Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Add implementation to get allowed tenants #1833

Merged
merged 1 commit into from
Apr 22, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/ApiService/ApiService/OneFuzzTypes/Model.cs
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ public record InstanceConfig
//# if admins are set, only admins can update instance configs.
Guid[]? Admins,
//# if set, only admins can manage pools or scalesets
bool AllowPoolManagement,
bool? AllowPoolManagement,
string[] AllowedAadTenants,
NetworkConfig NetworkConfig,
NetworkSecurityGroupConfig ProxyNsgConfig,
Expand Down
1 change: 1 addition & 0 deletions src/ApiService/ApiService/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ public static void Main()
.AddScoped<IContainers, Containers>()
.AddScoped<IReports, Reports>()
.AddScoped<INotificationOperations, NotificationOperations>()
.AddScoped<IUserCredentials, UserCredentials>()

//TODO: move out expensive resources into separate class, and add those as Singleton
// ArmClient, Table Client(s), Queue Client(s), HttpClient, etc.
Expand Down
44 changes: 25 additions & 19 deletions src/ApiService/ApiService/UserCredentials.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,25 @@

namespace Microsoft.OneFuzz.Service;

public class UserCredentials
public interface IUserCredentials
{
public string? GetBearerToken(HttpRequestData req);
public string? GetAuthToken(HttpRequestData req);
public Task<OneFuzzResult<UserInfo>> ParseJwtToken(LogTracer log, HttpRequestData req);
}

public class UserCredentials : IUserCredentials
{
ILogTracer _log;
IConfigOperations _instanceConfig;

public UserCredentials(ILogTracer log, IConfigOperations instanceConfig)
{
_log = log;
_instanceConfig = instanceConfig;
}

public static string? GetBearerToken(HttpRequestData req)
public string? GetBearerToken(HttpRequestData req)
{
var authHeader = req.Headers.GetValues("Authorization");
if (authHeader.IsNullOrEmpty())
Expand All @@ -28,7 +42,7 @@ public class UserCredentials
}
}

public static string? GetAuthToken(HttpRequestData req)
public string? GetAuthToken(HttpRequestData req)
{
var token = GetBearerToken(req);
if (token is not null)
Expand All @@ -50,25 +64,17 @@ public class UserCredentials
}


static Task<OneFuzzResult<string[]>> GetAllowedTenants()
async Task<OneFuzzResult<string[]>> GetAllowedTenants()
{
return Async.Task.FromResult(OneFuzzResult<string[]>.Ok(Array.Empty<string>()));
}

/*
TODO: GetAllowedTenants blocked on Models and ORM since this requires
let getAllowedTenants() =
task {
match! InstanceConfig.fetch() with
| Result.Ok(config, _) ->
let entries = config.AllowedAadTenants |> Array.map(fun x->sprintf "https://sts.windows.net/%s/" x)
return Result.Ok entries
| Result.Error err -> return Result.Error err
}
*/
var r = await _instanceConfig.Fetch();
var allowedAddTenantsQuery =
from t in r.AllowedAadTenants
select $"https://sts.windows.net/{t}/";

return OneFuzzResult<string[]>.Ok(allowedAddTenantsQuery.ToArray());
}

static async Task<OneFuzzResult<UserInfo>> ParseJwtToken(LogTracer log, HttpRequestData req)
public async Task<OneFuzzResult<UserInfo>> ParseJwtToken(LogTracer log, HttpRequestData req)
{
var authToken = GetAuthToken(req);
if (authToken is null)
Expand Down
8 changes: 4 additions & 4 deletions src/ApiService/ApiService/onefuzzlib/orm/EntityConverter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ public TableEntity ToTableEntity<T>(T typedEntity) where T : EntityBase
{
return entity.GetString(fieldName);
}
else if (ef.type == typeof(bool))
else if (ef.type == typeof(bool) || ef.type == typeof(bool?))
{
return entity.GetBoolean(fieldName);
}
Expand All @@ -262,19 +262,19 @@ public TableEntity ToTableEntity<T>(T typedEntity) where T : EntityBase
{
return entity.GetDateTime(fieldName);
}
else if (ef.type == typeof(double))
else if (ef.type == typeof(double) || ef.type == typeof(double?))
{
return entity.GetDouble(fieldName);
}
else if (ef.type == typeof(Guid) || ef.type == typeof(Guid?))
{
return (object?)Guid.Parse(entity.GetString(fieldName));
}
else if (ef.type == typeof(int))
else if (ef.type == typeof(int) || ef.type == typeof(short) || ef.type == typeof(int?) || ef.type == typeof(short?))
{
return entity.GetInt32(fieldName);
}
else if (ef.type == typeof(Int64))
else if (ef.type == typeof(long) || ef.type == typeof(long?))
{
return entity.GetInt64(fieldName);
}
Expand Down
9 changes: 4 additions & 5 deletions src/ApiService/Tests/OrmModelsTest.cs
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ public static Gen<NetworkSecurityGroupConfig> NetworkSecurityGroupConfig()
public static Gen<InstanceConfig> InstanceConfig()
{
return Arb.Generate<Tuple<
Tuple<string, Guid[]?, bool, string[], NetworkConfig, NetworkSecurityGroupConfig, AzureVmExtensionConfig?>,
Tuple<string, Guid[]?, bool?, string[], NetworkConfig, NetworkSecurityGroupConfig, AzureVmExtensionConfig?>,
Tuple<string, IDictionary<string, ApiAccessRule>?, IDictionary<Guid, Guid[]>?, IDictionary<string, string>?, IDictionary<string, string>?>>>().Select(
arg =>
new InstanceConfig(
Expand Down Expand Up @@ -594,15 +594,14 @@ public bool Notification(Notification n)
}



/*
//Sample function on how repro a failing test run, using Replay
//functionality of FsCheck. Feel free to
/*
[Property]
void Replay()
{
var seed = FsCheck.Random.StdGen.NewStdGen(1384212554,297026222);
var p = Prop.ForAll((Task x) => Task(x) );
var seed = FsCheck.Random.StdGen.NewStdGen(515508280, 297027790);
var p = Prop.ForAll((InstanceConfig x) => InstanceConfig(x) );
p.Check(new Configuration { Replay = seed });
}
*/
Expand Down