From 1ac3fd4bed0c9bc63a91e2ddde1e03b31f7aeb00 Mon Sep 17 00:00:00 2001 From: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com> Date: Sat, 18 Feb 2023 00:12:17 +0000 Subject: [PATCH] Config Refactor Part 2 - Change Opt Param Names & Set File Expiry (#2835) * Remove Old Optional Parameters and Hardcoded Values. * Set file to expire. * Adding expiry. * test sleep * Tested expiry. * Set expirty to 24hrs. * Syntax error. * Formatting. * Changing optional. * Adding new params. * Removing arguments. * Removing arguments. * Changing param names. * Update params. --- src/ApiService/ApiService/Functions/Config.cs | 3 ++- .../ApiService/OneFuzzTypes/Responses.cs | 3 ++- .../azure-functions-example/info/__init__.py | 4 ++-- src/cli/onefuzz/api.py | 18 +++++++-------- src/cli/onefuzz/backend.py | 10 ++++++++- src/deployment/config.json | 6 ++--- src/deployment/deploy.py | 22 +++---------------- src/pytypes/onefuzztypes/responses.py | 1 + 8 files changed, 31 insertions(+), 36 deletions(-) diff --git a/src/ApiService/ApiService/Functions/Config.cs b/src/ApiService/ApiService/Functions/Config.cs index 097ed6c20..2704ab6b0 100644 --- a/src/ApiService/ApiService/Functions/Config.cs +++ b/src/ApiService/ApiService/Functions/Config.cs @@ -24,7 +24,8 @@ public class Config { var endpointParams = new ConfigResponse( Authority: _context.ServiceConfiguration.Authority, ClientId: _context.ServiceConfiguration.CliAppId, - TenantDomain: _context.ServiceConfiguration.TenantDomain); + TenantDomain: _context.ServiceConfiguration.TenantDomain, + MultiTenantDomain: _context.ServiceConfiguration.MultiTenantDomain); var response = req.CreateResponse(HttpStatusCode.OK); await response.WriteAsJsonAsync(endpointParams); diff --git a/src/ApiService/ApiService/OneFuzzTypes/Responses.cs b/src/ApiService/ApiService/OneFuzzTypes/Responses.cs index f67ba16e9..0b2944dc6 100644 --- a/src/ApiService/ApiService/OneFuzzTypes/Responses.cs +++ b/src/ApiService/ApiService/OneFuzzTypes/Responses.cs @@ -162,7 +162,8 @@ public record ScalesetResponse( public record ConfigResponse( string? Authority, string? ClientId, - string? TenantDomain + string? TenantDomain, + string? MultiTenantDomain ) : BaseResponse(); public class BaseResponseConverter : JsonConverter { diff --git a/src/cli/examples/azure-functions-example/info/__init__.py b/src/cli/examples/azure-functions-example/info/__init__.py index b61ec7a3c..c134914f6 100644 --- a/src/cli/examples/azure-functions-example/info/__init__.py +++ b/src/cli/examples/azure-functions-example/info/__init__.py @@ -12,8 +12,8 @@ def main(req: func.HttpRequest) -> func.HttpResponse: o = Onefuzz() o.config( endpoint=os.environ.get("ONEFUZZ_ENDPOINT"), - authority=os.environ.get("ONEFUZZ_AUTHORITY"), - client_id=os.environ.get("ONEFUZZ_CLIENT_ID"), + override_authority=os.environ.get("ONEFUZZ_AUTHORITY"), + override_client_id=os.environ.get("ONEFUZZ_CLIENT_ID"), ) info = o.info.get() return func.HttpResponse(info.json()) diff --git a/src/cli/onefuzz/api.py b/src/cli/onefuzz/api.py index 8360777eb..302e0b514 100644 --- a/src/cli/onefuzz/api.py +++ b/src/cli/onefuzz/api.py @@ -1896,10 +1896,10 @@ class Onefuzz: def config( self, endpoint: Optional[str] = None, - authority: Optional[str] = None, - client_id: Optional[str] = None, + override_authority: Optional[str] = None, + override_client_id: Optional[str] = None, + override_tenant_domain: Optional[str] = None, enable_feature: Optional[PreviewFeature] = None, - tenant_domain: Optional[str] = None, reset: Optional[bool] = None, ) -> BackendConfig: """Configure onefuzz CLI""" @@ -1924,14 +1924,14 @@ class Onefuzz: "Missing HTTP Authentication" ) self._backend.config.endpoint = endpoint - if authority is not None: - self._backend.config.authority = authority - if client_id is not None: - self._backend.config.client_id = client_id + if override_authority is not None: + self._backend.config.authority = override_authority + if override_client_id is not None: + self._backend.config.client_id = override_client_id if enable_feature: self._backend.enable_feature(enable_feature.name) - if tenant_domain is not None: - self._backend.config.tenant_domain = tenant_domain + if override_tenant_domain is not None: + self._backend.config.tenant_domain = override_tenant_domain self._backend.app = None self._backend.save_config() diff --git a/src/cli/onefuzz/backend.py b/src/cli/onefuzz/backend.py index d4734d731..ec3bc7452 100644 --- a/src/cli/onefuzz/backend.py +++ b/src/cli/onefuzz/backend.py @@ -12,6 +12,7 @@ import sys import tempfile import time from dataclasses import asdict, is_dataclass +from datetime import datetime, timedelta from enum import Enum from typing import ( Any, @@ -97,6 +98,7 @@ class BackendConfig(BaseModel): endpoint: Optional[str] features: Set[str] = Field(default_factory=set) tenant_domain: str + expires_on: datetime = datetime.utcnow() + timedelta(hours=24) def get_multi_tenant_domain(self) -> Optional[str]: if "https://login.microsoftonline.com/common" in self.authority: @@ -326,7 +328,6 @@ class Backend: response = self.session.request("GET", endpoint + "/api/config") - logging.debug(response.json()) endpoint_params = responses.Config.parse_obj(response.json()) # Will override values in storage w/ provided values for SP use @@ -352,6 +353,13 @@ class Backend: if not endpoint: raise Exception("endpoint not configured") + # If file expires, remove and force user to reset + if datetime.utcnow() > self.config.expires_on: + os.remove(self.config_path) + self.config = BackendConfig( + endpoint=endpoint, authority="", client_id="", tenant_domain="" + ) + url = endpoint + "/api/" + path if self.config.client_id == "" or ( diff --git a/src/deployment/config.json b/src/deployment/config.json index c041d2b8d..6303a0989 100644 --- a/src/deployment/config.json +++ b/src/deployment/config.json @@ -1,8 +1,8 @@ { - "tenant_id": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "tenant_domain": "azurewebsites.net", + "tenant_id": "", + "tenant_domain": "", "multi_tenant_domain": "", - "cli_client_id": "72f1562a-8c0c-41ea-beb9-fa2b71c80134", + "cli_client_id": "", "proxy_nsg_config": { "allowed_ips": [ "*" diff --git a/src/deployment/deploy.py b/src/deployment/deploy.py index c1a5b5c87..6ff327d9d 100644 --- a/src/deployment/deploy.py +++ b/src/deployment/deploy.py @@ -147,12 +147,10 @@ class Client: create_registration: bool, migrations: List[str], export_appinsights: bool, - multi_tenant_domain: str, upgrade: bool, subscription_id: Optional[str], admins: List[UUID], allowed_aad_tenants: List[UUID], - cli_app_id: str, auto_create_cli_app: bool, host_dotnet_on_windows: bool, enable_profiler: bool, @@ -169,7 +167,6 @@ class Client: self.instance_specific = instance_specific self.third_party = third_party self.create_registration = create_registration - self.multi_tenant_domain = multi_tenant_domain self.custom_domain = custom_domain self.upgrade = upgrade self.results: Dict = { @@ -183,16 +180,17 @@ class Client: self.arm_template = bicep_to_arm(bicep_template) - self.cli_app_id = cli_app_id self.auto_create_cli_app = auto_create_cli_app self.host_dotnet_on_windows = host_dotnet_on_windows self.enable_profiler = enable_profiler self.rules: List[NsgRule] = [] + self.cli_app_id = "" + self.authority = "" self.tenant_id = "" self.tenant_domain = "" - self.authority = "" + self.multi_tenant_domain = "" self.cli_config: Dict[str, Union[str, UUID]] = { "client_id": "", @@ -1268,12 +1266,6 @@ def main() -> None: action="store_true", help="enable appinsight log export", ) - parser.add_argument( - "--multi_tenant_domain", - type=str, - default="", - help="enable multi-tenant authentication with this tenant domain", - ) parser.add_argument( "--subscription_id", type=str, @@ -1295,12 +1287,6 @@ def main() -> None: nargs="*", help="Set additional AAD tenants beyond the tenant the app is deployed in", ) - parser.add_argument( - "--cli_app_id", - type=str, - default="", - help="CLI App Registration to be used during deployment.", - ) parser.add_argument( "--auto_create_cli_app", action="store_true", @@ -1348,12 +1334,10 @@ def main() -> None: create_registration=args.create_pool_registration, migrations=args.apply_migrations, export_appinsights=args.export_appinsights, - multi_tenant_domain=args.multi_tenant_domain, upgrade=args.upgrade, subscription_id=args.subscription_id, admins=args.set_admins, allowed_aad_tenants=args.allowed_aad_tenants or [], - cli_app_id=args.cli_app_id, auto_create_cli_app=args.auto_create_cli_app, host_dotnet_on_windows=args.host_dotnet_on_windows, enable_profiler=args.enable_profiler, diff --git a/src/pytypes/onefuzztypes/responses.py b/src/pytypes/onefuzztypes/responses.py index e4ec5c2f4..fd42387db 100644 --- a/src/pytypes/onefuzztypes/responses.py +++ b/src/pytypes/onefuzztypes/responses.py @@ -56,6 +56,7 @@ class Config(BaseResponse): authority: str client_id: str tenant_domain: str + multi_tenant_domain: Optional[str] class ContainerInfoBase(BaseResponse):