ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-16 11:58:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make the log sas url last as long as the job duration (#2116)

Browse Source
This commit is contained in:
Cheick Keita
2022-07-01 18:40:02 -07:00
committed by GitHub
parent 262ad689f3
commit 61fc091f88
2 changed files with 17 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/api-service/__app__/download/__init__.py
View File

@ -3,6 +3,8 @@
# Copyright (c) Microsoft Corporation. # Copyright (c) Microsoft Corporation.
# Licensed under the MIT License. # Licensed under the MIT License.
from datetime import timedelta
import azure.functions as func import azure.functions as func
from onefuzztypes.enums import ErrorCode from onefuzztypes.enums import ErrorCode
from onefuzztypes.models import Error, FileEntry from onefuzztypes.models import Error, FileEntry
@ -40,8 +42,7 @@ def get(req: func.HttpRequest) -> func.HttpResponse:
request.filename, request.filename,
StorageType.corpus, StorageType.corpus,
read=True, read=True,
days=0, duration=timedelta(minutes=5),
minutes=5,
) )
) )

30
src/api-service/__app__/onefuzzlib/azure/containers.py
View File

@ -31,6 +31,8 @@ from .storage import (
get_storage_account_name_key_by_name, get_storage_account_name_key_by_name,
) )
CONTAINER_SAS_DEFAULT_DURATION = datetime.timedelta(days=30)
def get_url(account_name: str) -> str: def get_url(account_name: str) -> str:
return f"https://{account_name}.blob.core.windows.net/" return f"https://{account_name}.blob.core.windows.net/"
@ -109,12 +111,15 @@ def get_container_metadata(
return cast(Dict[str, str], result) return cast(Dict[str, str], result)
def add_container_sas_url(container_url: str) -> str: def add_container_sas_url(
container_url: str, duration: datetime.timedelta = CONTAINER_SAS_DEFAULT_DURATION
) -> str:
parsed = urllib.parse.urlparse(container_url) parsed = urllib.parse.urlparse(container_url)
query = urllib.parse.parse_qs(parsed.query) query = urllib.parse.parse_qs(parsed.query)
if "sig" in query: if "sig" in query:
return container_url return container_url
else: else:
start, expiry = sas_time_window(duration)
account_name = parsed.netloc.split(".")[0] account_name = parsed.netloc.split(".")[0]
account_key = get_storage_account_name_key_by_name(account_name) account_key = get_storage_account_name_key_by_name(account_name)
sas_token = generate_container_sas( sas_token = generate_container_sas(
@ -124,7 +129,8 @@ def add_container_sas_url(container_url: str) -> str:
permission=ContainerSasPermissions( permission=ContainerSasPermissions(
read=True, write=True, delete=True, list=True read=True, write=True, delete=True, list=True
), ),
expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=1), expiry=expiry,
start=start,
) )
return f"{container_url}?{sas_token}" return f"{container_url}?{sas_token}"
@ -189,7 +195,7 @@ def delete_container(container: Container, storage_type: StorageType) -> bool:
def sas_time_window( def sas_time_window(
*, days: int, hours: int, minutes: int duration: datetime.timedelta,
) -> Tuple[datetime.datetime, datetime.datetime]: ) -> Tuple[datetime.datetime, datetime.datetime]:
# SAS URLs are valid 6 hours earlier, primarily to work around dev # SAS URLs are valid 6 hours earlier, primarily to work around dev
# workstations having out-of-sync time. Additionally, SAS URLs are stopped # workstations having out-of-sync time. Additionally, SAS URLs are stopped
@ -201,11 +207,7 @@ def sas_time_window(
now = datetime.datetime.utcnow() now = datetime.datetime.utcnow()
start = now - SAS_START_TIME_DELTA start = now - SAS_START_TIME_DELTA
expiry = ( expiry = now + duration + SAS_END_TIME_DELTA
now
+ datetime.timedelta(days=days, hours=hours, minutes=minutes)
+ SAS_END_TIME_DELTA
)
return (start, expiry) return (start, expiry)
@ -218,15 +220,13 @@ def get_container_sas_url_service(
list_: bool = False, list_: bool = False,
delete_previous_version: bool = False, delete_previous_version: bool = False,
tag: bool = False, tag: bool = False,
days: int = 30, duration: datetime.timedelta = CONTAINER_SAS_DEFAULT_DURATION,
hours: int = 0,
minutes: int = 0,
) -> str: ) -> str:
account_name = client.account_name account_name = client.account_name
container_name = client.container_name container_name = client.container_name
account_key = get_storage_account_name_key_by_name(account_name) account_key = get_storage_account_name_key_by_name(account_name)
start, expiry = sas_time_window(days=days, hours=hours, minutes=minutes) start, expiry = sas_time_window(duration)
sas = generate_container_sas( sas = generate_container_sas(
account_name, account_name,
@ -295,16 +295,14 @@ def get_file_sas_url(
delete: bool = False, delete: bool = False,
delete_previous_version: bool = False, delete_previous_version: bool = False,
tag: bool = False, tag: bool = False,
days: int = 30, duration: datetime.timedelta = CONTAINER_SAS_DEFAULT_DURATION,
hours: int = 0,
minutes: int = 0,
) -> str: ) -> str:
client = find_container(container, storage_type) client = find_container(container, storage_type)
if not client: if not client:
raise Exception("unable to find container: %s - %s" % (container, storage_type)) raise Exception("unable to find container: %s - %s" % (container, storage_type))
account_key = get_storage_account_name_key_by_name(client.account_name) account_key = get_storage_account_name_key_by_name(client.account_name)
start, expiry = sas_time_window(days=days, hours=hours, minutes=minutes) start, expiry = sas_time_window(duration)
permission = BlobSasPermissions( permission = BlobSasPermissions(
read=read, read=read,