ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-17 04:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable User assigned managed identity for scalesets (#219)

Browse Source
This commit is contained in:
Cheick Keita
2020-10-29 10:53:11 -07:00
committed by GitHub
parent 99b69d3e56
commit 154be220ae
6 changed files with 92 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/api-service/__app__/onefuzzlib/azure/creds.py
View File

@ -6,6 +6,7 @@
import logging
import os
from typing import Any, List, Optional, Tuple
from uuid import UUID
from azure.cli.core import CLIError
from azure.common.client_factory import get_client_from_cli_profile
@ -123,3 +124,24 @@ def is_member_of(group_id: str, member_id: str) -> bool:
CheckGroupMembershipParameters(group_id=group_id, member_id=member_id)
).value
)
@cached
def get_scaleset_identity_resource_path() -> str:
scaleset_id_name = "%s-scalesetid" % get_instance_name()
resource_group_path = "/subscriptions/%s/resourceGroups/%s/providers" % (
get_subscription(),
get_base_resource_group(),
)
return "%s/Microsoft.ManagedIdentity/userAssignedIdentities/%s" % (
resource_group_path,
scaleset_id_name,
)
@cached
def get_scaleset_principal_id() -> UUID:
api_version = "2018-11-30" # matches the apiversion in the deplyoment template
client = mgmt_client_factory(ResourceManagementClient)
uid = client.resources.get_by_id(get_scaleset_identity_resource_path(), api_version)
return UUID(uid.properties["principalId"])

11
src/api-service/__app__/onefuzzlib/azure/vmss.py
View File

@ -16,7 +16,11 @@ from onefuzztypes.enums import OS, ErrorCode
from onefuzztypes.models import Error
from onefuzztypes.primitives import Region
from .creds import get_base_resource_group, mgmt_client_factory
from .creds import (
get_base_resource_group,
get_scaleset_identity_resource_path,
mgmt_client_factory,
)
from .image import get_os
@ -234,7 +238,10 @@ def create_vmss(
"do_not_run_extensions_on_overprovisioned_vms": True,
"upgrade_policy": {"mode": "Manual"},
"sku": sku,
"identity": {"type": "SystemAssigned"},
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {get_scaleset_identity_resource_path(): {}},
},
"virtual_machine_profile": {
"priority": "Regular",
"storage_profile": {"image_reference": image_ref},