ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-19 13:03:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix equire_admin_privileges Logic. (#2016)

Browse Source
This commit is contained in:
Noah McGregor Harper
2022-06-03 15:59:08 -07:00
committed by GitHub
parent 01ad154c00
commit 79cc5d54d3
4 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/webhook_events.md
View File

@ -690,7 +690,7 @@ If webhook is set to have Event Grid message format then the payload will look a
"allowed_service_tags": []
},
"proxy_vm_sku": "Standard_B2s",
"require_admin_privileges": true
"require_admin_privileges": false
}
}
```
@ -847,7 +847,7 @@ If webhook is set to have Event Grid message format then the payload will look a
"type": "string"
},
"require_admin_privileges": {
"default": true,
"default": false,
"title": "Require Admin Privileges",
"type": "boolean"
},
@ -6041,7 +6041,7 @@ If webhook is set to have Event Grid message format then the payload will look a
"type": "string"
},
"require_admin_privileges": {
"default": true,
"default": false,
"title": "Require Admin Privileges",
"type": "boolean"
},

6
src/api-service/__app__/onefuzzlib/endpoint_authorization.py
View File

@ -113,7 +113,7 @@ def can_modify_config(req: func.HttpRequest, config: InstanceConfig) -> bool:
def check_require_admins_impl(
config: InstanceConfig, user_info: UserInfo
) -> Optional[Error]:
if config.require_admin_privileges:
if not config.require_admin_privileges:
return None
if config.admins is None:
@ -137,9 +137,9 @@ def check_require_admins(req: func.HttpRequest) -> Optional[Error]:
# To make changes while still protecting against accidental changes to
# pools, do the following:
#
# 1. set `require_admin_privileges` to `True`
# 1. set `require_admin_privileges` to `False`
# 2. make the change
# 3. set `require_admin_privileges` to `False`
# 3. set `require_admin_privileges` to `True`
config = InstanceConfig.fetch()

10
src/api-service/tests/test_auth_check.py
View File

@ -71,7 +71,7 @@ class TestAdmin(unittest.TestCase):
self.assertIsNone(
check_require_admins_impl(
InstanceConfig(
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=True
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=False
),
UserInfo(),
)
@ -81,7 +81,7 @@ class TestAdmin(unittest.TestCase):
self.assertIsNone(
check_require_admins_impl(
InstanceConfig(
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=True
allowed_aad_tenants=[UUID(int=0)], require_admin_privileges=False
),
UserInfo(object_id=user1),
)
@ -92,7 +92,7 @@ class TestAdmin(unittest.TestCase):
check_require_admins_impl(
InstanceConfig(
allowed_aad_tenants=[UUID(int=0)],
require_admin_privileges=False,
require_admin_privileges=True,
admins=[user1],
),
UserInfo(object_id=user1),
@ -104,7 +104,7 @@ class TestAdmin(unittest.TestCase):
check_require_admins_impl(
InstanceConfig(
allowed_aad_tenants=[UUID(int=0)],
require_admin_privileges=False,
require_admin_privileges=True,
admins=[user1],
),
UserInfo(),
@ -116,7 +116,7 @@ class TestAdmin(unittest.TestCase):
check_require_admins_impl(
InstanceConfig(
allowed_aad_tenants=[UUID(int=0)],
require_admin_privileges=False,
require_admin_privileges=True,
admins=[user1],
),
UserInfo(object_id=user2),

2
src/pytypes/onefuzztypes/models.py
View File

@ -872,7 +872,7 @@ class InstanceConfig(BaseModel):
admins: Optional[List[UUID]] = None
# if set, only admins can manage pools or scalesets
require_admin_privileges: bool = Field(default=True)
require_admin_privileges: bool = Field(default=False)
allowed_aad_tenants: List[UUID]
network_config: NetworkConfig = Field(default_factory=NetworkConfig)