Class MaintainerProfile
Provides the IProfileClient implementation used by NEONFORGE maintainers to obtain 1Password secrets via our internal neon-assistant tool.
Implements
Namespace: Neon.Deployment
Assembly: Neon.Deployment.dll
Syntax
public class MaintainerProfile : IProfileClientConstructors
MaintainerProfile()
Constructs a profile client with default parameters. This is suitable for constructing from Powershell scripts.
note
MaintainerProfile currently only supports Windows.
Declaration
public MaintainerProfile()Exceptions
| Type | Condition |
|---|---|
| NotSupportedException | Thrown when not running on Windows. |
MaintainerProfile(string, TimeSpan)
Constructor with optional client timeout.
note
MaintainerProfile currently supports only Windows.
Declaration
public MaintainerProfile(string pipeName, TimeSpan connectTimeout = default)Parameters
| Type | Name | Description |
|---|---|---|
| string | pipeName | Specifies the server pipe name. |
| TimeSpan | connectTimeout | Optionally specifies the connection timeout. This defaults to 10 seconds. |
Exceptions
| Type | Condition |
|---|---|
| NotSupportedException | Thrown when not running on Windows. |
Methods
Call(Dictionary<string, string>)
Declaration
public string Call(Dictionary<string, string> args)Parameters
| Type | Name | Description |
|---|---|---|
| Dictionary<string, string> | args |
Returns
| Type | Description |
|---|---|
| string |
ClearAwsCredentials()
Removes the AWS-CLI credential environment variables if present:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY
Declaration
public void ClearAwsCredentials()EnsureAuthenticated(TimeSpan)
Requests that the profile server be signed-in when it's not already signed or extend the
sign-in period. By default, the sign-in period will be extended by the default time configured
for the server but this can be overridden via signinPeriod (which comes in handy
for operations that may take longer than the profile server default).
Declaration
public void EnsureAuthenticated(TimeSpan signinPeriod = default)Parameters
| Type | Name | Description |
|---|---|---|
| TimeSpan | signinPeriod | Optionally how long to extend the sign-in. Passing zero (the default) or values less than zero, will extend the sign-in by the default sign-in period implemented by the profile server. |
Remarks
Profile implementations that don't required that developers sign-in when secrets are requested should treat this as a NOP and just return OK.
Exceptions
| Type | Condition |
|---|---|
| ProfileException | Thrown if the profile server returns an error, i.e. when the server is not currently signed-in.. |
GetAwsCredentials(string)
Retrieves the AWS access key ID and secret access key from 1Password and sets these enviroment variables for use by the AWS-CLI:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY
Declaration
public void GetAwsCredentials(string secretName = "AWS_NEONFORGE")Parameters
| Type | Name | Description |
|---|---|---|
| string | secretName | Optionally specifies a custom name for the 1Password secret holding the credentials. |
Remarks
The AWS credentials are persisted to a 1Password secret for each maintainer, where each user should be granted individual credentials so they can be easy to revoke if necessary. We use a single secret to hold these individual fields:
| ACCESS_KEY_ID | Identifies the AWS access key. |
| SECRET_ACCESS_KEY | The AWS access key secret. |
GetCommonSecrets()
Proactively used to retrieve secrets commonly used for CI/CD operations so they'll
be available even after neon-assistant has signed out some time later.
Currently, AWS and GitHub credentials are retrieved.
Declaration
public void GetCommonSecrets()GetProfileValue(string, bool)
Requests a profile value from the assistant.
Declaration
public string GetProfileValue(string name, bool nullOnNotFound = false)Parameters
| Type | Name | Description |
|---|---|---|
| string | name | Identifies the profile value. |
| bool | nullOnNotFound | Optionally specifies that |
Returns
| Type | Description |
|---|---|
| string | The password value. |
Exceptions
| Type | Condition |
|---|---|
| ProfileException | Thrown if the profile server returns an error. |
GetSecretPassword(string, string, string, bool)
Requests the value of a secret password from 1Password via the assistant.
Declaration
public string GetSecretPassword(string name, string vault = null, string masterPassword = null, bool nullOnNotFound = false)Parameters
| Type | Name | Description |
|---|---|---|
| string | name | Specifies the secret name. |
| string | vault | Optionally specifies the 1Password vault. This defaults to the current user (as managed by the IProfileClient implementaton). |
| string | masterPassword | Optionally specifies the master 1Password when it is already known. |
| bool | nullOnNotFound | Optionally specifies that |
Returns
| Type | Description |
|---|---|
| string | The password value. |
Exceptions
| Type | Condition |
|---|---|
| ProfileException | Thrown if the profile server returns an error. |
GetSecretValue(string, string, string, bool)
Requests the value of a secret value from 1Password via the assistant.
Declaration
public string GetSecretValue(string name, string vault = null, string masterPassword = null, bool nullOnNotFound = false)Parameters
| Type | Name | Description |
|---|---|---|
| string | name | Specifies the secret name. |
| string | vault | Optionally specifies the 1Password vault. This defaults to the current user (as managed by the IProfileClient implementaton). |
| string | masterPassword | Optionally specifies the master 1Password when it is already known. |
| bool | nullOnNotFound | Optionally specifies that |
Returns
| Type | Description |
|---|---|
| string | The password value. |
Exceptions
| Type | Condition |
|---|---|
| ProfileException | Thrown if the profile server returns an error. |
Signout()
Requests that the profile server sign-out from it's credential source.
Declaration
public void Signout()