.Create(t, cancellationToken)));
foreach (var task in tasks)
{
var secret = await _managedSecrets.GetOne(task.ManagedSecretId, cancellationToken);
if (task.ConfirmationType.UsesOBOTokens())
{
await _eventDispatcherMetaService.DispatchEvent(AuthJanitorSystemEvents.RotationTaskCreatedForApproval, nameof(ScheduleRekeyingTasksService.CreateAndNotify), task);
}
else
{
await _eventDispatcherMetaService.DispatchEvent(AuthJanitorSystemEvents.RotationTaskCreatedForAutomation, nameof(ScheduleRekeyingTasksService.CreateAndNotify), task);
}
}
}
public async Task <IActionResult> Create(HttpRequest req, Guid secretId, CancellationToken cancellationToken)
{
_ = req;
if (!_identityService.CurrentUserHasRole(AuthJanitorRoles.ServiceOperator))
{
return(new UnauthorizedResult());
}
if (!await _managedSecrets.ContainsId(secretId, cancellationToken))
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(RekeyingTasksService.Create), "Secret ID not found");
return(new NotFoundObjectResult("Secret not found!"));
}
var secret = await _managedSecrets.GetOne(secretId, cancellationToken);
if (!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminCachesSignOff) &&
!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminSignsOffJustInTime))
{
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.AnomalousEventOccurred, nameof(RekeyingTasksService.Create), "Managed Secret does not support adminstrator approval");
return(new BadRequestErrorMessageResult("Managed Secret does not support administrator approval!"));
}
RekeyingTask newTask = new RekeyingTask()
{
Queued = DateTimeOffset.UtcNow,
Expiry = secret.Expiry,
ManagedSecretId = secret.ObjectId
};
await _rekeyingTasks.Create(newTask, cancellationToken);
await _eventDispatcher.DispatchEvent(AuthJanitorSystemEvents.RotationTaskCreatedForApproval, nameof(RekeyingTasksService.Create), newTask);
return(new OkObjectResult(newTask));
}