public async Task <IActionResult> Update( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "managedSecrets/{secretId:guid}")] ManagedSecretViewModel inputSecret, HttpRequest req, Guid secretId, ILogger log) { if (!req.IsValidUser(AuthJanitorRoles.SecretAdmin, AuthJanitorRoles.GlobalAdmin)) { return(new UnauthorizedResult()); } log.LogInformation("Updating Managed Secret {0}", secretId); if (!await ManagedSecrets.ContainsIdAsync(secretId)) { return(new BadRequestErrorMessageResult("Secret not found!")); } var resources = await Resources.ListAsync(); var resourceIds = inputSecret.ResourceIds.Split(';').Select(r => Guid.Parse(r)).ToList(); if (resourceIds.Any(id => !resources.Any(r => r.ObjectId == id))) { var invalidIds = resourceIds.Where(id => !resources.Any(r => r.ObjectId == id)); log.LogError("New Managed Secret attempted to link one or more invalid Resource IDs: {0}", invalidIds); return(new BadRequestErrorMessageResult("One or more ResourceIds not found!")); } ManagedSecret newManagedSecret = new ManagedSecret() { ObjectId = secretId, Name = inputSecret.Name, Description = inputSecret.Description, ValidPeriod = TimeSpan.FromMinutes(inputSecret.ValidPeriodMinutes), TaskConfirmationStrategies = inputSecret.TaskConfirmationStrategies, ResourceIds = resourceIds }; await ManagedSecrets.UpdateAsync(newManagedSecret); log.LogInformation("Updated Managed Secret '{0}'", newManagedSecret.Name); return(new OkObjectResult(GetViewModel(newManagedSecret))); }
public async Task <IActionResult> Get( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "managedSecrets/{secretId:guid}")] HttpRequest req, Guid secretId, ILogger log) { if (!req.IsValidUser()) { return(new UnauthorizedResult()); } log.LogInformation("Retrieving Managed Secret {0}.", secretId); if (!await ManagedSecrets.ContainsIdAsync(secretId)) { return(new BadRequestErrorMessageResult("Secret not found!")); } return(new OkObjectResult(GetViewModel(await ManagedSecrets.GetAsync(secretId)))); }
public async Task <IActionResult> Delete( [HttpTrigger(AuthorizationLevel.Anonymous, "delete", Route = "managedSecrets/{secretId:guid}")] HttpRequest req, Guid secretId, ILogger log) { if (!req.IsValidUser(AuthJanitorRoles.SecretAdmin, AuthJanitorRoles.GlobalAdmin)) { return(new UnauthorizedResult()); } log.LogInformation("Deleting Managed Secret {0}", secretId); if (!await ManagedSecrets.ContainsIdAsync(secretId)) { return(new BadRequestErrorMessageResult("Secret not found!")); } await ManagedSecrets.DeleteAsync(secretId); log.LogInformation("Deleted Managed Secret {0}", secretId); return(new OkResult()); }
public async Task <IActionResult> Create( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "tasks")] string secretId, HttpRequest req, ILogger log) { if (!req.IsValidUser(AuthJanitorRoles.ServiceOperator, AuthJanitorRoles.GlobalAdmin)) { return(new UnauthorizedResult()); } log.LogInformation("Creating new Task."); if (!await ManagedSecrets.ContainsIdAsync(Guid.Parse(secretId))) { return(new BadRequestErrorMessageResult("Invalid Managed Secret ID")); } var secret = await ManagedSecrets.GetAsync(Guid.Parse(secretId)); if (!secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminCachesSignOff) && !secret.TaskConfirmationStrategies.HasFlag(TaskConfirmationStrategies.AdminSignsOffJustInTime)) { return(new BadRequestErrorMessageResult("Managed Secret does not support administrator approval!")); } RekeyingTask newTask = new RekeyingTask() { Queued = DateTimeOffset.UtcNow, Expiry = secret.Expiry, ManagedSecretId = secret.ObjectId }; await RekeyingTasks.CreateAsync(newTask); return(new OkObjectResult(newTask)); }