Skip to content

Commit

Permalink
NSG Updated After CLI Update to Instance_Config (microsoft#1375)
Browse files Browse the repository at this point in the history 
* Creating InstanceConfig Attributes for NSG Refactor (microsoft#1331)

* Updating instance_config

* Updating attribute names.

* Updating list factory.

* Updating config attributes.

Co-authored-by: nharper285 <nharper285@gmail.com>

* NSG deployment on a creation of new debug/repro proxy. (microsoft#1340)

Co-authored-by: stas <statis@microsoft.com>

* Code for updating NSGs when instance_config updated.

* Updating argument to set_allowed_rules

* Temporarily ignore non-actionable `cargo audit` errors (microsoft#1365)

* Updating model to no longer be optional.

* Fixing args for set_allowed_rules

* trying to fix calls to get_nsg

* Updating calls to nsg lib

* Fixing imports.

* Updating calls to set_allowed and creating constructor for NSGConfig type.

* Removing constructor and manually setting default ip

* Fixing models.

* Hopefully fixing docs.

* Fix set_allowed call

* Adding error handling for update config.

* Changing to error check.

* Fixing error call.

* Fixing imports.

* Updating instanceconfig retrieval.

* Fixing imports.

* Adding empty() function on request.

* Fixing name of function.

* Removing empty function.

Co-authored-by: nharper285 <nharper285@gmail.com>
Co-authored-by: Stas <stishkin@live.com>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Joe Ranweiler <joranwei@microsoft.com>
  • Loading branch information
@nharper285 @nharper32
@stishkin @ranweiler
5 people authored Oct 21, 2021
1 parent 97a3a67 commit 357bc4f
Show file tree
Hide file tree
Showing 7 changed files with 477 additions and 3 deletions.
50 changes: 50 additions & 0 deletions docs/webhook_events.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -649,6 +649,10 @@ Each event will be submitted via HTTP POST to the user provided URL.
"address_space": "10.0.0.0/8",
"subnet": "10.0.0.0/16"
},
"proxy_nsg_config": {
"allowed_ips": [],
"allowed_service_tags": []
},
"proxy_vm_sku": "Standard_B2s"
}
}
Expand Down Expand Up @@ -759,6 +763,9 @@ Each event will be submitted via HTTP POST to the user provided URL.
"network_config": {
"$ref": "#/definitions/NetworkConfig"
},
"proxy_nsg_config": {
"$ref": "#/definitions/NetworkSecurityGroupConfig"
},
"proxy_vm_sku": {
"default": "Standard_B2s",
"title": "Proxy Vm Sku",
Expand Down Expand Up @@ -814,6 +821,26 @@ Each event will be submitted via HTTP POST to the user provided URL.
},
"title": "NetworkConfig",
"type": "object"
},
"NetworkSecurityGroupConfig": {
"properties": {
"allowed_ips": {
"items": {
"type": "string"
},
"title": "Allowed Ips",
"type": "array"
},
"allowed_service_tags": {
"items": {
"type": "string"
},
"title": "Allowed Service Tags",
"type": "array"
}
},
"title": "NetworkSecurityGroupConfig",
"type": "object"
}
},
"properties": {
Expand Down Expand Up @@ -5830,6 +5857,9 @@ Each event will be submitted via HTTP POST to the user provided URL.
"network_config": {
"$ref": "#/definitions/NetworkConfig"
},
"proxy_nsg_config": {
"$ref": "#/definitions/NetworkSecurityGroupConfig"
},
"proxy_vm_sku": {
"default": "Standard_B2s",
"title": "Proxy Vm Sku",
Expand Down Expand Up @@ -5937,6 +5967,26 @@ Each event will be submitted via HTTP POST to the user provided URL.
"title": "NetworkConfig",
"type": "object"
},
"NetworkSecurityGroupConfig": {
"properties": {
"allowed_ips": {
"items": {
"type": "string"
},
"title": "Allowed Ips",
"type": "array"
},
"allowed_service_tags": {
"items": {
"type": "string"
},
"title": "Allowed Service Tags",
"type": "array"
}
},
"title": "NetworkSecurityGroupConfig",
"type": "object"
},
"NoReproReport": {
"properties": {
"error": {
Expand Down
28 changes: 28 additions & 0 deletions src/api-service/__app__/instance_config/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@
from onefuzztypes.models import Error
from onefuzztypes.requests import InstanceConfigUpdate

from ..onefuzzlib.azure.nsg import set_allowed
from ..onefuzzlib.config import InstanceConfig
from ..onefuzzlib.endpoint_authorization import call_if_user, can_modify_config
from ..onefuzzlib.request import not_ok, ok, parse_request
from ..onefuzzlib.workers.scalesets import Scaleset


def get(req: func.HttpRequest) -> func.HttpResponse:
Expand All @@ -30,8 +32,34 @@ def post(req: func.HttpRequest) -> func.HttpResponse:
context="instance_config_update",
)

update_nsg = False
if request.config.proxy_nsg_config and config.proxy_nsg_config:
request_config = request.config.proxy_nsg_config
current_config = config.proxy_nsg_config
if set(request_config.allowed_service_tags) != set(
current_config.allowed_service_tags
) or set(request_config.allowed_ips) != set(current_config.allowed_ips):
update_nsg = True

config.update(request.config)
config.save()

# Update All NSGs
if update_nsg:
scalesets = Scaleset.search()
regions = set(x.region for x in scalesets)
for region in regions:
# nsg = get_nsg(region)
result = set_allowed(region, request.config.proxy_nsg_config)
if isinstance(result, Error):
return not_ok(
Error(
code=ErrorCode.UNABLE_TO_CREATE,
errors=["Unable to update nsg %s due to %s" % (region, result)],
),
context="instance_config_update",
)

return ok(config)


Expand Down
Loading

0 comments on commit 357bc4f

Please sign in to comment.