shibayan · shibayan · Jun 11, 2023 · Jun 19, 2023 · Jun 22, 2023 · Jul 31, 2023
diff --git a/KeyVault.Acmebot/.gitignore b/KeyVault.Acmebot/.gitignore
@@ -261,4 +261,9 @@ paket-files/
 
 # Python Tools for Visual Studio (PTVS)
 __pycache__/
-*.pyc
+*.pyc
+
+# Service dependencies
+Properties/serviceDependencies.json
+Properties/serviceDependencies.*.json
+Properties/ServiceDependencies/
diff --git a/KeyVault.Acmebot/Functions/GetCertificates.cs b/KeyVault.Acmebot/Functions/GetCertificates.cs
@@ -24,14 +24,6 @@ public GetCertificates(IHttpContextAccessor httpContextAccessor)
     {
     }
 
-    [FunctionName($"{nameof(GetCertificates)}_{nameof(Orchestrator)}")]
-    public Task<IReadOnlyList<CertificateItem>> Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context)
-    {
-        var activity = context.CreateActivityProxy<ISharedActivity>();
-
-        return activity.GetAllCertificates();
-    }
-
     [FunctionName($"{nameof(GetCertificates)}_{nameof(HttpStart)}")]
     public async Task<IActionResult> HttpStart(
         [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "api/certificates")] HttpRequest req,
@@ -50,4 +42,12 @@ public async Task<IActionResult> HttpStart(
 
         return await starter.WaitForCompletionOrCreateCheckStatusResponseAsync(req, instanceId, TimeSpan.FromMinutes(1), returnInternalServerErrorOnFailure: true);
     }
+
+    [FunctionName($"{nameof(GetCertificates)}_{nameof(Orchestrator)}")]
+    public Task<IReadOnlyList<CertificateItem>> Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context)
+    {
+        var activity = context.CreateActivityProxy<ISharedActivity>();
+
+        return activity.GetAllCertificates();
+    }
 }
diff --git a/KeyVault.Acmebot/Functions/GetDnsZones.cs b/KeyVault.Acmebot/Functions/GetDnsZones.cs
@@ -22,14 +22,6 @@ public GetDnsZones(IHttpContextAccessor httpContextAccessor)
     {
     }
 
-    [FunctionName($"{nameof(GetDnsZones)}_{nameof(Orchestrator)}")]
-    public Task<IReadOnlyList<string>> Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context)
-    {
-        var activity = context.CreateActivityProxy<ISharedActivity>();
-
-        return activity.GetZones();
-    }
-
     [FunctionName($"{nameof(GetDnsZones)}_{nameof(HttpStart)}")]
     public async Task<IActionResult> HttpStart(
         [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "api/dns-zones")] HttpRequest req,
@@ -48,4 +40,12 @@ public async Task<IActionResult> HttpStart(
 
         return await starter.WaitForCompletionOrCreateCheckStatusResponseAsync(req, instanceId, TimeSpan.FromMinutes(1), returnInternalServerErrorOnFailure: true);
     }
+
+    [FunctionName($"{nameof(GetDnsZones)}_{nameof(Orchestrator)}")]
+    public Task<IReadOnlyList<string>> Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context)
+    {
+        var activity = context.CreateActivityProxy<ISharedActivity>();
+
+        return activity.GetZones();
+    }
 }
diff --git a/KeyVault.Acmebot/Functions/GetInstanceState.cs b/KeyVault.Acmebot/Functions/GetInstanceState.cs
@@ -35,16 +35,11 @@ public async Task<IActionResult> HttpStart(
             return BadRequest();
         }
 
-        if (status.RuntimeStatus == OrchestrationRuntimeStatus.Failed)
+        return status.RuntimeStatus switch
         {
-            return Problem(status.Output.ToString());
-        }
-
-        if (status.RuntimeStatus is OrchestrationRuntimeStatus.Running or OrchestrationRuntimeStatus.Pending or OrchestrationRuntimeStatus.ContinuedAsNew)
-        {
-            return AcceptedAtFunction($"{nameof(GetInstanceState)}_{nameof(HttpStart)}", new { instanceId }, null);
-        }
-
-        return Ok();
+            OrchestrationRuntimeStatus.Completed => Ok(status.Output),
+            OrchestrationRuntimeStatus.Failed or OrchestrationRuntimeStatus.Canceled or OrchestrationRuntimeStatus.Terminated => Problem(status.Output.ToString()),
+            _ => AcceptedAtFunction($"{nameof(GetInstanceState)}_{nameof(HttpStart)}", new { instanceId }, null),
+        };
     }
 }
diff --git a/KeyVault.Acmebot/Functions/PurgeInstanceHistory.cs b/KeyVault.Acmebot/Functions/PurgeInstanceHistory.cs
@@ -19,7 +19,9 @@ public Task Timer([TimerTrigger("0 0 0 1 * *")] TimerInfo timer, [DurableClient]
             new[]
             {
                 OrchestrationStatus.Completed,
-                OrchestrationStatus.Failed
+                OrchestrationStatus.Failed,
+                OrchestrationStatus.Canceled,
+                OrchestrationStatus.Terminated
             });
     }
 }
diff --git a/KeyVault.Acmebot/Functions/RenewCertificate.cs b/KeyVault.Acmebot/Functions/RenewCertificate.cs
@@ -5,6 +5,7 @@
 using DurableTask.TypedProxy;
 
 using KeyVault.Acmebot.Internal;
+using KeyVault.Acmebot.Models;
 
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -22,19 +23,6 @@ public RenewCertificate(IHttpContextAccessor httpContextAccessor)
     {
     }
 
-    [FunctionName($"{nameof(RenewCertificate)}_{nameof(Orchestrator)}")]
-    public async Task Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context, ILogger log)
-    {
-        var certificateName = context.GetInput<string>();
-
-        var activity = context.CreateActivityProxy<ISharedActivity>();
-
-        // 証明書の更新処理を開始
-        var certificatePolicyItem = await activity.GetCertificatePolicy(certificateName);
-
-        await context.CallSubOrchestratorAsync(nameof(SharedOrchestrator.IssueCertificate), certificatePolicyItem);
-    }
-
     [FunctionName($"{nameof(RenewCertificate)}_{nameof(HttpStart)}")]
     public async Task<IActionResult> HttpStart(
         [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "api/certificate/{certificateName}/renew")] HttpRequest req,
@@ -59,4 +47,17 @@ public async Task<IActionResult> HttpStart(
 
         return AcceptedAtFunction($"{nameof(GetInstanceState)}_{nameof(GetInstanceState.HttpStart)}", new { instanceId }, null);
     }
+
+    [FunctionName($"{nameof(RenewCertificate)}_{nameof(Orchestrator)}")]
+    public async Task<CertificateItem> Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context, ILogger log)
+    {
+        var certificateName = context.GetInput<string>();
+
+        var activity = context.CreateActivityProxy<ISharedActivity>();
+
+        // 証明書の更新処理を開始
+        var certificatePolicyItem = await activity.GetCertificatePolicy(certificateName);
+
+        return await context.CallSubOrchestratorAsync<CertificateItem>(nameof(SharedOrchestrator.IssueCertificate), certificatePolicyItem);
+    }
 }
diff --git a/KeyVault.Acmebot/Functions/RenewCertificates.cs b/KeyVault.Acmebot/Functions/RenewCertificates.cs
@@ -4,6 +4,8 @@
 
 using DurableTask.TypedProxy;
 
+using KeyVault.Acmebot.Models;
+
 using Microsoft.Azure.WebJobs;
 using Microsoft.Azure.WebJobs.Extensions.DurableTask;
 using Microsoft.Extensions.Logging;
@@ -12,6 +14,15 @@ namespace KeyVault.Acmebot.Functions;
 
 public class RenewCertificates
 {
+    [FunctionName($"{nameof(RenewCertificates)}_{nameof(Timer)}")]
+    public async Task Timer([TimerTrigger("0 0 0 * * *")] TimerInfo timer, [DurableClient] IDurableClient starter, ILogger log)
+    {
+        // Function input comes from the request content.
+        var instanceId = await starter.StartNewAsync($"{nameof(RenewCertificates)}_{nameof(Orchestrator)}");
+
+        log.LogInformation($"Started orchestration with ID = '{instanceId}'.");
+    }
+
     [FunctionName($"{nameof(RenewCertificates)}_{nameof(Orchestrator)}")]
     public async Task Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context, ILogger log)
     {
@@ -43,7 +54,7 @@ public async Task Orchestrator([OrchestrationTrigger] IDurableOrchestrationConte
                 // 証明書の更新処理を開始
                 var certificatePolicyItem = await activity.GetCertificatePolicy(certificate.Name);
 
-                await context.CallSubOrchestratorWithRetryAsync(nameof(SharedOrchestrator.IssueCertificate), _retryOptions, certificatePolicyItem);
+                await context.CallSubOrchestratorWithRetryAsync<CertificateItem>(nameof(SharedOrchestrator.IssueCertificate), _retryOptions, certificatePolicyItem);
             }
             catch (Exception ex)
             {
@@ -54,15 +65,6 @@ public async Task Orchestrator([OrchestrationTrigger] IDurableOrchestrationConte
         }
     }
 
-    [FunctionName($"{nameof(RenewCertificates)}_{nameof(Timer)}")]
-    public async Task Timer([TimerTrigger("0 0 0 * * *")] TimerInfo timer, [DurableClient] IDurableClient starter, ILogger log)
-    {
-        // Function input comes from the request content.
-        var instanceId = await starter.StartNewAsync($"{nameof(RenewCertificates)}_{nameof(Orchestrator)}");
-
-        log.LogInformation($"Started orchestration with ID = '{instanceId}'.");
-    }
-
     private readonly RetryOptions _retryOptions = new(TimeSpan.FromHours(3), 2)
     {
         Handle = ex => ex.InnerException?.InnerException is RetriableOrchestratorException

diff --git a/KeyVault.Acmebot/Functions/RevokeCertificate.cs b/KeyVault.Acmebot/Functions/RevokeCertificate.cs
@@ -23,16 +23,6 @@ public RevokeCertificate(IHttpContextAccessor httpContextAccessor)
     {
     }
 
-    [FunctionName($"{nameof(RevokeCertificate)}_{nameof(Orchestrator)}")]
-    public async Task Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context, ILogger log)
-    {
-        var certificateName = context.GetInput<string>();
-
-        var activity = context.CreateActivityProxy<ISharedActivity>();
-
-        await activity.RevokeCertificate(certificateName);
-    }
-
     [FunctionName($"{nameof(RevokeCertificate)}_{nameof(HttpStart)}")]
     public async Task<IActionResult> HttpStart(
         [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "api/certificate/{certificateName}/revoke")] HttpRequest req,
@@ -57,4 +47,14 @@ public async Task<IActionResult> HttpStart(
 
         return await starter.WaitForCompletionOrCreateCheckStatusResponseAsync(req, instanceId, TimeSpan.FromMinutes(1), returnInternalServerErrorOnFailure: true);
     }
+
+    [FunctionName($"{nameof(RevokeCertificate)}_{nameof(Orchestrator)}")]
+    public async Task Orchestrator([OrchestrationTrigger] IDurableOrchestrationContext context, ILogger log)
+    {
+        var certificateName = context.GetInput<string>();
+
+        var activity = context.CreateActivityProxy<ISharedActivity>();
+
+        await activity.RevokeCertificate(certificateName);
+    }
 }
diff --git a/KeyVault.Acmebot/Functions/SharedOrchestrator.cs b/KeyVault.Acmebot/Functions/SharedOrchestrator.cs
@@ -13,7 +13,7 @@ namespace KeyVault.Acmebot.Functions;
 public class SharedOrchestrator
 {
     [FunctionName(nameof(IssueCertificate))]
-    public async Task IssueCertificate([OrchestrationTrigger] IDurableOrchestrationContext context)
+    public async Task<CertificateItem> IssueCertificate([OrchestrationTrigger] IDurableOrchestrationContext context)
     {
         var certificatePolicy = context.GetInput<CertificatePolicyItem>();
 
@@ -62,5 +62,7 @@ public async Task IssueCertificate([OrchestrationTrigger] IDurableOrchestrationC
 
         // 証明書の更新が完了後に Webhook を送信する
         await activity.SendCompletedEvent((certificate.Name, certificate.ExpiresOn, certificatePolicy.DnsNames));
+
+        return certificate;
     }
 }
diff --git a/KeyVault.Acmebot/Internal/CertificateExtensions.cs b/KeyVault.Acmebot/Internal/CertificateExtensions.cs
@@ -39,6 +39,7 @@ public static CertificateItem ToCertificateItem(this KeyVaultCertificateWithPoli
         return new CertificateItem
         {
             Id = certificate.Id,
+            SecretId = certificate.SecretId,
             Name = certificate.Name,
             DnsNames = dnsNames is { Length: > 0 } ? dnsNames : new[] { certificate.Policy.Subject[3..] },
             CreatedOn = certificate.Properties.CreatedOn.Value,

diff --git a/KeyVault.Acmebot/KeyVault.Acmebot.csproj b/KeyVault.Acmebot/KeyVault.Acmebot.csproj
@@ -4,17 +4,17 @@
     <AzureFunctionsVersion>v4</AzureFunctionsVersion>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Route53" Version="3.7.104.87" />
+    <PackageReference Include="AWSSDK.Route53" Version="3.7.200.5" />
     <PackageReference Include="Azure.Identity" Version="1.9.0" />
     <PackageReference Include="Azure.ResourceManager.Dns" Version="1.0.1" />
     <PackageReference Include="Azure.ResourceManager.PrivateDns" Version="1.0.1" />
     <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.5.1" />
     <PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.5.0" />
     <PackageReference Include="DnsClient" Version="1.7.0" />
     <PackageReference Include="DurableTask.TypedProxy" Version="2.2.2" />
-    <PackageReference Include="Google.Apis.Dns.v1" Version="1.60.0.3018" />
+    <PackageReference Include="Google.Apis.Dns.v1" Version="1.61.0.3114" />
     <PackageReference Include="Microsoft.Azure.Functions.Extensions" Version="1.1.0" />
-    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="2.9.6" />
+    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="2.10.0" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="[6.0.*,7.0.0)" />
     <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.2.0" />
     <PackageReference Include="WebJobs.Extensions.HttpApi" Version="2.0.3" />

diff --git a/KeyVault.Acmebot/Models/CertificateItem.cs b/KeyVault.Acmebot/Models/CertificateItem.cs
@@ -10,6 +10,9 @@ public class CertificateItem
     [JsonProperty("id")]
     public Uri Id { get; set; }
 
+    [JsonProperty("secretId")]
+    public Uri SecretId { get; set; }
+
     [JsonProperty("name")]
     public string Name { get; set; }
 
@@ -38,7 +41,7 @@ public class CertificateItem
     public bool? ReuseKey { get; set; }
 
     [JsonProperty("isManaged")]
-    public bool IsManaged { get; set; }
+    public bool IsManaged { get; set; } = true;
 
     [JsonProperty("isExpired")]
     public bool IsExpired { get; set; }

diff --git a/KeyVault.Acmebot/host.json b/KeyVault.Acmebot/host.json
@@ -3,8 +3,8 @@
   "logging": {
     "applicationInsights": {
       "samplingSettings": {
-        "excludedTypes": "Request;Exception",
-        "isEnabled": true
+        "isEnabled": true,
+        "excludedTypes": "Request;Exception"
       }
     },
     "logLevel": {
@@ -13,7 +13,8 @@
   },
   "extensions": {
     "durableTask": {
-      "useGracefulShutdown": true
+      "useGracefulShutdown": true,
+      "useTablePartitionManagement": true
     },
     "http": {
       "routePrefix": "",