ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-15 03:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Storing secrets in azure keyvault (#326)

Browse Source
This commit is contained in:
Cheick Keita
2021-01-25 08:12:07 -08:00
committed by GitHub
parent dc31ffc92b
commit 3f2883d38e
12 changed files with 358 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api-service/__app__/onefuzzlib/notifications/ado.py
View File

@ -27,6 +27,7 @@ from memoization import cached
from onefuzztypes.models import ADOTemplate, Report
from onefuzztypes.primitives import Container
from ..secrets import get_secret_string_value
from .common import Render, fail_task
@ -54,7 +55,8 @@ class ADO:
):
self.config = config
self.renderer = Render(container, filename, report)
self.client = get_ado_client(self.config.base_url, self.config.auth_token)
auth_token = get_secret_string_value(self.config.auth_token)
self.client = get_ado_client(self.config.base_url, auth_token)
self.project = self.render(self.config.project)
def render(self, template: str) -> str:

12
src/api-service/__app__/onefuzzlib/notifications/github_issues.py
View File

@ -10,9 +10,10 @@ from github3 import login
from github3.exceptions import GitHubException
from github3.issues import Issue
from onefuzztypes.enums import GithubIssueSearchMatch
from onefuzztypes.models import GithubIssueTemplate, Report
from onefuzztypes.models import GithubAuth, GithubIssueTemplate, Report
from onefuzztypes.primitives import Container
from ..secrets import get_secret_obj
from .common import Render, fail_task
@ -26,9 +27,12 @@ class GithubIssue:
):
self.config = config
self.report = report
self.gh = login(
username=config.auth.user, password=config.auth.personal_access_token
)
if isinstance(config.auth.secret, GithubAuth):
auth = config.auth.secret
else:
auth = get_secret_obj(config.auth.secret.url, GithubAuth)
self.gh = login(username=auth.user, password=auth.personal_access_token)
self.renderer = Render(container, filename, report)
def render(self, field: str) -> str:

4
src/api-service/__app__/onefuzzlib/notifications/teams.py
View File

@ -11,6 +11,7 @@ from onefuzztypes.models import Report, TeamsTemplate
from onefuzztypes.primitives import Container
from ..azure.containers import auth_download_url
from ..secrets import get_secret_string_value
from ..tasks.config import get_setup_container
from ..tasks.main import Task
@ -46,7 +47,8 @@ def send_teams_webhook(
if text:
message["sections"].append({"text": text})
response = requests.post(config.url, json=message)
config_url = get_secret_string_value(config.url)
response = requests.post(config_url, json=message)
if not response.ok:
logging.error("webhook failed %s %s", response.status_code, response.content)