-
Notifications
You must be signed in to change notification settings - Fork 199
Conversation
Postponing the merge of this until linux machines are allowed to connect to Azure active directory. |
fix preauthorized application
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think our integration tests are sufficient to test this PR.
I think we really need to test the graph queries themselves, and in particular, make sure any code that uses them for membership tests rejects authorization as appropriate, based on group membership, in e.g. check_access()
.
The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we explicitly test (if we haven't already) and document (in the PR text) the new expected upgrade behavior if the $ONEFUZZ_AAD_GROUP_ID
variable is set?
|
This PR removes the references to soon to be deprecated
azure-graphrbac
and uses the Microsoft Graph Api insteadcloses #870
Note this PR disables the undocumented feature of setting
ONEFUZZ_AAD_GROUP_ID
on the serverTest:
ONEFUZZ_AAD_GROUP_ID
has been disabledONEFUZZ_AAD_GROUP_ID
to the instance azure functiononefuzz jobs list