private void StartMonitoring()
{
if (_eventListener != null)
{
throw new DevOpsException("Listener is already running.");
}
var sppAddress = _configDb.SafeguardAddress;
var userCertificate = _configDb.UserCertificateBase64Data;
var passPhrase = _configDb.UserCertificatePassphrase?.ToSecureString();
var apiVersion = _configDb.ApiVersion;
var ignoreSsl = _configDb.IgnoreSsl;
if (sppAddress == null || userCertificate == null || !apiVersion.HasValue || !ignoreSsl.HasValue)
{
_logger.Error("No safeguardConnection was found. Safeguard Secrets Broker for DevOps must be configured first");
return;
}
if (ignoreSsl.Value)
{
throw new DevOpsException("Monitoring cannot be enabled until a secure connection has been established. Trusted certificates may be missing.");
}
// This call will fail if the monitor is being started as part of the service start up.
// The reason why is because at service startup, the user has not logged into Secrets Broker yet
// so Secrets Broker does not have the SPP credentials that are required to query the current vault account credentials.
// However, the monitor can still be started using the existing vault credentials. If syncing doesn't appear to be working
// the monitor can be stopped and restarted which will cause a refresh of the vault credentials.
_pluginManager.RefreshPluginCredentials();
// connect to Safeguard
_a2AContext = Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, CertificateValidationCallback, apiVersion.Value);
// figure out what API keys to monitor
_retrievableAccounts = _configDb.GetAccountMappings().ToList();
if (_retrievableAccounts.Count == 0)
{
var msg = "No accounts have been mapped to plugins. Nothing to do.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
var apiKeys = new List <SecureString>();
foreach (var account in _retrievableAccounts)
{
apiKeys.Add(account.ApiKey.ToSecureString());
}
_eventListener = _a2AContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler);
_eventListener.Start();
InitialPasswordPull();
_logger.Information("Password change monitoring has been started.");
}
public PersistentSafeguardA2AEventListener(ISafeguardA2AContext a2AContext, SecureString apiKey, SafeguardEventHandler handler)
{
_a2AContext = a2AContext;
if (apiKey == null)
{
throw new ArgumentException("Parameter may not be null", nameof(apiKey));
}
_apiKey = apiKey.Copy();
RegisterEventHandler("AssetAccountPasswordUpdated", handler);
Log.Debug("Persistent A2A event listener successfully created.");
}
private void StopMonitoring()
{
try
{
_eventListener?.Stop();
_a2aContext?.Dispose();
_logger.Information("Password change monitoring has been stopped.");
}
finally
{
_eventListener = null;
_a2aContext = null;
_retrievableAccounts = null;
}
}
private void StartMonitoring()
{
if (_eventListener != null)
{
throw new DevOpsException("Listener is already running.");
}
var sppAddress = _configDb.SafeguardAddress;
var userCertificate = _configDb.UserCertificateBase64Data;
var passPhrase = _configDb.UserCertificatePassphrase?.ToSecureString();
var apiVersion = _configDb.ApiVersion;
var ignoreSsl = _configDb.IgnoreSsl;
if (sppAddress == null || userCertificate == null || !apiVersion.HasValue || !ignoreSsl.HasValue)
{
_logger.Error("No safeguardConnection was found. Safeguard Secrets Broker for DevOps must be configured first");
return;
}
_pluginManager.RefreshPluginCredentials();
// connect to Safeguard
_a2AContext = (ignoreSsl == true) ? Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, apiVersion.Value, true) :
Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, CertificateValidationCallback, apiVersion.Value);
// figure out what API keys to monitor
_retrievableAccounts = _configDb.GetAccountMappings().ToList();
if (_retrievableAccounts.Count == 0)
{
var msg = "No accounts have been mapped to plugins. Nothing to do.";
_logger.Error(msg);
throw new DevOpsException(msg);
}
var apiKeys = new List <SecureString>();
foreach (var account in _retrievableAccounts)
{
apiKeys.Add(account.ApiKey.ToSecureString());
}
_eventListener = _a2AContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler);
_eventListener.Start();
_logger.Information("Password change monitoring has been started.");
}
public PersistentSafeguardA2AEventListener(ISafeguardA2AContext a2AContext, IEnumerable <SecureString> apiKeys,
SafeguardEventHandler handler)
{
_a2AContext = a2AContext;
if (apiKeys == null)
{
throw new ArgumentException("Parameter may not be null", nameof(apiKeys));
}
_apiKeys = new List <SecureString>();
foreach (var apiKey in apiKeys)
{
_apiKeys.Add(apiKey.Copy());
}
if (!_apiKeys.Any())
{
throw new ArgumentException("Parameter must include at least one item", nameof(apiKeys));
}
RegisterEventHandler("AssetAccountPasswordUpdated", handler);
Log.Debug("Persistent A2A event listener successfully created.");
}
private void StartMonitoring()
{
if (_eventListener != null)
{
throw new Exception("Listener is already running.");
}
var configuration = _configurationRepository.GetConfiguration();
if (configuration == null)
{
_logger.Error("No configuration was found. DevOps service must be configured first");
return;
}
// connect to Safeguard
_a2aContext = Safeguard.A2A.GetContext(configuration.SppAddress, configuration.CertificateUserThumbPrint,
_safeguardApiVersion, _safeguardIgnoreSsl);
// figure out what API keys to monitor
_retrievableAccounts = GetRetrievableAccounts().ToList();
if (_retrievableAccounts.Count == 0)
{
_logger.Error("No API keys found in A2A registrations. Nothing to do.");
throw new Exception("No API keys found in A2A registrations. Nothing to do.");
}
var apiKeys = new List <SecureString>();
foreach (var account in _retrievableAccounts)
{
apiKeys.Add(account.ApiKey.ToSecureString());
}
_eventListener = _a2aContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler);
_eventListener.Start();
_logger.Information("Password change monitoring has been started.");
}
public void Start()
{
// connect to Safeguard
_connection = Safeguard.Connect(_safeguardAddress, _safeguardClientCertificateThumbprint,
_safeguardApiVersion, _safeguardIgnoreSsl);
_a2AContext = Safeguard.A2A.GetContext(_safeguardAddress, _safeguardClientCertificateThumbprint,
_safeguardApiVersion, _safeguardIgnoreSsl);
// figure out what API keys to monitor
GetApiKeysFromA2ARegistrations();
if (_monitoredPasswords.Count == 0)
{
throw new Exception("No API keys found in A2A registrations. Nothing to do.");
}
Log.Information("Found {MonitoredPasswordCount} API keys to monitor for password changes", _monitoredPasswords.Count);
// start the listeners
foreach (var monitored in _monitoredPasswords)
{
StartListener(monitored);
}
}
