public SubscriptionCloudCredentials GetCredentials(VariableDictionary variables) { var subscriptionId = variables.Get(SpecialVariables.Action.Azure.SubscriptionId); var certificateThumbprint = variables.Get(SpecialVariables.Action.Azure.CertificateThumbprint); var certificateBytes = Convert.FromBase64String(variables.Get(SpecialVariables.Action.Azure.CertificateBytes)); var certificate = certificateStore.GetOrAdd(certificateThumbprint, certificateBytes); return(new CertificateCloudCredentials(subscriptionId, certificate)); }
private string CreateAzureCertificate(string workingDirectory, IVariables variables) { var certificateFilePath = Path.Combine(workingDirectory, CertificateFileName); var certificatePassword = GenerateCertificatePassword(); var azureCertificate = certificateStore.GetOrAdd( variables.Get(SpecialVariables.Action.Azure.CertificateThumbprint), Convert.FromBase64String(variables.Get(SpecialVariables.Action.Azure.CertificateBytes)), StoreName.My); variables.Set("OctopusAzureCertificateFileName", certificateFilePath); variables.Set("OctopusAzureCertificatePassword", certificatePassword); fileSystem.WriteAllBytes(certificateFilePath, azureCertificate.Export(X509ContentType.Pfx, certificatePassword)); return(certificateFilePath); }
void EnsureCertificateInStore(VariableDictionary variables, string certificateVariable) { var storeLocation = StoreLocation.LocalMachine; if (!string.IsNullOrWhiteSpace(storeLocationVariableName) && Enum.TryParse(variables.Get(storeLocationVariableName, StoreLocation.LocalMachine.ToString()), out StoreLocation storeLocationOverride)) { storeLocation = storeLocationOverride; } var storeName = StoreName.My; if (!string.IsNullOrWhiteSpace(storeNameVariableName) && Enum.TryParse(variables.Get(storeNameVariableName, StoreName.My.ToString()), out StoreName storeNameOverride)) { storeName = storeNameOverride; } certificateStore.GetOrAdd(variables, certificateVariable, storeName, storeLocation); }
public SubscriptionCloudCredentials GetCredentials(string subscriptionId, string certificateThumbprint, string certificateBytes) { var certificate = certificateStore.GetOrAdd(certificateThumbprint, certificateBytes); return(new CertificateCloudCredentials(subscriptionId, certificate)); }
static SubscriptionCloudCredentials Credentials(this AzureAccount account, ICertificateStore certificateStore) { var certificate = certificateStore.GetOrAdd(account.CertificateThumbprint, account.CertificateBytes); return(new CertificateCloudCredentials(account.SubscriptionNumber, certificate)); }
public int ExecuteHealthCheck(CalamariVariableDictionary variables) { if (!ServiceFabricHelper.IsServiceFabricSdkKeyInRegistry()) { throw new Exception("Could not find the Azure Service Fabric SDK on this server. This SDK is required before running health checks on Service Fabric targets."); } var connectionEndpoint = variables.Get(SpecialVariables.Action.ServiceFabric.ConnectionEndpoint); var securityMode = (AzureServiceFabricSecurityMode)Enum.Parse(typeof(AzureServiceFabricSecurityMode), variables.Get(SpecialVariables.Action.ServiceFabric.SecurityMode)); var serverCertThumbprint = variables.Get(SpecialVariables.Action.ServiceFabric.ServerCertThumbprint); var clientCertVariable = variables.Get(SpecialVariables.Action.ServiceFabric.ClientCertVariable); var certificateStoreLocation = variables.Get(SpecialVariables.Action.ServiceFabric.CertificateStoreLocation); if (string.IsNullOrWhiteSpace(certificateStoreLocation)) { certificateStoreLocation = StoreLocation.LocalMachine.ToString(); } var certificateStoreName = variables.Get(SpecialVariables.Action.ServiceFabric.CertificateStoreName); if (string.IsNullOrWhiteSpace(certificateStoreName)) { certificateStoreName = "My"; } var aadUserCredentialUsername = variables.Get(SpecialVariables.Action.ServiceFabric.AadUserCredentialUsername); var aadUserCredentialPassword = variables.Get(SpecialVariables.Action.ServiceFabric.AadUserCredentialPassword); log.Verbose($"Checking connectivity to Service Fabric cluster '{connectionEndpoint}' with security-mode '{securityMode}'"); FabricClient fabricClient = null; // ReSharper disable once SwitchStatementMissingSomeCases switch (securityMode) { case AzureServiceFabricSecurityMode.SecureClientCertificate: { log.Info("Connecting with Secure Client Certificate"); var clientCertThumbprint = variables.Get(clientCertVariable + ".Thumbprint"); var commonName = variables.Get(clientCertVariable + ".SubjectCommonName"); certificateStore.GetOrAdd(variables, clientCertVariable, certificateStoreName, certificateStoreLocation); var xc = GetCredentials(clientCertThumbprint, certificateStoreLocation, certificateStoreName, serverCertThumbprint, commonName); try { fabricClient = new FabricClient(xc, connectionEndpoint); } catch (Exception ex) { // SF throw weird exception messages if you don't have the certificate installed. if (ex.InnerException != null && ex.InnerException.Message.Contains("0x80071C57")) { throw new Exception($"Service Fabric was unable to to find certificate with thumbprint '{clientCertThumbprint}' in Cert:\\{certificateStoreLocation}\\{certificateStoreName}. Please make sure you have installed the certificate on the Octopus Server before attempting to use/reference it in a Service Fabric Cluster target."); } throw; } break; } case AzureServiceFabricSecurityMode.SecureAzureAD: { log.Info("Connecting with Secure Azure Active Directory"); var claimsCredentials = new ClaimsCredentials(); claimsCredentials.ServerThumbprints.Add(serverCertThumbprint); // ReSharper disable once UseObjectOrCollectionInitializer fabricClient = new FabricClient(claimsCredentials, connectionEndpoint); fabricClient.ClaimsRetrieval += (o, e) => { try { return(GetAccessToken(e.AzureActiveDirectoryMetadata, aadUserCredentialUsername, aadUserCredentialPassword)); } catch (Exception ex) { log.Error($"Connect failed: {ex.PrettyPrint()}"); return("BAD_TOKEN"); //TODO: mark.siedle - You cannot return null or an empty value here or the Azure lib spazzes out trying to call a lib that doesn't exist "System.Fabric.AzureActiveDirectory.Client" :( } }; break; } case AzureServiceFabricSecurityMode.SecureAD: { log.Info("Connecting with Secure Azure Active Directory"); log.Verbose("Using the service account of the octopus service as windows credentials"); var windowsCredentials = new WindowsCredentials(); fabricClient = new FabricClient(windowsCredentials, connectionEndpoint); break; } default: { log.Info("Connecting unsecurely"); fabricClient = new FabricClient(connectionEndpoint); break; } } if (fabricClient == null) { throw new Exception("Unable to create Service Fabric client."); } try { fabricClient.ClusterManager.GetClusterManifestAsync().GetAwaiter().GetResult(); log.Verbose("Successfully received a response from the Service Fabric client"); } finally { fabricClient.Dispose(); } return(0); }