Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Commit

Permalink
Add implementation to get allowed tenants (#1833)
Browse files Browse the repository at this point in the history
Co-authored-by: stas <statis@microsoft.com>
  • Loading branch information
stishkin and stas authored Apr 22, 2022
1 parent ae85d81 commit d283e98
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 29 deletions.
2 changes: 1 addition & 1 deletion src/ApiService/ApiService/OneFuzzTypes/Model.cs
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ public record InstanceConfig
//# if admins are set, only admins can update instance configs.
Guid[]? Admins,
//# if set, only admins can manage pools or scalesets
bool AllowPoolManagement,
bool? AllowPoolManagement,
string[] AllowedAadTenants,
NetworkConfig NetworkConfig,
NetworkSecurityGroupConfig ProxyNsgConfig,
Expand Down
1 change: 1 addition & 0 deletions src/ApiService/ApiService/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ public static void Main()
.AddScoped<IContainers, Containers>()
.AddScoped<IReports, Reports>()
.AddScoped<INotificationOperations, NotificationOperations>()
.AddScoped<IUserCredentials, UserCredentials>()

//TODO: move out expensive resources into separate class, and add those as Singleton
// ArmClient, Table Client(s), Queue Client(s), HttpClient, etc.
Expand Down
44 changes: 25 additions & 19 deletions src/ApiService/ApiService/UserCredentials.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,25 @@

namespace Microsoft.OneFuzz.Service;

public class UserCredentials
public interface IUserCredentials
{
public string? GetBearerToken(HttpRequestData req);
public string? GetAuthToken(HttpRequestData req);
public Task<OneFuzzResult<UserInfo>> ParseJwtToken(LogTracer log, HttpRequestData req);
}

public class UserCredentials : IUserCredentials
{
ILogTracer _log;
IConfigOperations _instanceConfig;

public UserCredentials(ILogTracer log, IConfigOperations instanceConfig)
{
_log = log;
_instanceConfig = instanceConfig;
}

public static string? GetBearerToken(HttpRequestData req)
public string? GetBearerToken(HttpRequestData req)
{
var authHeader = req.Headers.GetValues("Authorization");
if (authHeader.IsNullOrEmpty())
Expand All @@ -28,7 +42,7 @@ public class UserCredentials
}
}

public static string? GetAuthToken(HttpRequestData req)
public string? GetAuthToken(HttpRequestData req)
{
var token = GetBearerToken(req);
if (token is not null)
Expand All @@ -50,25 +64,17 @@ public class UserCredentials
}


static Task<OneFuzzResult<string[]>> GetAllowedTenants()
async Task<OneFuzzResult<string[]>> GetAllowedTenants()
{
return Async.Task.FromResult(OneFuzzResult<string[]>.Ok(Array.Empty<string>()));
}

/*
TODO: GetAllowedTenants blocked on Models and ORM since this requires
let getAllowedTenants() =
task {
match! InstanceConfig.fetch() with
| Result.Ok(config, _) ->
let entries = config.AllowedAadTenants |> Array.map(fun x->sprintf "https://sts.windows.net/%s/" x)
return Result.Ok entries
| Result.Error err -> return Result.Error err
}
*/
var r = await _instanceConfig.Fetch();
var allowedAddTenantsQuery =
from t in r.AllowedAadTenants
select $"https://sts.windows.net/{t}/";

return OneFuzzResult<string[]>.Ok(allowedAddTenantsQuery.ToArray());
}

static async Task<OneFuzzResult<UserInfo>> ParseJwtToken(LogTracer log, HttpRequestData req)
public async Task<OneFuzzResult<UserInfo>> ParseJwtToken(LogTracer log, HttpRequestData req)
{
var authToken = GetAuthToken(req);
if (authToken is null)
Expand Down
8 changes: 4 additions & 4 deletions src/ApiService/ApiService/onefuzzlib/orm/EntityConverter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ public TableEntity ToTableEntity<T>(T typedEntity) where T : EntityBase
{
return entity.GetString(fieldName);
}
else if (ef.type == typeof(bool))
else if (ef.type == typeof(bool) || ef.type == typeof(bool?))
{
return entity.GetBoolean(fieldName);
}
Expand All @@ -262,19 +262,19 @@ public TableEntity ToTableEntity<T>(T typedEntity) where T : EntityBase
{
return entity.GetDateTime(fieldName);
}
else if (ef.type == typeof(double))
else if (ef.type == typeof(double) || ef.type == typeof(double?))
{
return entity.GetDouble(fieldName);
}
else if (ef.type == typeof(Guid) || ef.type == typeof(Guid?))
{
return (object?)Guid.Parse(entity.GetString(fieldName));
}
else if (ef.type == typeof(int))
else if (ef.type == typeof(int) || ef.type == typeof(short) || ef.type == typeof(int?) || ef.type == typeof(short?))
{
return entity.GetInt32(fieldName);
}
else if (ef.type == typeof(Int64))
else if (ef.type == typeof(long) || ef.type == typeof(long?))
{
return entity.GetInt64(fieldName);
}
Expand Down
9 changes: 4 additions & 5 deletions src/ApiService/Tests/OrmModelsTest.cs
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ public static Gen<NetworkSecurityGroupConfig> NetworkSecurityGroupConfig()
public static Gen<InstanceConfig> InstanceConfig()
{
return Arb.Generate<Tuple<
Tuple<string, Guid[]?, bool, string[], NetworkConfig, NetworkSecurityGroupConfig, AzureVmExtensionConfig?>,
Tuple<string, Guid[]?, bool?, string[], NetworkConfig, NetworkSecurityGroupConfig, AzureVmExtensionConfig?>,
Tuple<string, IDictionary<string, ApiAccessRule>?, IDictionary<Guid, Guid[]>?, IDictionary<string, string>?, IDictionary<string, string>?>>>().Select(
arg =>
new InstanceConfig(
Expand Down Expand Up @@ -594,15 +594,14 @@ public bool Notification(Notification n)
}



/*
//Sample function on how repro a failing test run, using Replay
//functionality of FsCheck. Feel free to
/*
[Property]
void Replay()
{
var seed = FsCheck.Random.StdGen.NewStdGen(1384212554,297026222);
var p = Prop.ForAll((Task x) => Task(x) );
var seed = FsCheck.Random.StdGen.NewStdGen(515508280, 297027790);
var p = Prop.ForAll((InstanceConfig x) => InstanceConfig(x) );
p.Check(new Configuration { Replay = seed });
}
*/
Expand Down

0 comments on commit d283e98

Please sign in to comment.