mirror of
https://github.com/microsoft/onefuzz.git
synced 2025-06-16 03:48:09 +00:00
Update NSGs after changes to instance config (#1385)
* Refactor set_admins into configuration.py and update deployment params with nsg_config
* Fixing arguments.
* Param takes in network config json
* Fixing Client in deploy
* removing import
* Adding onefuzztypes to reqs.txt
* Reverting to single list
* Removing imports.
* Retriggering build
* Setting specific pip version for local testing.
* Removing imports?
* More imports.
* Fixing formatting.
* Updating how to parse nsg param.
* Removing old logging statements.
* Fixing types.
* REmoving bad log
* Removing local pip version.
* Removing comments
* fixing
* Formatting
* Fixing .split()
* Adding NSG rule checks and type.
* Formatting.
* Formatting.
* Removing imports.
* Fixing formatting.
* Testing formatting.
* Retrigger?
* New InstanceConfigClient class.
* Retrigger.
* Cherry picked commit.
* Reformatting.
* Actually fixing formatting.
* Fixing table_service call.
* Fixing return statement and nsg_rule pass.
* Full config.
* Removing commented out code.
* Fixing logic.
* Adding wildcard check.
* Code for updating NSGs when instance_config updated.
* Updating argument to set_allowed_rules
* Updating model to no longer be optional.
* Fixing args for set_allowed_rules
* trying to fix calls to get_nsg
* Updating calls to nsg lib
* Fixing imports.
* Updating calls to set_allowed and creating constructor for NSGConfig type.
* Removing constructor and manually setting default ip
* Fixing models.
* Hopefully fixing docs.
* Fix set_allowed call
* Adding error handling for update config.
* Changing to error check.
* Fixing error call.
* Fixing imports.
* Adding empty() function on request.
* Removing empty function.
* Fixing files for update.
* Fixing nsg.py.
* Fixing imports.
* removing commented code.
Co-authored-by: nharper285 <nharper285@gmail.com>
Update configuration.py to check for 'block all' configuration. (#1394)
* Creating InstanceConfig Attributes for NSG Refactor (#1331)
* Updating instance_config
* Updating attribute names.
* Updating list factory.
* Updating config attributes.
Co-authored-by: nharper285 <nharper285@gmail.com>
* NSG deployment on a creation of new debug/repro proxy. (#1340)
Co-authored-by: stas <statis@microsoft.com>
* Build fix (#1374)
* Bump reqwest from 0.11.4 to 0.11.5 in /src/proxy-manager (#1336)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump reqwest from 0.11.4 to 0.11.5 in /src/agent (#1335)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Work around for newly-upgraded pip breaking pip-licenses (#1346)
* Work around for newly upgrdaded pip breaking pip-licenses (can be reverted once https://github.com/raimon49/pip-licenses/issues/113 is fixed)
* Update .github/workflows/ci.yml
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
* Bump iced-x86 from 1.14.0 to 1.15.0 in /src/agent (#1337)
Bumps [iced-x86](https://github.com/icedland/iced) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/icedland/iced/releases)
- [Commits](https://github.com/icedland/iced/compare/v1.14.0...v1.15.0)
---
updated-dependencies:
- dependency-name: iced-x86
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* revert pip breaking pip-licenses workaround (#1348)
Co-authored-by: stas <statis@microsoft.com>
* Bump thiserror from 1.0.29 to 1.0.30 in /src/proxy-manager (#1341)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30)
---
updated-dependencies:
- dependency-name: thiserror
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump thiserror from 1.0.29 to 1.0.30 in /src/agent (#1342)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30)
---
updated-dependencies:
- dependency-name: thiserror
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump strum from 0.21.0 to 0.22.0 in /src/agent (#1343)
Bumps [strum](https://github.com/Peternator7/strum) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/Peternator7/strum/releases)
- [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Peternator7/strum/commits)
---
updated-dependencies:
- dependency-name: strum
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump azure cli to 2.27.2 (#1355)
* Bump azure cli to 2.27.2
* fixing up add-corpus-storage-account script
Co-authored-by: stas <statis@microsoft.com>
* Bump azure-identity to 1.6.1 (#1356)
Co-authored-by: stas <statis@microsoft.com>
* Bump strum_macros from 0.21.1 to 0.22.0 in /src/agent (#1344)
Bumps [strum_macros](https://github.com/Peternator7/strum) from 0.21.1 to 0.22.0.
- [Release notes](https://github.com/Peternator7/strum/releases)
- [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Peternator7/strum/commits)
---
updated-dependencies:
- dependency-name: strum_macros
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc Greisen <marc@greisen.org>
* Bump sysinfo from 0.20.4 to 0.20.5 in /src/agent (#1353)
Bumps [sysinfo](https://github.com/GuillaumeGomez/sysinfo) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/GuillaumeGomez/sysinfo/releases)
- [Changelog](https://github.com/GuillaumeGomez/sysinfo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GuillaumeGomez/sysinfo/commits)
---
updated-dependencies:
- dependency-name: sysinfo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Release 3.2.0 (#1361)
* Release 3.2.0
* Added python dependencies
* Update CHANGELOG.md
Co-authored-by: Cheick Keita <kcheick@gmail.com>
* Update CHANGELOG.md
Co-authored-by: Joe Ranweiler <joe@lemma.co>
* Update grammar
* Update CHANGELOG.md
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: Cheick Keita <kcheick@gmail.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
* Temporarily ignore non-actionable `cargo audit` errors (#1365)
* Azure DevOps notifications not appearing (#1370)
Co-authored-by: stas <statis@microsoft.com>
* Bump procfs from 0.10.1 to 0.11.0 in /src/agent (#1360)
Bumps [procfs](https://github.com/eminence/procfs) from 0.10.1 to 0.11.0.
- [Release notes](https://github.com/eminence/procfs/releases)
- [Commits](https://github.com/eminence/procfs/compare/v0.10.1...v0.11.0)
---
updated-dependencies:
- dependency-name: procfs
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc Greisen <marc@greisen.org>
* Bump structopt from 0.3.23 to 0.3.25 in /src/agent (#1364)
Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.3.23 to 0.3.25.
- [Release notes](https://github.com/TeXitoi/structopt/releases)
- [Changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TeXitoi/structopt/compare/v0.3.23...v0.3.25)
---
updated-dependencies:
- dependency-name: structopt
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump reqwest from 0.11.5 to 0.11.6 in /src/proxy-manager (#1367)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.5...v0.11.6)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: Marc Greisen <marc@greisen.org>
Co-authored-by: Cheick Keita <kcheick@gmail.com>
Co-authored-by: Joe Ranweiler <joranwei@microsoft.com>
* Delete NSG if no resources associated with it (#1358)
Co-authored-by: stas <statis@microsoft.com>
* Update NSGs after changes to instance config (#1385)
* Refactor set_admins into configuration.py and update deployment params with nsg_config
* Fixing arguments.
* Param takes in network config json
* Fixing Client in deploy
* removing import
* Adding onefuzztypes to reqs.txt
* Reverting to single list
* Removing imports.
* Retriggering build
* Setting specific pip version for local testing.
* Removing imports?
* More imports.
* Fixing formatting.
* Updating how to parse nsg param.
* Removing old logging statements.
* Fixing types.
* REmoving bad log
* Removing local pip version.
* Removing comments
* fixing
* Formatting
* Fixing .split()
* Adding NSG rule checks and type.
* Formatting.
* Formatting.
* Removing imports.
* Fixing formatting.
* Testing formatting.
* Retrigger?
* New InstanceConfigClient class.
* Retrigger.
* Cherry picked commit.
* Reformatting.
* Actually fixing formatting.
* Fixing table_service call.
* Fixing return statement and nsg_rule pass.
* Full config.
* Removing commented out code.
* Fixing logic.
* Adding wildcard check.
* Code for updating NSGs when instance_config updated.
* Updating argument to set_allowed_rules
* Updating model to no longer be optional.
* Fixing args for set_allowed_rules
* trying to fix calls to get_nsg
* Updating calls to nsg lib
* Fixing imports.
* Updating calls to set_allowed and creating constructor for NSGConfig type.
* Removing constructor and manually setting default ip
* Fixing models.
* Hopefully fixing docs.
* Fix set_allowed call
* Adding error handling for update config.
* Changing to error check.
* Fixing error call.
* Fixing imports.
* Adding empty() function on request.
* Removing empty function.
* Fixing files for update.
* Fixing nsg.py.
* Fixing imports.
* removing commented code.
Co-authored-by: nharper285 <nharper285@gmail.com>
* Aligning feature branch with main (#1389)
* Bump reqwest from 0.11.4 to 0.11.5 in /src/proxy-manager (#1336)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump reqwest from 0.11.4 to 0.11.5 in /src/agent (#1335)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Work around for newly-upgraded pip breaking pip-licenses (#1346)
* Work around for newly upgrdaded pip breaking pip-licenses (can be reverted once https://github.com/raimon49/pip-licenses/issues/113 is fixed)
* Update .github/workflows/ci.yml
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
* Bump iced-x86 from 1.14.0 to 1.15.0 in /src/agent (#1337)
Bumps [iced-x86](https://github.com/icedland/iced) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/icedland/iced/releases)
- [Commits](https://github.com/icedland/iced/compare/v1.14.0...v1.15.0)
---
updated-dependencies:
- dependency-name: iced-x86
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* revert pip breaking pip-licenses workaround (#1348)
Co-authored-by: stas <statis@microsoft.com>
* Bump thiserror from 1.0.29 to 1.0.30 in /src/proxy-manager (#1341)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30)
---
updated-dependencies:
- dependency-name: thiserror
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump thiserror from 1.0.29 to 1.0.30 in /src/agent (#1342)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30)
---
updated-dependencies:
- dependency-name: thiserror
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump strum from 0.21.0 to 0.22.0 in /src/agent (#1343)
Bumps [strum](https://github.com/Peternator7/strum) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/Peternator7/strum/releases)
- [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Peternator7/strum/commits)
---
updated-dependencies:
- dependency-name: strum
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump azure cli to 2.27.2 (#1355)
* Bump azure cli to 2.27.2
* fixing up add-corpus-storage-account script
Co-authored-by: stas <statis@microsoft.com>
* Bump azure-identity to 1.6.1 (#1356)
Co-authored-by: stas <statis@microsoft.com>
* Bump strum_macros from 0.21.1 to 0.22.0 in /src/agent (#1344)
Bumps [strum_macros](https://github.com/Peternator7/strum) from 0.21.1 to 0.22.0.
- [Release notes](https://github.com/Peternator7/strum/releases)
- [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Peternator7/strum/commits)
---
updated-dependencies:
- dependency-name: strum_macros
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc Greisen <marc@greisen.org>
* Bump sysinfo from 0.20.4 to 0.20.5 in /src/agent (#1353)
Bumps [sysinfo](https://github.com/GuillaumeGomez/sysinfo) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/GuillaumeGomez/sysinfo/releases)
- [Changelog](https://github.com/GuillaumeGomez/sysinfo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GuillaumeGomez/sysinfo/commits)
---
updated-dependencies:
- dependency-name: sysinfo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Release 3.2.0 (#1361)
* Release 3.2.0
* Added python dependencies
* Update CHANGELOG.md
Co-authored-by: Cheick Keita <kcheick@gmail.com>
* Update CHANGELOG.md
Co-authored-by: Joe Ranweiler <joe@lemma.co>
* Update grammar
* Update CHANGELOG.md
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: Cheick Keita <kcheick@gmail.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
* Temporarily ignore non-actionable `cargo audit` errors (#1365)
* Azure DevOps notifications not appearing (#1370)
Co-authored-by: stas <statis@microsoft.com>
* Bump procfs from 0.10.1 to 0.11.0 in /src/agent (#1360)
Bumps [procfs](https://github.com/eminence/procfs) from 0.10.1 to 0.11.0.
- [Release notes](https://github.com/eminence/procfs/releases)
- [Commits](https://github.com/eminence/procfs/compare/v0.10.1...v0.11.0)
---
updated-dependencies:
- dependency-name: procfs
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc Greisen <marc@greisen.org>
* Bump structopt from 0.3.23 to 0.3.25 in /src/agent (#1364)
Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.3.23 to 0.3.25.
- [Release notes](https://github.com/TeXitoi/structopt/releases)
- [Changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/TeXitoi/structopt/compare/v0.3.23...v0.3.25)
---
updated-dependencies:
- dependency-name: structopt
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump reqwest from 0.11.5 to 0.11.6 in /src/proxy-manager (#1367)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.5...v0.11.6)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump reqwest from 0.11.5 to 0.11.6 in /src/agent (#1368)
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.5...v0.11.6)
---
updated-dependencies:
- dependency-name: reqwest
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump crossterm from 0.21.0 to 0.22.1 in /src/agent (#1369)
Bumps [crossterm](https://github.com/crossterm-rs/crossterm) from 0.21.0 to 0.22.1.
- [Release notes](https://github.com/crossterm-rs/crossterm/releases)
- [Changelog](https://github.com/crossterm-rs/crossterm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crossterm-rs/crossterm/commits)
---
updated-dependencies:
- dependency-name: crossterm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc Greisen <marc@greisen.org>
* Fix validation of `target_exe` blob name (#1371)
* NSG Updated After CLI Update to Instance_Config (#1375)
* Creating InstanceConfig Attributes for NSG Refactor (#1331)
* Updating instance_config
* Updating attribute names.
* Updating list factory.
* Updating config attributes.
Co-authored-by: nharper285 <nharper285@gmail.com>
* NSG deployment on a creation of new debug/repro proxy. (#1340)
Co-authored-by: stas <statis@microsoft.com>
* Code for updating NSGs when instance_config updated.
* Updating argument to set_allowed_rules
* Temporarily ignore non-actionable `cargo audit` errors (#1365)
* Updating model to no longer be optional.
* Fixing args for set_allowed_rules
* trying to fix calls to get_nsg
* Updating calls to nsg lib
* Fixing imports.
* Updating calls to set_allowed and creating constructor for NSGConfig type.
* Removing constructor and manually setting default ip
* Fixing models.
* Hopefully fixing docs.
* Fix set_allowed call
* Adding error handling for update config.
* Changing to error check.
* Fixing error call.
* Fixing imports.
* Updating instanceconfig retrieval.
* Fixing imports.
* Adding empty() function on request.
* Fixing name of function.
* Removing empty function.
Co-authored-by: nharper285 <nharper285@gmail.com>
Co-authored-by: Stas <stishkin@live.com>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Joe Ranweiler <joranwei@microsoft.com>
* Revert "NSG Updated After CLI Update to Instance_Config (#1375)" (#1384)
This reverts commit 357bc4fcad.
* Bump backtrace from 0.3.61 to 0.3.62 in /src/agent (#1382)
Bumps [backtrace](https://github.com/rust-lang/backtrace-rs) from 0.3.61 to 0.3.62.
- [Release notes](https://github.com/rust-lang/backtrace-rs/releases)
- [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.61...0.3.62)
---
updated-dependencies:
- dependency-name: backtrace
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc Greisen <marc@greisen.org>
* Set compiler env vars to effect Win10 SDK downgrade (#1388)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: Marc Greisen <marc@greisen.org>
Co-authored-by: Cheick Keita <kcheick@gmail.com>
Co-authored-by: Joe Ranweiler <joranwei@microsoft.com>
Co-authored-by: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com>
Co-authored-by: nharper285 <nharper285@gmail.com>
* Updating configuration.py to check for 'block all' config.
* Fixing error message.
* associate subnets with NSG (#1393)
* associate subnets with NSG
change NSG rule protocol to ANY
* subnet wait
* Improve NSG update logic
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: nharper285 <nharper285@gmail.com>
Co-authored-by: Stas <stishkin@live.com>
Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joe Ranweiler <joe@lemma.co>
Co-authored-by: Marc Greisen <marc@greisen.org>
Co-authored-by: Cheick Keita <kcheick@gmail.com>
Co-authored-by: Joe Ranweiler <joranwei@microsoft.com>
This commit is contained in:
Noah McGregor Harper
committed by
Stas
Stas
parent
93cee17689
commit
cbe6ef8e40
@ -17,7 +17,7 @@ from azure.mgmt.network.models import (
|
||||
)
|
||||
from msrestazure.azure_exceptions import CloudError
|
||||
from onefuzztypes.enums import ErrorCode
|
||||
from onefuzztypes.models import Error
|
||||
from onefuzztypes.models import Error, NetworkSecurityGroupConfig
|
||||
from onefuzztypes.primitives import Region
|
||||
from pydantic import BaseModel, validator
|
||||
|
||||
@ -127,7 +127,7 @@ def delete_nsg(name: str) -> bool:
|
||||
return False
|
||||
|
||||
|
||||
def set_allowed(name: str, sources: List[str]) -> Union[None, Error]:
|
||||
def set_allowed(name: str, sources: NetworkSecurityGroupConfig) -> Union[None, Error]:
|
||||
resource_group = get_base_resource_group()
|
||||
nsg = get_nsg(name)
|
||||
if not nsg:
|
||||
@ -141,6 +141,7 @@ def set_allowed(name: str, sources: List[str]) -> Union[None, Error]:
|
||||
resource_group,
|
||||
name,
|
||||
)
|
||||
all_sources = sources.allowed_ips + sources.allowed_service_tags
|
||||
security_rules = []
|
||||
# NSG security rule priority range defined here:
|
||||
# https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
|
||||
@ -148,17 +149,17 @@ def set_allowed(name: str, sources: List[str]) -> Union[None, Error]:
|
||||
# NSG rules per NSG limits:
|
||||
# https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#networking-limits
|
||||
max_rule_count = 1000
|
||||
if len(sources) > max_rule_count:
|
||||
if len(all_sources) > max_rule_count:
|
||||
return Error(
|
||||
code=ErrorCode.INVALID_REQUEST,
|
||||
errors=[
|
||||
"too many rules provided %d. Max allowed: %d"
|
||||
% ((len(sources)), max_rule_count),
|
||||
% ((len(all_sources)), max_rule_count),
|
||||
],
|
||||
)
|
||||
|
||||
priority = min_priority
|
||||
for src in sources:
|
||||
for src in all_sources:
|
||||
security_rules.append(
|
||||
SecurityRule(
|
||||
name="Allow" + str(priority),
|
||||
@ -173,7 +174,7 @@ def set_allowed(name: str, sources: List[str]) -> Union[None, Error]:
|
||||
)
|
||||
)
|
||||
# Will not exceed `max_rule_count` or max NSG priority (4096)
|
||||
# due to earlier check of `len(sources)`.
|
||||
# due to earlier check of `len(all_sources)`.
|
||||
priority += 1
|
||||
|
||||
nsg.security_rules = security_rules
|
||||
@ -181,7 +182,7 @@ def set_allowed(name: str, sources: List[str]) -> Union[None, Error]:
|
||||
|
||||
|
||||
def clear_all_rules(name: str) -> Union[None, Error]:
|
||||
return set_allowed(name, [])
|
||||
return set_allowed(name, NetworkSecurityGroupConfig())
|
||||
|
||||
|
||||
def get_all_rules(name: str) -> Union[Error, List[SecurityRule]]:
|
||||
@ -328,7 +329,9 @@ class NSG(BaseModel):
|
||||
def get(self) -> Optional[NetworkSecurityGroup]:
|
||||
return get_nsg(self.name)
|
||||
|
||||
def set_allowed_sources(self, sources: List[str]) -> Union[None, Error]:
|
||||
def set_allowed_sources(
|
||||
self, sources: NetworkSecurityGroupConfig
|
||||
) -> Union[None, Error]:
|
||||
return set_allowed(self.name, sources)
|
||||
|
||||
def clear_all_rules(self) -> Union[None, Error]:
|
||||
|
||||
@ -101,7 +101,9 @@ class Proxy(ORMMixin):
|
||||
self.set_failed(result)
|
||||
return
|
||||
|
||||
result = nsg.set_allowed_sources(["*"])
|
||||
config = InstanceConfig.fetch()
|
||||
nsg_config = config.proxy_nsg_config
|
||||
result = nsg.set_allowed_sources(nsg_config)
|
||||
if isinstance(result, Error):
|
||||
self.set_failed(result)
|
||||
return
|
||||
|
||||
@ -21,6 +21,7 @@ from .azure.ip import get_public_ip
|
||||
from .azure.nsg import NSG
|
||||
from .azure.storage import StorageType
|
||||
from .azure.vm import VM
|
||||
from .config import InstanceConfig
|
||||
from .extension import repro_extensions
|
||||
from .orm import ORMMixin, QueryFilter
|
||||
from .reports import get_report
|
||||
@ -95,7 +96,9 @@ class Repro(BASE_REPRO, ORMMixin):
|
||||
self.set_failed(result)
|
||||
return
|
||||
|
||||
result = nsg.set_allowed_sources(["*"])
|
||||
config = InstanceConfig.fetch()
|
||||
nsg_config = config.proxy_nsg_config
|
||||
result = nsg.set_allowed_sources(nsg_config)
|
||||
if isinstance(result, Error):
|
||||
self.set_failed(result)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user