ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-16 03:48:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Re-enable the retry logic for App Password creation (#338)

Browse Source
This commit is contained in:
bmc-msft
2020-11-24 08:00:31 -05:00
committed by GitHub
parent d47124fe8c
commit 905dc7c0d6
3 changed files with 39 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/deployment/data_migration.py
View File

@ -47,7 +47,6 @@ def migrate_notification_keys(table_service: TableService) -> None:
notifications = table_service.query_entities( notifications = table_service.query_entities(
table_name, select="PartitionKey,RowKey,config" table_name, select="PartitionKey,RowKey,config"
) )
partitionKey = None
count = 0 count = 0
for entry in notifications: for entry in notifications:

17
src/deployment/deploy.py
View File

@ -226,19 +226,7 @@ class Client:
sys.exit(1) sys.exit(1)
def create_password(self, object_id: UUID) -> Tuple[str, str]: def create_password(self, object_id: UUID) -> Tuple[str, str]:
# Work-around the race condition where the app is created but passwords cannot return add_application_password(object_id)
# be created yet.
count = 0
wait = 5
timeout_seconds = 60
while True:
time.sleep(wait)
count += 1
password = add_application_password(object_id)
if password:
return password
if count > timeout_seconds / wait:
raise Exception("creating password failed, trying again")
def setup_rbac(self) -> None: def setup_rbac(self) -> None:
""" """
@ -689,7 +677,8 @@ class Client:
if i + 1 < max_tries: if i + 1 < max_tries:
logger.debug("func failure error: %s", err) logger.debug("func failure error: %s", err)
logger.warning( logger.warning(
"function failed to deploy, waiting 60 seconds and trying again" "function failed to deploy, waiting 60 "
"seconds and trying again"
) )
time.sleep(60) time.sleep(60)
if error is not None: if error is not None:

49
src/deployment/registration.py
View File

@ -19,7 +19,6 @@ from azure.graphrbac import GraphRbacManagementClient
from azure.graphrbac.models import ( from azure.graphrbac.models import (
Application, Application,
ApplicationCreateParameters, ApplicationCreateParameters,
AppRole,
RequiredResourceAccess, RequiredResourceAccess,
ResourceAccess, ResourceAccess,
) )
@ -32,6 +31,7 @@ logger = logging.getLogger("deploy")
class GraphQueryError(Exception): class GraphQueryError(Exception):
def __init__(self, message: str, status_code: int) -> None: def __init__(self, message: str, status_code: int) -> None:
super(GraphQueryError, self).__init__(message) super(GraphQueryError, self).__init__(message)
self.message = message
self.status_code = status_code self.status_code = status_code
@ -211,6 +211,28 @@ def create_application_registration(
def add_application_password(app_object_id: UUID) -> Tuple[str, str]: def add_application_password(app_object_id: UUID) -> Tuple[str, str]:
# Work-around the race condition where the app is created but passwords cannot
# be created yet.
error: Optional[GraphQueryError] = None
count = 0
tries = 10
wait_duration = 10
while count < tries:
count += 1
try:
return add_application_password_impl(app_object_id)
except GraphQueryError as err:
error = err
logging.warning("unable to create app password: %s", err.message)
time.sleep(wait_duration)
if error:
raise error
else:
raise Exception("unable to create password")
def add_application_password_impl(app_object_id: UUID) -> Tuple[str, str]:
key = uuid4() key = uuid4()
password_request = { password_request = {
"passwordCredential": { "passwordCredential": {
@ -222,17 +244,14 @@ def add_application_password(app_object_id: UUID) -> Tuple[str, str]:
), ),
} }
} }
try:
password: Dict = query_microsoft_graph(
method="POST",
resource="applications/%s/addPassword" % app_object_id,
body=password_request,
)
return (str(key), password["secretText"]) password: Dict = query_microsoft_graph(
except GraphQueryError as err: method="POST",
logger.warning("creating password failed : %s" % err) resource="applications/%s/addPassword" % app_object_id,
raise err body=password_request,
)
return (str(key), password["secretText"])
def get_application(app_id: UUID) -> Optional[Any]: def get_application(app_id: UUID) -> Optional[Any]:
@ -312,7 +331,10 @@ def update_pool_registration(onefuzz_instance_name: str) -> None:
def assign_scaleset_role(onefuzz_instance_name: str, scaleset_name: str) -> None: def assign_scaleset_role(onefuzz_instance_name: str, scaleset_name: str) -> None:
""" Allows the nodes in the scaleset to access the service by assigning their managed identity to the ManagedNode Role """ """
Allows the nodes in the scaleset to access the service by assigning
their managed identity to the ManagedNode Role
"""
onefuzz_service_appId = query_microsoft_graph( onefuzz_service_appId = query_microsoft_graph(
method="GET", method="GET",
@ -354,7 +376,8 @@ def assign_scaleset_role(onefuzz_instance_name: str, scaleset_name: str) -> None
if not managed_node_role: if not managed_node_role:
raise Exception( raise Exception(
"ManagedNode role not found int the onefuzz application registration. Please redeploy the instance" "ManagedNode role not found in the OneFuzz application "
"registration. Please redeploy the instance"
) )
assignments = query_microsoft_graph( assignments = query_microsoft_graph(