ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-17 04:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

backdate SAS URLs to avoid time sync issues (#1195)

Browse Source
This commit is contained in:
bmc-msft
2021-08-27 13:00:15 -04:00
committed by GitHub
parent 9edeb371b1
commit 3d1766271e
1 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/api-service/__app__/onefuzzlib/azure/containers.py
View File

@ -7,7 +7,7 @@ import datetime
import logging import logging
import os import os
import urllib.parse import urllib.parse
from typing import Dict, Optional, Union, cast from typing import Dict, Optional, Tuple, Union, cast
from azure.common import AzureHttpError, AzureMissingResourceHttpError from azure.common import AzureHttpError, AzureMissingResourceHttpError
from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError from azure.core.exceptions import ResourceExistsError, ResourceNotFoundError
@ -158,6 +158,27 @@ def delete_container(container: Container, storage_type: StorageType) -> bool:
return deleted return deleted
def sas_time_window(
*, days: int, hours: int, minutes: int
) -> Tuple[datetime.datetime, datetime.datetime]:
# SAS URLs are valid 6 hours earlier, primarily to work around dev
# workstations having out-of-sync time. Additionally, SAS URLs are stopped
# 15 minutes later than requested based on "Be careful with SAS start time"
# guidance.
# Ref: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
SAS_START_TIME_DELTA = datetime.timedelta(hours=6)
SAS_END_TIME_DELTA = datetime.timedelta(minutes=15)
now = datetime.datetime.utcnow()
start = now - SAS_START_TIME_DELTA
expiry = (
now
+ datetime.timedelta(days=days, hours=hours, minutes=minutes)
+ SAS_END_TIME_DELTA
)
return (start, expiry)
def get_container_sas_url_service( def get_container_sas_url_service(
client: ContainerClient, client: ContainerClient,
*, *,
@ -167,11 +188,16 @@ def get_container_sas_url_service(
list_: bool = False, list_: bool = False,
delete_previous_version: bool = False, delete_previous_version: bool = False,
tag: bool = False, tag: bool = False,
days: int = 30,
hours: int = 0,
minutes: int = 0,
) -> str: ) -> str:
account_name = client.account_name account_name = client.account_name
container_name = client.container_name container_name = client.container_name
account_key = get_storage_account_name_key_by_name(account_name) account_key = get_storage_account_name_key_by_name(account_name)
start, expiry = sas_time_window(days=days, hours=hours, minutes=minutes)
sas = generate_container_sas( sas = generate_container_sas(
account_name, account_name,
container_name, container_name,
@ -184,7 +210,8 @@ def get_container_sas_url_service(
delete_previous_version=delete_previous_version, delete_previous_version=delete_previous_version,
tag=tag, tag=tag,
), ),
expiry=datetime.datetime.utcnow() + datetime.timedelta(days=30), start=start,
expiry=expiry,
) )
with_sas = ContainerClient( with_sas = ContainerClient(
@ -247,9 +274,8 @@ def get_file_sas_url(
raise Exception("unable to find container: %s - %s" % (container, storage_type)) raise Exception("unable to find container: %s - %s" % (container, storage_type))
account_key = get_storage_account_name_key_by_name(client.account_name) account_key = get_storage_account_name_key_by_name(client.account_name)
expiry = datetime.datetime.utcnow() + datetime.timedelta( start, expiry = sas_time_window(days=days, hours=hours, minutes=minutes)
days=days, hours=hours, minutes=minutes
)
permission = BlobSasPermissions( permission = BlobSasPermissions(
read=read, read=read,
add=add, add=add,
@ -266,6 +292,7 @@ def get_file_sas_url(
account_key=account_key, account_key=account_key,
permission=permission, permission=permission,
expiry=expiry, expiry=expiry,
start=start,
) )
with_sas = BlobClient( with_sas = BlobClient(