retry when preauthorized application are invalid (#1175)

2025-06-16 11:58:09 +00:00 · 2021-08-25 09:53:13 -07:00
parent 0371139740
commit 822fa13667
1 changed files with 34 additions and 14 deletions
--- a/src/deployment/registration.py
+++ b/src/deployment/registration.py
@ -5,6 +5,7 @@

 import argparse
 import logging
+import re
 import time
 import urllib.parse
 from datetime import datetime, timedelta
@ -85,15 +86,16 @@ OperationResult = TypeVar("OperationResult")


 def retry(
-    operation: Callable[[], OperationResult],
+    operation: Callable[[Any], OperationResult],
    description: str,
    tries: int = 10,
    wait_duration: int = 10,
+    data: Any = None,
 ) -> OperationResult:
    count = 0
    while True:
        try:
-            return operation()
+            return operation(data)
        except GraphQueryError as err:
            error = err
            # modeled after AZ-CLI's handling of missing application
@ -279,7 +281,7 @@ def create_application_registration(
 def add_application_password(
    app_object_id: UUID, subscription_id: str
 ) -> Tuple[str, str]:
-    def create_password() -> Tuple[str, str]:
+    def create_password(data: Any) -> Tuple[str, str]:
        password = add_application_password_impl(app_object_id, subscription_id)
        logger.info("app password created")
        return password
@ -384,18 +386,36 @@ def authorize_application(

        onefuzz_app_id = onefuzz_app["id"]

-        def add_preauthorized_app() -> None:
-            query_microsoft_graph(
-                method="PATCH",
-                resource="applications/%s" % onefuzz_app_id,
-                body={
-                    "api": {
-                        "preAuthorizedApplications": preAuthorizedApplications.to_list()
-                    }
-                },
-            )
+        def add_preauthorized_app(app_list: List[Dict]) -> None:
+            try:
+                query_microsoft_graph(
+                    method="PATCH",
+                    resource="applications/%s" % onefuzz_app_id,
+                    body={"api": {"preAuthorizedApplications": app_list}},
+                )
+            except GraphQueryError as e:
+                m = re.search(
+                    "Property PreAuthorizedApplication references "
+                    "applications (.*) that cannot be found.",
+                    e.message,
+                )
+                if m:
+                    invalid_app_id = m.group(1)
+                    if invalid_app_id:
+                        for app in app_list:
+                            if app["appId"] == invalid_app_id:
+                                logger.warning(
+                                    f"removing invalid id {invalid_app_id} for the next request"
+                                )
+                                app_list.remove(app)

-        retry(add_preauthorized_app, "authorize application")
+                raise e
+
+        retry(
+            add_preauthorized_app,
+            "authorize application",
+            data=preAuthorizedApplications.to_list(),
+        )
    except AuthenticationError:
        logger.warning("*** Browse to: %s", FIX_URL % onefuzz_app_id)
        logger.warning("*** Then add the client application %s", registration_app_id)