ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-18 04:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Multi-tenant authentication support in CLI (#346)

Browse Source 
## Summary of the Pull Request

These are purposed changes to resolve ticket #344 

I have tested these changes and it does not effect or break the current functionality.

I don't necessarily expect this PR to be merged without some tweaks. I'll coordinate over the next week or so to get it right.

One coding issue I would like to discuss/highlight is the assumption (in code) that if "--tenant_domain" is used then the 'common' authority is also used. I am open to suggestions. 

## PR Checklist
* [X] Applies to work item: #344
* [X] CLA signed. If not, go over [here](https://cla.opensource.microsoft.com/microsoft/onefuzz) and sign the CLI.
* [X] Tests passed (with and without multitenant authentication)
* [?] Requires documentation to be updated
* [No] I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #344

## Info on Pull Request

Minor changes to the config file and the login process.

## Validation Steps Performed

Tested these changes with a multi-tenant enabled endpoint and a single-tenant endpoint.
This commit is contained in:
anslutsk
2021-01-06 04:35:47 -08:00
committed by GitHub
parent 986df8fcc6
commit 883f38cb87
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/cli/onefuzz/api.py
View File

@ -1499,6 +1499,7 @@ class Onefuzz:
client_id: Optional[str] = None, client_id: Optional[str] = None,
client_secret: Optional[str] = None, client_secret: Optional[str] = None,
enable_feature: Optional[PreviewFeature] = None, enable_feature: Optional[PreviewFeature] = None,
tenant_domain: Optional[str] = None,
) -> BackendConfig: ) -> BackendConfig:
""" Configure onefuzz CLI """ """ Configure onefuzz CLI """
self.logger.debug("set config") self.logger.debug("set config")
@ -1525,6 +1526,8 @@ class Onefuzz:
self._backend.config.client_secret = client_secret self._backend.config.client_secret = client_secret
if enable_feature: if enable_feature:
self._backend.enable_feature(enable_feature.name) self._backend.enable_feature(enable_feature.name)
if tenant_domain is not None:
self._backend.config.tenant_domain = tenant_domain
self._backend.app = None self._backend.app = None
self._backend.save_config() self._backend.save_config()

9
src/cli/onefuzz/backend.py
View File

@ -63,6 +63,7 @@ class BackendConfig(BaseModel):
client_secret: Optional[str] client_secret: Optional[str]
endpoint: Optional[str] endpoint: Optional[str]
features: Set[str] = Field(default_factory=set) features: Set[str] = Field(default_factory=set)
tenant_domain: Optional[str]
class Backend: class Backend:
@ -145,7 +146,13 @@ class Backend:
if not self.config.endpoint: if not self.config.endpoint:
raise Exception("endpoint not configured") raise Exception("endpoint not configured")
scopes = [self.config.endpoint + "/.default"] if self.config.tenant_domain:
endpoint = urlparse(self.config.endpoint).netloc.split(".")[0]
scopes = [
"https://" + self.config.tenant_domain + "/" + endpoint + "/.default"
]
else:
scopes = [self.config.endpoint + "/.default"]
if self.config.client_secret: if self.config.client_secret:
return self.client_secret(scopes) return self.client_secret(scopes)