mirror of
https://github.com/microsoft/onefuzz.git
synced 2025-06-19 21:13:46 +00:00
Fix equire_admin_privileges Logic. (#2016)
This commit is contained in:
Noah McGregor Harper
committed by
GitHub
GitHub
parent
01ad154c00
commit
79cc5d54d3
@ -690,7 +690,7 @@ If webhook is set to have Event Grid message format then the payload will look a
|
|||||||
"allowed_service_tags": []
|
"allowed_service_tags": []
|
||||||
},
|
},
|
||||||
"proxy_vm_sku": "Standard_B2s",
|
"proxy_vm_sku": "Standard_B2s",
|
||||||
"require_admin_privileges": true
|
"require_admin_privileges": false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -847,7 +847,7 @@ If webhook is set to have Event Grid message format then the payload will look a
|
|||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"require_admin_privileges": {
|
"require_admin_privileges": {
|
||||||
"default": true,
|
"default": false,
|
||||||
"title": "Require Admin Privileges",
|
"title": "Require Admin Privileges",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
@ -6041,7 +6041,7 @@ If webhook is set to have Event Grid message format then the payload will look a
|
|||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"require_admin_privileges": {
|
"require_admin_privileges": {
|
||||||
"default": true,
|
"default": false,
|
||||||
"title": "Require Admin Privileges",
|
"title": "Require Admin Privileges",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
|||||||
@ -113,7 +113,7 @@ def can_modify_config(req: func.HttpRequest, config: InstanceConfig) -> bool:
|
|||||||
def check_require_admins_impl(
|
def check_require_admins_impl(
|
||||||
config: InstanceConfig, user_info: UserInfo
|
config: InstanceConfig, user_info: UserInfo
|
||||||
) -> Optional[Error]:
|
) -> Optional[Error]:
|
||||||
if config.require_admin_privileges:
|
if not config.require_admin_privileges:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if config.admins is None:
|
if config.admins is None:
|
||||||
@ -137,9 +137,9 @@ def check_require_admins(req: func.HttpRequest) -> Optional[Error]:
|
|||||||
# To make changes while still protecting against accidental changes to
|
# To make changes while still protecting against accidental changes to
|
||||||
# pools, do the following:
|
# pools, do the following:
|
||||||
#
|
#
|
||||||
# 1. set `require_admin_privileges` to `True`
|
# 1. set `require_admin_privileges` to `False`
|
||||||
# 2. make the change
|
# 2. make the change
|
||||||
# 3. set `require_admin_privileges` to `False`
|
# 3. set `require_admin_privileges` to `True`
|
||||||
|
|
||||||
config = InstanceConfig.fetch()
|
config = InstanceConfig.fetch()
|
||||||
|
|
||||||
|
|||||||
@ -71,7 +71,7 @@ class TestAdmin(unittest.TestCase):
|
|||||||
self.assertIsNone(
|
self.assertIsNone(
|
||||||
check_require_admins_impl(
|
check_require_admins_impl(
|
||||||
InstanceConfig(
|
InstanceConfig(
|
||||||
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=True
|
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=False
|
||||||
),
|
),
|
||||||
UserInfo(),
|
UserInfo(),
|
||||||
)
|
)
|
||||||
@ -81,7 +81,7 @@ class TestAdmin(unittest.TestCase):
|
|||||||
self.assertIsNone(
|
self.assertIsNone(
|
||||||
check_require_admins_impl(
|
check_require_admins_impl(
|
||||||
InstanceConfig(
|
InstanceConfig(
|
||||||
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=True
|
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=False
|
||||||
),
|
),
|
||||||
UserInfo(object_id=user1),
|
UserInfo(object_id=user1),
|
||||||
)
|
)
|
||||||
@ -92,7 +92,7 @@ class TestAdmin(unittest.TestCase):
|
|||||||
check_require_admins_impl(
|
check_require_admins_impl(
|
||||||
InstanceConfig(
|
InstanceConfig(
|
||||||
allowed_aad_tenants=[UUID(int=0)],
|
allowed_aad_tenants=[UUID(int=0)],
|
||||||
require_admin_privileges=False,
|
require_admin_privileges=True,
|
||||||
admins=[user1],
|
admins=[user1],
|
||||||
),
|
),
|
||||||
UserInfo(object_id=user1),
|
UserInfo(object_id=user1),
|
||||||
@ -104,7 +104,7 @@ class TestAdmin(unittest.TestCase):
|
|||||||
check_require_admins_impl(
|
check_require_admins_impl(
|
||||||
InstanceConfig(
|
InstanceConfig(
|
||||||
allowed_aad_tenants=[UUID(int=0)],
|
allowed_aad_tenants=[UUID(int=0)],
|
||||||
require_admin_privileges=False,
|
require_admin_privileges=True,
|
||||||
admins=[user1],
|
admins=[user1],
|
||||||
),
|
),
|
||||||
UserInfo(),
|
UserInfo(),
|
||||||
@ -116,7 +116,7 @@ class TestAdmin(unittest.TestCase):
|
|||||||
check_require_admins_impl(
|
check_require_admins_impl(
|
||||||
InstanceConfig(
|
InstanceConfig(
|
||||||
allowed_aad_tenants=[UUID(int=0)],
|
allowed_aad_tenants=[UUID(int=0)],
|
||||||
require_admin_privileges=False,
|
require_admin_privileges=True,
|
||||||
admins=[user1],
|
admins=[user1],
|
||||||
),
|
),
|
||||||
UserInfo(object_id=user2),
|
UserInfo(object_id=user2),
|
||||||
|
|||||||
@ -872,7 +872,7 @@ class InstanceConfig(BaseModel):
|
|||||||
admins: Optional[List[UUID]] = None
|
admins: Optional[List[UUID]] = None
|
||||||
|
|
||||||
# if set, only admins can manage pools or scalesets
|
# if set, only admins can manage pools or scalesets
|
||||||
require_admin_privileges: bool = Field(default=True)
|
require_admin_privileges: bool = Field(default=False)
|
||||||
|
|
||||||
allowed_aad_tenants: List[UUID]
|
allowed_aad_tenants: List[UUID]
|
||||||
network_config: NetworkConfig = Field(default_factory=NetworkConfig)
|
network_config: NetworkConfig = Field(default_factory=NetworkConfig)
|
||||||
|
|||||||
Reference in New Issue
Block a user