Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Commit

Permalink
Merge branch 'main' into remove-fn-allowlist
Browse files Browse the repository at this point in the history
  • Loading branch information
ranweiler authored Feb 18, 2023
2 parents e90a763 + 1ac3fd4 commit fa47bb4
Show file tree
Hide file tree
Showing 8 changed files with 31 additions and 36 deletions.
3 changes: 2 additions & 1 deletion src/ApiService/ApiService/Functions/Config.cs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ public async Async.Task<HttpResponseData> Get(HttpRequestData req) {
var endpointParams = new ConfigResponse(
Authority: _context.ServiceConfiguration.Authority,
ClientId: _context.ServiceConfiguration.CliAppId,
TenantDomain: _context.ServiceConfiguration.TenantDomain);
TenantDomain: _context.ServiceConfiguration.TenantDomain,
MultiTenantDomain: _context.ServiceConfiguration.MultiTenantDomain);

var response = req.CreateResponse(HttpStatusCode.OK);
await response.WriteAsJsonAsync(endpointParams);
Expand Down
3 changes: 2 additions & 1 deletion src/ApiService/ApiService/OneFuzzTypes/Responses.cs
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,8 @@ public static ScalesetResponse ForScaleset(Scaleset s, bool includeAuth)
public record ConfigResponse(
string? Authority,
string? ClientId,
string? TenantDomain
string? TenantDomain,
string? MultiTenantDomain
) : BaseResponse();

public class BaseResponseConverter : JsonConverter<BaseResponse> {
Expand Down
4 changes: 2 additions & 2 deletions src/cli/examples/azure-functions-example/info/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ def main(req: func.HttpRequest) -> func.HttpResponse:
o = Onefuzz()
o.config(
endpoint=os.environ.get("ONEFUZZ_ENDPOINT"),
authority=os.environ.get("ONEFUZZ_AUTHORITY"),
client_id=os.environ.get("ONEFUZZ_CLIENT_ID"),
override_authority=os.environ.get("ONEFUZZ_AUTHORITY"),
override_client_id=os.environ.get("ONEFUZZ_CLIENT_ID"),
)
info = o.info.get()
return func.HttpResponse(info.json())
18 changes: 9 additions & 9 deletions src/cli/onefuzz/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -1894,10 +1894,10 @@ def login(self) -> str:
def config(
self,
endpoint: Optional[str] = None,
authority: Optional[str] = None,
client_id: Optional[str] = None,
override_authority: Optional[str] = None,
override_client_id: Optional[str] = None,
override_tenant_domain: Optional[str] = None,
enable_feature: Optional[PreviewFeature] = None,
tenant_domain: Optional[str] = None,
reset: Optional[bool] = None,
) -> BackendConfig:
"""Configure onefuzz CLI"""
Expand All @@ -1922,14 +1922,14 @@ def config(
"Missing HTTP Authentication"
)
self._backend.config.endpoint = endpoint
if authority is not None:
self._backend.config.authority = authority
if client_id is not None:
self._backend.config.client_id = client_id
if override_authority is not None:
self._backend.config.authority = override_authority
if override_client_id is not None:
self._backend.config.client_id = override_client_id
if enable_feature:
self._backend.enable_feature(enable_feature.name)
if tenant_domain is not None:
self._backend.config.tenant_domain = tenant_domain
if override_tenant_domain is not None:
self._backend.config.tenant_domain = override_tenant_domain
self._backend.app = None
self._backend.save_config()

Expand Down
10 changes: 9 additions & 1 deletion src/cli/onefuzz/backend.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import tempfile
import time
from dataclasses import asdict, is_dataclass
from datetime import datetime, timedelta
from enum import Enum
from typing import (
Any,
Expand Down Expand Up @@ -97,6 +98,7 @@ class BackendConfig(BaseModel):
endpoint: Optional[str]
features: Set[str] = Field(default_factory=set)
tenant_domain: str
expires_on: datetime = datetime.utcnow() + timedelta(hours=24)

def get_multi_tenant_domain(self) -> Optional[str]:
if "https://login.microsoftonline.com/common" in self.authority:
Expand Down Expand Up @@ -326,7 +328,6 @@ def config_params(

response = self.session.request("GET", endpoint + "/api/config")

logging.debug(response.json())
endpoint_params = responses.Config.parse_obj(response.json())

# Will override values in storage w/ provided values for SP use
Expand All @@ -352,6 +353,13 @@ def request(
if not endpoint:
raise Exception("endpoint not configured")

# If file expires, remove and force user to reset
if datetime.utcnow() > self.config.expires_on:
os.remove(self.config_path)
self.config = BackendConfig(
endpoint=endpoint, authority="", client_id="", tenant_domain=""
)

url = endpoint + "/api/" + path

if self.config.client_id == "" or (
Expand Down
6 changes: 3 additions & 3 deletions src/deployment/config.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"tenant_id": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"tenant_domain": "azurewebsites.net",
"tenant_id": "",
"tenant_domain": "",
"multi_tenant_domain": "",
"cli_client_id": "72f1562a-8c0c-41ea-beb9-fa2b71c80134",
"cli_client_id": "",
"proxy_nsg_config": {
"allowed_ips": [
"*"
Expand Down
22 changes: 3 additions & 19 deletions src/deployment/deploy.py
Original file line number Diff line number Diff line change
Expand Up @@ -147,12 +147,10 @@ def __init__(
create_registration: bool,
migrations: List[str],
export_appinsights: bool,
multi_tenant_domain: str,
upgrade: bool,
subscription_id: Optional[str],
admins: List[UUID],
allowed_aad_tenants: List[UUID],
cli_app_id: str,
auto_create_cli_app: bool,
host_dotnet_on_windows: bool,
enable_profiler: bool,
Expand All @@ -169,7 +167,6 @@ def __init__(
self.instance_specific = instance_specific
self.third_party = third_party
self.create_registration = create_registration
self.multi_tenant_domain = multi_tenant_domain
self.custom_domain = custom_domain
self.upgrade = upgrade
self.results: Dict = {
Expand All @@ -183,16 +180,17 @@ def __init__(

self.arm_template = bicep_to_arm(bicep_template)

self.cli_app_id = cli_app_id
self.auto_create_cli_app = auto_create_cli_app
self.host_dotnet_on_windows = host_dotnet_on_windows
self.enable_profiler = enable_profiler

self.rules: List[NsgRule] = []

self.cli_app_id = ""
self.authority = ""
self.tenant_id = ""
self.tenant_domain = ""
self.authority = ""
self.multi_tenant_domain = ""

self.cli_config: Dict[str, Union[str, UUID]] = {
"client_id": "",
Expand Down Expand Up @@ -1268,12 +1266,6 @@ def main() -> None:
action="store_true",
help="enable appinsight log export",
)
parser.add_argument(
"--multi_tenant_domain",
type=str,
default="",
help="enable multi-tenant authentication with this tenant domain",
)
parser.add_argument(
"--subscription_id",
type=str,
Expand All @@ -1295,12 +1287,6 @@ def main() -> None:
nargs="*",
help="Set additional AAD tenants beyond the tenant the app is deployed in",
)
parser.add_argument(
"--cli_app_id",
type=str,
default="",
help="CLI App Registration to be used during deployment.",
)
parser.add_argument(
"--auto_create_cli_app",
action="store_true",
Expand Down Expand Up @@ -1348,12 +1334,10 @@ def main() -> None:
create_registration=args.create_pool_registration,
migrations=args.apply_migrations,
export_appinsights=args.export_appinsights,
multi_tenant_domain=args.multi_tenant_domain,
upgrade=args.upgrade,
subscription_id=args.subscription_id,
admins=args.set_admins,
allowed_aad_tenants=args.allowed_aad_tenants or [],
cli_app_id=args.cli_app_id,
auto_create_cli_app=args.auto_create_cli_app,
host_dotnet_on_windows=args.host_dotnet_on_windows,
enable_profiler=args.enable_profiler,
Expand Down
1 change: 1 addition & 0 deletions src/pytypes/onefuzztypes/responses.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ class Config(BaseResponse):
authority: str
client_id: str
tenant_domain: str
multi_tenant_domain: Optional[str]


class ContainerInfoBase(BaseResponse):
Expand Down

0 comments on commit fa47bb4

Please sign in to comment.