private async Task <string> AnalyzeSnapshots <T>(string[] secretBackups) where T : ScriptSecrets
{
string analyzeResult = string.Empty;
try
{
List <T> shapShots = new List <T>();
foreach (string secretPath in secretBackups)
{
string secretString = await _repository.ReadAsync(ScriptSecretsType.Function, Path.GetFileNameWithoutExtension(secretPath));
shapShots.Add(ScriptSecretSerializer.DeserializeSecrets <T>(secretString));
}
string[] hosts = shapShots.Select(x => x.HostName).Distinct().ToArray();
if (hosts.Length > 1)
{
analyzeResult = string.Format(Resources.ErrorSameSecrets, string.Join(",", hosts));
}
}
catch
{
// best effort
}
return(analyzeResult);
}
public override async Task <ScriptSecrets> ReadAsync(ScriptSecretsType type, string functionName)
{
string filePath = GetSecretsFilePath(type, functionName);
string secretsContent = null;
if (File.Exists(filePath))
{
for (int currentRetry = 0; ; currentRetry++)
{
try
{
// load the secrets file
secretsContent = await FileUtility.ReadAsync(filePath);
break;
}
catch (IOException)
{
if (currentRetry > _retryCount)
{
throw;
}
}
await Task.Delay(_retryDelay);
}
}
return(string.IsNullOrEmpty(secretsContent) ? null : ScriptSecretSerializer.DeserializeSecrets(type, secretsContent));
}
public override async Task <ScriptSecrets> ReadAsync(ScriptSecretsType type, string functionName)
{
string secretsContent = null;
string blobPath = GetSecretsBlobPath(type, functionName);
try
{
BlobClient secretBlobClient = Container.GetBlobClient(blobPath);
if (await secretBlobClient.ExistsAsync())
{
var downloadResponse = await secretBlobClient.DownloadAsync();
using (StreamReader reader = new StreamReader(downloadResponse.Value.Content))
{
secretsContent = reader.ReadToEnd();
}
}
}
catch (Exception ex)
{
LogErrorMessage("read", ex);
throw;
}
return(string.IsNullOrEmpty(secretsContent) ? null : ScriptSecretSerializer.DeserializeSecrets(type, secretsContent));
}
public override async Task WriteSnapshotAsync(ScriptSecretsType type, string functionName, ScriptSecrets secrets)
{
if (secrets == null)
{
throw new ArgumentNullException(nameof(secrets));
}
string blobPath = GetSecretsBlobPath(type, functionName);
blobPath = SecretsUtility.GetNonDecryptableName(blobPath);
await WriteToBlobAsync(blobPath, ScriptSecretSerializer.SerializeSecrets(secrets));
}
public override async Task <ScriptSecrets> ReadAsync(ScriptSecretsType type, string functionName)
{
string secretsContent = null;
string blobPath = GetSecretsBlobPath(type, functionName);
CloudBlockBlob secretBlob = _blobContainer.GetBlockBlobReference(blobPath);
if (await secretBlob.ExistsAsync())
{
secretsContent = await secretBlob.DownloadTextAsync();
}
return(string.IsNullOrEmpty(secretsContent) ? null : ScriptSecretSerializer.DeserializeSecrets(type, secretsContent));
}
public override async Task WriteAsync(ScriptSecretsType type, string functionName, ScriptSecrets secrets)
{
if (secrets == null)
{
throw new ArgumentNullException(nameof(secrets));
}
string blobPath = GetSecretsBlobPath(type, functionName);
await WriteToBlobAsync(blobPath, ScriptSecretSerializer.SerializeSecrets(secrets));
string filePath = GetSecretsSentinelFilePath(type, functionName);
await FileUtility.WriteAsync(filePath, DateTime.UtcNow.ToString());
}
public override async Task WriteSnapshotAsync(ScriptSecretsType type, string functionName, ScriptSecrets secrets)
{
ArgumentNullException.ThrowIfNull(secrets);
string blobPath = GetSecretsBlobPath(type, functionName);
blobPath = SecretsUtility.GetNonDecryptableName(blobPath);
try
{
await WriteToBlobAsync(blobPath, ScriptSecretSerializer.SerializeSecrets(secrets));
}
catch (Exception ex)
{
LogErrorMessage("write", ex);
throw;
}
}
public override async Task WriteAsync(ScriptSecretsType type, string functionName, ScriptSecrets secrets)
{
ArgumentNullException.ThrowIfNull(secrets);
string blobPath = GetSecretsBlobPath(type, functionName);
try
{
await WriteToBlobAsync(blobPath, ScriptSecretSerializer.SerializeSecrets(secrets));
}
catch (Exception ex)
{
LogErrorMessage("write", ex);
throw;
}
string filePath = GetSecretsSentinelFilePath(type, functionName);
await FileUtility.WriteAsync(filePath, DateTime.UtcNow.ToString());
}
private async Task PersistSecretsAsync <T>(T secrets, string keyScope = null, bool isNonDecryptable = false) where T : ScriptSecrets
{
ScriptSecretsType secretsType = secrets.SecretsType;
string secretsContent = ScriptSecretSerializer.SerializeSecrets <T>(secrets);
if (isNonDecryptable)
{
string[] secretBackups = await _repository.GetSecretSnapshots(secrets.SecretsType, keyScope);
if (secretBackups.Length >= ScriptConstants.MaximumSecretBackupCount)
{
string message = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, string.IsNullOrEmpty(keyScope) ? "host" : keyScope);
_logger?.LogDebug(message);
throw new InvalidOperationException(message);
}
await _repository.WriteSnapshotAsync(secretsType, keyScope, secretsContent);
}
else
{
await _repository.WriteAsync(secretsType, keyScope, secretsContent);
}
}
public override async Task WriteAsync(ScriptSecretsType type, string functionName, ScriptSecrets secrets)
{
string filePath = GetSecretsFilePath(type, functionName);
for (int currentRetry = 0; ; currentRetry++)
{
try
{
await FileUtility.WriteAsync(filePath, ScriptSecretSerializer.SerializeSecrets(secrets));
break;
}
catch (IOException)
{
if (currentRetry > _retryCount)
{
throw;
}
}
await Task.Delay(_retryDelay);
}
}
private Task <ScriptSecrets> LoadSecretsAsync(ScriptSecretsType secretsType, string keyScope) => LoadSecretsAsync(secretsType, keyScope, s => ScriptSecretSerializer.DeserializeSecrets(secretsType, s));
private static void PersistSecrets <T>(T secrets, string secretsFilePath) where T : ScriptSecrets
{
string secretsContent = ScriptSecretSerializer.SerializeSecrets <T>(secrets);
File.WriteAllText(secretsFilePath, secretsContent);
}
private static bool TryLoadSecrets(ScriptSecretsType secretsType, string filePath, out ScriptSecrets secrets) => TryLoadSecrets(filePath, s => ScriptSecretSerializer.DeserializeSecrets(secretsType, s), out secrets);
private Task PersistSecretsAsync <T>(T secrets, string keyScope = null) where T : ScriptSecrets
{
string secretsContent = ScriptSecretSerializer.SerializeSecrets <T>(secrets);
return(_repository.WriteAsync(secrets.SecretsType, keyScope, secretsContent));
}
public override async Task WriteSnapshotAsync(ScriptSecretsType type, string functionName, ScriptSecrets secrets)
{
string filePath = GetSecretsFilePath(type, functionName, true);
await FileUtility.WriteAsync(filePath, ScriptSecretSerializer.SerializeSecrets(secrets));
}
private Task <ScriptSecrets> LoadSecretsAsync(ScriptSecretsType secretsType, string functionName) => LoadSecretsAsync(secretsType, functionName, s => ScriptSecretSerializer.DeserializeSecrets(secretsType, s));
