private void StartMonitoring() { if (_eventListener != null) { throw new DevOpsException("Listener is already running."); } var sppAddress = _configDb.SafeguardAddress; var userCertificate = _configDb.UserCertificateBase64Data; var passPhrase = _configDb.UserCertificatePassphrase?.ToSecureString(); var apiVersion = _configDb.ApiVersion; var ignoreSsl = _configDb.IgnoreSsl; if (sppAddress == null || userCertificate == null || !apiVersion.HasValue || !ignoreSsl.HasValue) { _logger.Error("No safeguardConnection was found. Safeguard Secrets Broker for DevOps must be configured first"); return; } if (ignoreSsl.Value) { throw new DevOpsException("Monitoring cannot be enabled until a secure connection has been established. Trusted certificates may be missing."); } // This call will fail if the monitor is being started as part of the service start up. // The reason why is because at service startup, the user has not logged into Secrets Broker yet // so Secrets Broker does not have the SPP credentials that are required to query the current vault account credentials. // However, the monitor can still be started using the existing vault credentials. If syncing doesn't appear to be working // the monitor can be stopped and restarted which will cause a refresh of the vault credentials. _pluginManager.RefreshPluginCredentials(); // connect to Safeguard _a2AContext = Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, CertificateValidationCallback, apiVersion.Value); // figure out what API keys to monitor _retrievableAccounts = _configDb.GetAccountMappings().ToList(); if (_retrievableAccounts.Count == 0) { var msg = "No accounts have been mapped to plugins. Nothing to do."; _logger.Error(msg); throw new DevOpsException(msg); } var apiKeys = new List <SecureString>(); foreach (var account in _retrievableAccounts) { apiKeys.Add(account.ApiKey.ToSecureString()); } _eventListener = _a2AContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler); _eventListener.Start(); InitialPasswordPull(); _logger.Information("Password change monitoring has been started."); }
public PersistentSafeguardA2AEventListener(ISafeguardA2AContext a2AContext, SecureString apiKey, SafeguardEventHandler handler) { _a2AContext = a2AContext; if (apiKey == null) { throw new ArgumentException("Parameter may not be null", nameof(apiKey)); } _apiKey = apiKey.Copy(); RegisterEventHandler("AssetAccountPasswordUpdated", handler); Log.Debug("Persistent A2A event listener successfully created."); }
private void StopMonitoring() { try { _eventListener?.Stop(); _a2aContext?.Dispose(); _logger.Information("Password change monitoring has been stopped."); } finally { _eventListener = null; _a2aContext = null; _retrievableAccounts = null; } }
private void StartMonitoring() { if (_eventListener != null) { throw new DevOpsException("Listener is already running."); } var sppAddress = _configDb.SafeguardAddress; var userCertificate = _configDb.UserCertificateBase64Data; var passPhrase = _configDb.UserCertificatePassphrase?.ToSecureString(); var apiVersion = _configDb.ApiVersion; var ignoreSsl = _configDb.IgnoreSsl; if (sppAddress == null || userCertificate == null || !apiVersion.HasValue || !ignoreSsl.HasValue) { _logger.Error("No safeguardConnection was found. Safeguard Secrets Broker for DevOps must be configured first"); return; } _pluginManager.RefreshPluginCredentials(); // connect to Safeguard _a2AContext = (ignoreSsl == true) ? Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, apiVersion.Value, true) : Safeguard.A2A.GetContext(sppAddress, Convert.FromBase64String(userCertificate), passPhrase, CertificateValidationCallback, apiVersion.Value); // figure out what API keys to monitor _retrievableAccounts = _configDb.GetAccountMappings().ToList(); if (_retrievableAccounts.Count == 0) { var msg = "No accounts have been mapped to plugins. Nothing to do."; _logger.Error(msg); throw new DevOpsException(msg); } var apiKeys = new List <SecureString>(); foreach (var account in _retrievableAccounts) { apiKeys.Add(account.ApiKey.ToSecureString()); } _eventListener = _a2AContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler); _eventListener.Start(); _logger.Information("Password change monitoring has been started."); }
public PersistentSafeguardA2AEventListener(ISafeguardA2AContext a2AContext, IEnumerable <SecureString> apiKeys, SafeguardEventHandler handler) { _a2AContext = a2AContext; if (apiKeys == null) { throw new ArgumentException("Parameter may not be null", nameof(apiKeys)); } _apiKeys = new List <SecureString>(); foreach (var apiKey in apiKeys) { _apiKeys.Add(apiKey.Copy()); } if (!_apiKeys.Any()) { throw new ArgumentException("Parameter must include at least one item", nameof(apiKeys)); } RegisterEventHandler("AssetAccountPasswordUpdated", handler); Log.Debug("Persistent A2A event listener successfully created."); }
private void StartMonitoring() { if (_eventListener != null) { throw new Exception("Listener is already running."); } var configuration = _configurationRepository.GetConfiguration(); if (configuration == null) { _logger.Error("No configuration was found. DevOps service must be configured first"); return; } // connect to Safeguard _a2aContext = Safeguard.A2A.GetContext(configuration.SppAddress, configuration.CertificateUserThumbPrint, _safeguardApiVersion, _safeguardIgnoreSsl); // figure out what API keys to monitor _retrievableAccounts = GetRetrievableAccounts().ToList(); if (_retrievableAccounts.Count == 0) { _logger.Error("No API keys found in A2A registrations. Nothing to do."); throw new Exception("No API keys found in A2A registrations. Nothing to do."); } var apiKeys = new List <SecureString>(); foreach (var account in _retrievableAccounts) { apiKeys.Add(account.ApiKey.ToSecureString()); } _eventListener = _a2aContext.GetPersistentA2AEventListener(apiKeys, PasswordChangeHandler); _eventListener.Start(); _logger.Information("Password change monitoring has been started."); }
public void Start() { // connect to Safeguard _connection = Safeguard.Connect(_safeguardAddress, _safeguardClientCertificateThumbprint, _safeguardApiVersion, _safeguardIgnoreSsl); _a2AContext = Safeguard.A2A.GetContext(_safeguardAddress, _safeguardClientCertificateThumbprint, _safeguardApiVersion, _safeguardIgnoreSsl); // figure out what API keys to monitor GetApiKeysFromA2ARegistrations(); if (_monitoredPasswords.Count == 0) { throw new Exception("No API keys found in A2A registrations. Nothing to do."); } Log.Information("Found {MonitoredPasswordCount} API keys to monitor for password changes", _monitoredPasswords.Count); // start the listeners foreach (var monitored in _monitoredPasswords) { StartListener(monitored); } }