Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Deployment fix for --auto_create_cli_app flag bug #2921

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
89 commits
Select commit Hold shift + click to select a range
e71cb92
Update .gitignore
AdamL-Microsoft Dec 13, 2022
0f1a6c9
re-add sync-fork.yml
AdamL-Microsoft Dec 16, 2022
1abbff9
Merge pull request #147 from microsoft/main
AdamL-Microsoft Dec 16, 2022
40d7fb0
Merge pull request #148 from microsoft/main
AdamL-Microsoft Dec 18, 2022
3c59403
Merge pull request #149 from microsoft/main
AdamL-Microsoft Dec 19, 2022
03651b7
Merge pull request #150 from microsoft/main
AdamL-Microsoft Dec 20, 2022
d202399
Merge pull request #151 from microsoft/main
AdamL-Microsoft Dec 21, 2022
16bb4be
Merge pull request #152 from microsoft/main
AdamL-Microsoft Dec 21, 2022
b1a0367
Merge pull request #153 from microsoft/main
AdamL-Microsoft Dec 21, 2022
622f932
Merge pull request #154 from microsoft/main
AdamL-Microsoft Dec 21, 2022
2883579
Merge pull request #155 from microsoft/main
AdamL-Microsoft Dec 22, 2022
1f4dd89
Merge pull request #156 from microsoft/main
AdamL-Microsoft Dec 22, 2022
bfbf553
Merge pull request #157 from microsoft/main
AdamL-Microsoft Dec 22, 2022
da4ac2c
Merge pull request #158 from microsoft/main
AdamL-Microsoft Jan 4, 2023
7c4c28c
Merge pull request #159 from microsoft/main
AdamL-Microsoft Jan 4, 2023
a897e9e
Merge pull request #160 from microsoft/main
AdamL-Microsoft Jan 5, 2023
80009b6
Merge pull request #164 from microsoft/main
AdamL-Microsoft Jan 9, 2023
6c93a82
Merge pull request #165 from microsoft/main
AdamL-Microsoft Jan 10, 2023
8c22097
Merge pull request #166 from microsoft/main
AdamL-Microsoft Jan 10, 2023
84a5d69
Update README.md
AdamL-Microsoft Jan 11, 2023
3b841b2
Update README.md
AdamL-Microsoft Jan 11, 2023
94db987
Merge pull request #167 from microsoft/main
AdamL-Microsoft Jan 13, 2023
5a74ef9
Merge pull request #168 from microsoft/main
AdamL-Microsoft Jan 13, 2023
e2e46f0
Merge pull request #169 from microsoft/main
AdamL-Microsoft Jan 17, 2023
389e748
Merge pull request #170 from microsoft/main
AdamL-Microsoft Jan 18, 2023
d7acb3b
Merge pull request #171 from microsoft/main
AdamL-Microsoft Jan 18, 2023
3d619ee
Merge pull request #172 from microsoft/main
AdamL-Microsoft Jan 18, 2023
68e8342
Merge pull request #173 from microsoft/main
AdamL-Microsoft Jan 19, 2023
a692a6d
Merge pull request #174 from microsoft/main
AdamL-Microsoft Jan 20, 2023
6fada77
Merge pull request #175 from microsoft/main
AdamL-Microsoft Jan 20, 2023
e83b96c
Merge pull request #177 from microsoft/main
AdamL-Microsoft Jan 21, 2023
4757ad9
Merge pull request #178 from microsoft/main
AdamL-Microsoft Jan 22, 2023
cded8b4
Merge pull request #179 from microsoft/main
AdamL-Microsoft Jan 24, 2023
821bfa8
Merge pull request #181 from microsoft/main
AdamL-Microsoft Jan 25, 2023
fa679f0
Merge pull request #183 from microsoft/main
AdamL-Microsoft Jan 25, 2023
afd0771
Merge pull request #184 from microsoft/main
AdamL-Microsoft Jan 26, 2023
56dd990
Merge pull request #185 from microsoft/main
AdamL-Microsoft Jan 26, 2023
9bb11f8
Merge branch 'microsoft:main' into main
AdamL-Microsoft Feb 2, 2023
a2619db
Merge pull request #189 from microsoft/main
AdamL-Microsoft Feb 2, 2023
1602c5c
Merge pull request #190 from microsoft/main
AdamL-Microsoft Feb 2, 2023
021eaf9
Merge pull request #191 from microsoft/main
AdamL-Microsoft Feb 3, 2023
76f3f4d
Merge pull request #193 from microsoft/main
AdamL-Microsoft Feb 6, 2023
a91cc4c
Merge pull request #194 from microsoft/main
AdamL-Microsoft Feb 6, 2023
450e753
Merge pull request #195 from microsoft/main
AdamL-Microsoft Feb 6, 2023
f724787
Merge pull request #196 from microsoft/main
AdamL-Microsoft Feb 7, 2023
7526fc6
Merge pull request #198 from microsoft/main
AdamL-Microsoft Feb 7, 2023
3cf0407
Merge pull request #199 from microsoft/main
AdamL-Microsoft Feb 7, 2023
e7e49e8
Merge pull request #200 from microsoft/main
AdamL-Microsoft Feb 7, 2023
48df6c5
Merge pull request #201 from microsoft/main
AdamL-Microsoft Feb 8, 2023
08a6822
Merge pull request #202 from microsoft/main
AdamL-Microsoft Feb 8, 2023
3fc2bfc
Merge pull request #203 from microsoft/main
AdamL-Microsoft Feb 8, 2023
7f0653c
Merge pull request #204 from microsoft/main
AdamL-Microsoft Feb 8, 2023
3a8d4b3
Merge pull request #205 from microsoft/main
AdamL-Microsoft Feb 9, 2023
ce548cf
Merge pull request #206 from microsoft/main
AdamL-Microsoft Feb 10, 2023
b105b5a
Merge pull request #207 from microsoft/main
AdamL-Microsoft Feb 10, 2023
304e604
Merge pull request #208 from microsoft/main
AdamL-Microsoft Feb 11, 2023
555dee9
Merge pull request #209 from microsoft/main
AdamL-Microsoft Feb 14, 2023
5150c27
Merge pull request #210 from microsoft/main
AdamL-Microsoft Feb 14, 2023
8a606c9
Merge pull request #211 from microsoft/main
AdamL-Microsoft Feb 14, 2023
e5d1f1a
Merge pull request #213 from microsoft/main
AdamL-Microsoft Feb 15, 2023
3feaf91
Update sync-fork.yml
AdamL-Microsoft Feb 22, 2023
cbc2a0e
Merge branch 'microsoft:main' into main
AdamL-Microsoft Feb 23, 2023
375f084
Merge pull request #218 from microsoft/main
AdamL-Microsoft Feb 23, 2023
eb56e1d
Merge pull request #219 from microsoft/main
AdamL-Microsoft Feb 23, 2023
31cd4b8
Merge pull request #227 from microsoft/main
AdamL-Microsoft Feb 27, 2023
13e6445
Merge pull request #228 from microsoft/main
AdamL-Microsoft Feb 28, 2023
896b5d8
Merge pull request #229 from microsoft/main
AdamL-Microsoft Mar 1, 2023
9e57857
Merge pull request #231 from microsoft/main
AdamL-Microsoft Mar 2, 2023
30ee2aa
Merge pull request #232 from microsoft/main
AdamL-Microsoft Mar 2, 2023
59dd628
Merge pull request #233 from microsoft/main
AdamL-Microsoft Mar 2, 2023
c21ac8e
Merge pull request #234 from microsoft/main
AdamL-Microsoft Mar 3, 2023
629f6da
Merge pull request #235 from microsoft/main
AdamL-Microsoft Mar 3, 2023
c63f643
Merge pull request #236 from microsoft/main
AdamL-Microsoft Mar 3, 2023
0b43ccd
Merge pull request #237 from microsoft/main
AdamL-Microsoft Mar 7, 2023
4bca252
Merge pull request #238 from microsoft/main
AdamL-Microsoft Mar 7, 2023
bc605d6
Merge pull request #239 from microsoft/main
AdamL-Microsoft Mar 7, 2023
67189d1
updated deploy.py and configuration.py
AdamL-Microsoft Mar 9, 2023
7eb986b
cleanup
AdamL-Microsoft Mar 9, 2023
76b355d
formatting
AdamL-Microsoft Mar 9, 2023
009bd9e
linter cleanup
AdamL-Microsoft Mar 10, 2023
e3ed009
linter cleanup 2
AdamL-Microsoft Mar 10, 2023
81ebce0
better logging
AdamL-Microsoft Mar 10, 2023
0564e9b
last linter issue
AdamL-Microsoft Mar 10, 2023
03bed39
remove extra app
AdamL-Microsoft Mar 10, 2023
277484e
Updating getting started docs for config refactor
AdamL-Microsoft Mar 10, 2023
d2a7668
Merge branch 'main' into deployment-fix-create-cli-client-id
AdamL-Microsoft Mar 10, 2023
c6448b4
Update docs/getting-started.md
AdamL-Microsoft Mar 10, 2023
67b1189
update getting-started.md doc for config refactor
AdamL-Microsoft Mar 10, 2023
79925c0
update getting-started.md doc for config refactor
AdamL-Microsoft Mar 10, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 42 additions & 4 deletions docs/getting-started.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ On a host with the [Azure CLI logged
in](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli?view=azure-cli-latest),
do the following:

```
```console
unzip onefuzz-deployment-$VERSION.zip
pip install -r requirements.txt
chmod +x deploy.py
Expand All @@ -40,7 +40,7 @@ chmod +x deploy.py
When running `deploy.py` the first time for an instance, you will be prompted
to follow a manual step to initialize your CLI config.

The `$NSG_CONFIG_FILE` is a required parameter that specifies the 'allow rules' for the OneFuzz Network Security Group. A default `config.json` is provided in the deployment zip.
The `$NSG_CONFIG_FILE` is a required parameter that specifies the 'allow rules' for the OneFuzz Network Security Group as well as other basic OneFuzz settings. A `config.json` file is provided with default NSG values.
This 'allow' config resembles the following:

```json
Expand All @@ -52,7 +52,45 @@ This 'allow' config resembles the following:
}
```

Future updates can be made to this configuration via the OneFuzz CLI.
>#### Note:
> - Line #5 in the example `config.json` inside of the deployment.zip has the parameter for `"cli_client_id": "",`
> - You'll need to add your CLI app registration ID to this parameter's value for deployments and upgrade deployments
> **unless** you're deploying and passing the `--auto_create_cli_app` flag to create a new App ID during the deployment.
> - If you wanted to create a new App ID at deployment and use this flag, you need to delete this line to remove the `cli_client_id` key from your config file.

**Example deployment config.json:**

```json
{
"tenant_id": "05c88c2c-55f6-4a51-81db-cdbbf759fa75",
"tenant_domain": "azurewebsites.net",
"multi_tenant_domain": "",
"cli_client_id": "6e5d9a35-39ca-4978-8fe3-5b84b0b8806a",
"proxy_nsg_config": {
"allowed_ips": [
"*"
],
"allowed_service_tags": []
}
}
```

**Example config.json for a deployment where `--auto_create_cli_app` is being used:**

```json
{
"tenant_id": "e6424a5f-2625-42a4-8d94-c9677a4d96fc",
"tenant_domain": "azurewebsites.net",
"multi_tenant_domain": "",
"proxy_nsg_config": {
"allowed_ips": [
"*"
],
"allowed_service_tags": []
}
}
```
Future updates can be made to this configuration via the OneFuzz CLI.

## Install the CLI

Expand All @@ -61,7 +99,7 @@ from the [Latest Release of OneFuzz](https://github.com/microsoft/onefuzz/releas

If you're using the SDK, install via:

```
```console
pip install ./onefuzz*.whl
```

Expand Down
76 changes: 46 additions & 30 deletions src/deployment/deploy.py
Original file line number Diff line number Diff line change
Expand Up @@ -398,36 +398,41 @@ def setup_rbac(self) -> None:

(password_id, password) = self.create_password(app["id"])

cli_app = get_application(
app_id=uuid.UUID(self.cli_app_id),
subscription_id=self.get_subscription_id(),
)
try:
cli_app = get_application(
app_id=uuid.UUID(self.cli_app_id),
subscription_id=self.get_subscription_id(),
)
except Exception as err:
cli_app = None
logger.info(
"Could not find the default CLI application under the current "
"subscription."
)
logger.debug(f"Error finding CLI application due to: {err}")
if self.auto_create_cli_app:
logger.info("auto_create_cli_app specified, creating a new CLI application")
app_info = register_application(
"onefuzz-cli",
self.application_name,
OnefuzzAppRole.CliClient,
self.get_subscription_id(),
)

if not cli_app:
if self.auto_create_cli_app:
logger.info(
"Could not find the default CLI application under the current "
"subscription and auto_create specified, creating a new one"
)
app_info = register_application(
"onefuzz-cli",
self.application_name,
OnefuzzAppRole.CliClient,
self.get_subscription_id(),
try:
cli_app = get_application(
app_id=app_info.client_id,
subscription_id=self.get_subscription_id(),
)

self.cli_config = {
"client_id": app_info.client_id,
"authority": self.authority,
}
else:
self.cli_app_id = str(app_info.client_id)
logger.info(f"New CLI app created - cli_app_id : {self.cli_app_id}")
except Exception as err:
logger.error(
"error deploying. could not find specified CLI app registrion."
"use flag --auto_create_cli_app to automatically create CLI registration"
"or specify a correct app id with --cli_app_id."
f"Unable to determine new 'cli_app_id' for new app registration: {err} "
)
sys.exit(1)
else:

if cli_app:
onefuzz_cli_app = cli_app
authorize_application(uuid.UUID(onefuzz_cli_app["appId"]), app["appId"])

Expand Down Expand Up @@ -467,8 +472,15 @@ def setup_rbac(self) -> None:
OnefuzzAppRole.ManagedNode,
)

self.results["client_id"] = app["appId"]
self.results["client_secret"] = password
self.results["client_id"] = app["appId"]
self.results["client_secret"] = password
else:
logger.error(
"error deploying. could not find specified CLI app registrion."
"use flag --auto_create_cli_app to automatically create CLI registration"
"or specify a correct app id with --cli_app_id."
)
sys.exit(1)

def update_existing_app_registration(
self, app: Dict[str, Any], app_roles: List[Dict[str, Any]]
Expand Down Expand Up @@ -777,7 +789,10 @@ def parse_config(self) -> None:
config_template = json.load(template_handle)

try:
config = Config(config_template)
if self.auto_create_cli_app:
config = Config(config_template, True)
else:
config = Config(config_template)
self.rules = parse_rules(config)

## Values provided via the CLI will override what's in the config.json
Expand All @@ -789,8 +804,9 @@ def parse_config(self) -> None:
self.tenant_domain = config.tenant_domain
if self.multi_tenant_domain == "":
self.multi_tenant_domain = config.multi_tenant_domain
if self.cli_app_id == "":
self.cli_app_id = config.cli_client_id
if not self.cli_app_id:
if not self.auto_create_cli_app:
self.cli_app_id = config.cli_client_id

except Exception as ex:
logging.info(
Expand Down
45 changes: 24 additions & 21 deletions src/deployment/deploylib/configuration.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@ class Config:
allowed_ips: List[str]
allowed_service_tags: List[str]

def __init__(self, config: Any):
def __init__(self, config: Any, new_app: bool = False):
self.new_app_id = new_app
self.parse_nsg_json(config)
self.parse_endpoint_json(config)

Expand Down Expand Up @@ -113,25 +114,28 @@ def parse_nsg_json(self, config: Any) -> None:
self.allowed_service_tags = proxy_config["allowed_service_tags"]

def parse_endpoint_json(self, config: Any) -> None:
if "cli_client_id" not in config:
raise Exception(
"CLI client_id not provided as valid key. Please Provide Valid Config."
)

if (
not isinstance(config["cli_client_id"], str)
or config["cli_client_id"] == ""
):
raise Exception(
"client_id is not a string. Please provide valid client_id."
)

try:
UUID(config["cli_client_id"])
except ValueError:
raise Exception(
"client_id is not a valid UUID. Please provide valid client_id."
)
if not self.new_app_id:
if "cli_client_id" not in config:
raise Exception(
"CLI client_id not provided as valid key. Please Provide Valid Config."
)

if (
not isinstance(config["cli_client_id"], str)
or config["cli_client_id"] == ""
):
raise Exception(
"client_id is not a string. Please provide valid client_id."
)

try:
UUID(config["cli_client_id"])
except ValueError:
raise Exception(
"client_id is not a valid UUID. Please provide valid client_id."
)

self.cli_client_id = config["cli_client_id"]

if "tenant_id" not in config:
raise Exception(
Expand Down Expand Up @@ -166,7 +170,6 @@ def parse_endpoint_json(self, config: Any) -> None:
"multi_tenant_domain is not a string. Please provide valid multi_tenant_domain. If the instance is not multi-tenant, please provide an empty string."
)

self.cli_client_id = config["cli_client_id"]
self.tenant_id = config["tenant_id"]
self.tenant_domain = config["tenant_domain"]
self.multi_tenant_domain = config["multi_tenant_domain"]
Expand Down