Update NSGs after changes to instance config (#1385)

* Refactor set_admins into configuration.py and update deployment params with nsg_config * Fixing arguments. * Param takes in network config json * Fixing Client in deploy * removing import * Adding onefuzztypes to reqs.txt * Reverting to single list * Removing imports. * Retriggering build * Setting specific pip version for local testing. * Removing imports? * More imports. * Fixing formatting. * Updating how to parse nsg param. * Removing old logging statements. * Fixing types. * REmoving bad log * Removing local pip version. * Removing comments * fixing * Formatting * Fixing .split() * Adding NSG rule checks and type. * Formatting. * Formatting. * Removing imports. * Fixing formatting. * Testing formatting. * Retrigger? * New InstanceConfigClient class. * Retrigger. * Cherry picked commit. * Reformatting. * Actually fixing formatting. * Fixing table_service call. * Fixing return statement and nsg_rule pass. * Full config. * Removing commented out code. * Fixing logic. * Adding wildcard check. * Code for updating NSGs when instance_config updated. * Updating argument to set_allowed_rules * Updating model to no longer be optional. * Fixing args for set_allowed_rules * trying to fix calls to get_nsg * Updating calls to nsg lib * Fixing imports. * Updating calls to set_allowed and creating constructor for NSGConfig type. * Removing constructor and manually setting default ip * Fixing models. * Hopefully fixing docs. * Fix set_allowed call * Adding error handling for update config. * Changing to error check. * Fixing error call. * Fixing imports. * Adding empty() function on request. * Removing empty function. * Fixing files for update. * Fixing nsg.py. * Fixing imports. * removing commented code. Co-authored-by: nharper285 <nharper285@gmail.com> Update configuration.py to check for 'block all' configuration. (#1394) * Creating InstanceConfig Attributes for NSG Refactor (#1331) * Updating instance_config * Updating attribute names. * Updating list factory. * Updating config attributes. Co-authored-by: nharper285 <nharper285@gmail.com> * NSG deployment on a creation of new debug/repro proxy. (#1340) Co-authored-by: stas <statis@microsoft.com> * Build fix (#1374) * Bump reqwest from 0.11.4 to 0.11.5 in /src/proxy-manager (#1336) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump reqwest from 0.11.4 to 0.11.5 in /src/agent (#1335) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Work around for newly-upgraded pip breaking pip-licenses (#1346) * Work around for newly upgrdaded pip breaking pip-licenses (can be reverted once https://github.com/raimon49/pip-licenses/issues/113 is fixed) * Update .github/workflows/ci.yml Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: stas <statis@microsoft.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> * Bump iced-x86 from 1.14.0 to 1.15.0 in /src/agent (#1337) Bumps [iced-x86](https://github.com/icedland/iced) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/icedland/iced/releases) - [Commits](https://github.com/icedland/iced/compare/v1.14.0...v1.15.0) --- updated-dependencies: - dependency-name: iced-x86 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * revert pip breaking pip-licenses workaround (#1348) Co-authored-by: stas <statis@microsoft.com> * Bump thiserror from 1.0.29 to 1.0.30 in /src/proxy-manager (#1341) Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump thiserror from 1.0.29 to 1.0.30 in /src/agent (#1342) Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump strum from 0.21.0 to 0.22.0 in /src/agent (#1343) Bumps [strum](https://github.com/Peternator7/strum) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/Peternator7/strum/releases) - [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md) - [Commits](https://github.com/Peternator7/strum/commits) --- updated-dependencies: - dependency-name: strum dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump azure cli to 2.27.2 (#1355) * Bump azure cli to 2.27.2 * fixing up add-corpus-storage-account script Co-authored-by: stas <statis@microsoft.com> * Bump azure-identity to 1.6.1 (#1356) Co-authored-by: stas <statis@microsoft.com> * Bump strum_macros from 0.21.1 to 0.22.0 in /src/agent (#1344) Bumps [strum_macros](https://github.com/Peternator7/strum) from 0.21.1 to 0.22.0. - [Release notes](https://github.com/Peternator7/strum/releases) - [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md) - [Commits](https://github.com/Peternator7/strum/commits) --- updated-dependencies: - dependency-name: strum_macros dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marc Greisen <marc@greisen.org> * Bump sysinfo from 0.20.4 to 0.20.5 in /src/agent (#1353) Bumps [sysinfo](https://github.com/GuillaumeGomez/sysinfo) from 0.20.4 to 0.20.5. - [Release notes](https://github.com/GuillaumeGomez/sysinfo/releases) - [Changelog](https://github.com/GuillaumeGomez/sysinfo/blob/master/CHANGELOG.md) - [Commits](https://github.com/GuillaumeGomez/sysinfo/commits) --- updated-dependencies: - dependency-name: sysinfo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Release 3.2.0 (#1361) * Release 3.2.0 * Added python dependencies * Update CHANGELOG.md Co-authored-by: Cheick Keita <kcheick@gmail.com> * Update CHANGELOG.md Co-authored-by: Joe Ranweiler <joe@lemma.co> * Update grammar * Update CHANGELOG.md Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: Cheick Keita <kcheick@gmail.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> * Temporarily ignore non-actionable `cargo audit` errors (#1365) * Azure DevOps notifications not appearing (#1370) Co-authored-by: stas <statis@microsoft.com> * Bump procfs from 0.10.1 to 0.11.0 in /src/agent (#1360) Bumps [procfs](https://github.com/eminence/procfs) from 0.10.1 to 0.11.0. - [Release notes](https://github.com/eminence/procfs/releases) - [Commits](https://github.com/eminence/procfs/compare/v0.10.1...v0.11.0) --- updated-dependencies: - dependency-name: procfs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marc Greisen <marc@greisen.org> * Bump structopt from 0.3.23 to 0.3.25 in /src/agent (#1364) Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.3.23 to 0.3.25. - [Release notes](https://github.com/TeXitoi/structopt/releases) - [Changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md) - [Commits](https://github.com/TeXitoi/structopt/compare/v0.3.23...v0.3.25) --- updated-dependencies: - dependency-name: structopt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump reqwest from 0.11.5 to 0.11.6 in /src/proxy-manager (#1367) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.5 to 0.11.6. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.5...v0.11.6) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: stas <statis@microsoft.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: Marc Greisen <marc@greisen.org> Co-authored-by: Cheick Keita <kcheick@gmail.com> Co-authored-by: Joe Ranweiler <joranwei@microsoft.com> * Delete NSG if no resources associated with it (#1358) Co-authored-by: stas <statis@microsoft.com> * Update NSGs after changes to instance config (#1385) * Refactor set_admins into configuration.py and update deployment params with nsg_config * Fixing arguments. * Param takes in network config json * Fixing Client in deploy * removing import * Adding onefuzztypes to reqs.txt * Reverting to single list * Removing imports. * Retriggering build * Setting specific pip version for local testing. * Removing imports? * More imports. * Fixing formatting. * Updating how to parse nsg param. * Removing old logging statements. * Fixing types. * REmoving bad log * Removing local pip version. * Removing comments * fixing * Formatting * Fixing .split() * Adding NSG rule checks and type. * Formatting. * Formatting. * Removing imports. * Fixing formatting. * Testing formatting. * Retrigger? * New InstanceConfigClient class. * Retrigger. * Cherry picked commit. * Reformatting. * Actually fixing formatting. * Fixing table_service call. * Fixing return statement and nsg_rule pass. * Full config. * Removing commented out code. * Fixing logic. * Adding wildcard check. * Code for updating NSGs when instance_config updated. * Updating argument to set_allowed_rules * Updating model to no longer be optional. * Fixing args for set_allowed_rules * trying to fix calls to get_nsg * Updating calls to nsg lib * Fixing imports. * Updating calls to set_allowed and creating constructor for NSGConfig type. * Removing constructor and manually setting default ip * Fixing models. * Hopefully fixing docs. * Fix set_allowed call * Adding error handling for update config. * Changing to error check. * Fixing error call. * Fixing imports. * Adding empty() function on request. * Removing empty function. * Fixing files for update. * Fixing nsg.py. * Fixing imports. * removing commented code. Co-authored-by: nharper285 <nharper285@gmail.com> * Aligning feature branch with main (#1389) * Bump reqwest from 0.11.4 to 0.11.5 in /src/proxy-manager (#1336) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump reqwest from 0.11.4 to 0.11.5 in /src/agent (#1335) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Work around for newly-upgraded pip breaking pip-licenses (#1346) * Work around for newly upgrdaded pip breaking pip-licenses (can be reverted once https://github.com/raimon49/pip-licenses/issues/113 is fixed) * Update .github/workflows/ci.yml Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: stas <statis@microsoft.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> * Bump iced-x86 from 1.14.0 to 1.15.0 in /src/agent (#1337) Bumps [iced-x86](https://github.com/icedland/iced) from 1.14.0 to 1.15.0. - [Release notes](https://github.com/icedland/iced/releases) - [Commits](https://github.com/icedland/iced/compare/v1.14.0...v1.15.0) --- updated-dependencies: - dependency-name: iced-x86 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * revert pip breaking pip-licenses workaround (#1348) Co-authored-by: stas <statis@microsoft.com> * Bump thiserror from 1.0.29 to 1.0.30 in /src/proxy-manager (#1341) Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump thiserror from 1.0.29 to 1.0.30 in /src/agent (#1342) Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.29 to 1.0.30. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.29...1.0.30) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump strum from 0.21.0 to 0.22.0 in /src/agent (#1343) Bumps [strum](https://github.com/Peternator7/strum) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/Peternator7/strum/releases) - [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md) - [Commits](https://github.com/Peternator7/strum/commits) --- updated-dependencies: - dependency-name: strum dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump azure cli to 2.27.2 (#1355) * Bump azure cli to 2.27.2 * fixing up add-corpus-storage-account script Co-authored-by: stas <statis@microsoft.com> * Bump azure-identity to 1.6.1 (#1356) Co-authored-by: stas <statis@microsoft.com> * Bump strum_macros from 0.21.1 to 0.22.0 in /src/agent (#1344) Bumps [strum_macros](https://github.com/Peternator7/strum) from 0.21.1 to 0.22.0. - [Release notes](https://github.com/Peternator7/strum/releases) - [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md) - [Commits](https://github.com/Peternator7/strum/commits) --- updated-dependencies: - dependency-name: strum_macros dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marc Greisen <marc@greisen.org> * Bump sysinfo from 0.20.4 to 0.20.5 in /src/agent (#1353) Bumps [sysinfo](https://github.com/GuillaumeGomez/sysinfo) from 0.20.4 to 0.20.5. - [Release notes](https://github.com/GuillaumeGomez/sysinfo/releases) - [Changelog](https://github.com/GuillaumeGomez/sysinfo/blob/master/CHANGELOG.md) - [Commits](https://github.com/GuillaumeGomez/sysinfo/commits) --- updated-dependencies: - dependency-name: sysinfo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Release 3.2.0 (#1361) * Release 3.2.0 * Added python dependencies * Update CHANGELOG.md Co-authored-by: Cheick Keita <kcheick@gmail.com> * Update CHANGELOG.md Co-authored-by: Joe Ranweiler <joe@lemma.co> * Update grammar * Update CHANGELOG.md Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: Cheick Keita <kcheick@gmail.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> * Temporarily ignore non-actionable `cargo audit` errors (#1365) * Azure DevOps notifications not appearing (#1370) Co-authored-by: stas <statis@microsoft.com> * Bump procfs from 0.10.1 to 0.11.0 in /src/agent (#1360) Bumps [procfs](https://github.com/eminence/procfs) from 0.10.1 to 0.11.0. - [Release notes](https://github.com/eminence/procfs/releases) - [Commits](https://github.com/eminence/procfs/compare/v0.10.1...v0.11.0) --- updated-dependencies: - dependency-name: procfs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marc Greisen <marc@greisen.org> * Bump structopt from 0.3.23 to 0.3.25 in /src/agent (#1364) Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.3.23 to 0.3.25. - [Release notes](https://github.com/TeXitoi/structopt/releases) - [Changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md) - [Commits](https://github.com/TeXitoi/structopt/compare/v0.3.23...v0.3.25) --- updated-dependencies: - dependency-name: structopt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump reqwest from 0.11.5 to 0.11.6 in /src/proxy-manager (#1367) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.5 to 0.11.6. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.5...v0.11.6) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump reqwest from 0.11.5 to 0.11.6 in /src/agent (#1368) Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.5 to 0.11.6. - [Release notes](https://github.com/seanmonstar/reqwest/releases) - [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md) - [Commits](https://github.com/seanmonstar/reqwest/compare/v0.11.5...v0.11.6) --- updated-dependencies: - dependency-name: reqwest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump crossterm from 0.21.0 to 0.22.1 in /src/agent (#1369) Bumps [crossterm](https://github.com/crossterm-rs/crossterm) from 0.21.0 to 0.22.1. - [Release notes](https://github.com/crossterm-rs/crossterm/releases) - [Changelog](https://github.com/crossterm-rs/crossterm/blob/master/CHANGELOG.md) - [Commits](https://github.com/crossterm-rs/crossterm/commits) --- updated-dependencies: - dependency-name: crossterm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marc Greisen <marc@greisen.org> * Fix validation of `target_exe` blob name (#1371) * NSG Updated After CLI Update to Instance_Config (#1375) * Creating InstanceConfig Attributes for NSG Refactor (#1331) * Updating instance_config * Updating attribute names. * Updating list factory. * Updating config attributes. Co-authored-by: nharper285 <nharper285@gmail.com> * NSG deployment on a creation of new debug/repro proxy. (#1340) Co-authored-by: stas <statis@microsoft.com> * Code for updating NSGs when instance_config updated. * Updating argument to set_allowed_rules * Temporarily ignore non-actionable `cargo audit` errors (#1365) * Updating model to no longer be optional. * Fixing args for set_allowed_rules * trying to fix calls to get_nsg * Updating calls to nsg lib * Fixing imports. * Updating calls to set_allowed and creating constructor for NSGConfig type. * Removing constructor and manually setting default ip * Fixing models. * Hopefully fixing docs. * Fix set_allowed call * Adding error handling for update config. * Changing to error check. * Fixing error call. * Fixing imports. * Updating instanceconfig retrieval. * Fixing imports. * Adding empty() function on request. * Fixing name of function. * Removing empty function. Co-authored-by: nharper285 <nharper285@gmail.com> Co-authored-by: Stas <stishkin@live.com> Co-authored-by: stas <statis@microsoft.com> Co-authored-by: Joe Ranweiler <joranwei@microsoft.com> * Revert "NSG Updated After CLI Update to Instance_Config (#1375)" (#1384) This reverts commit 357bc4fcad. * Bump backtrace from 0.3.61 to 0.3.62 in /src/agent (#1382) Bumps [backtrace](https://github.com/rust-lang/backtrace-rs) from 0.3.61 to 0.3.62. - [Release notes](https://github.com/rust-lang/backtrace-rs/releases) - [Commits](https://github.com/rust-lang/backtrace-rs/compare/0.3.61...0.3.62) --- updated-dependencies: - dependency-name: backtrace dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marc Greisen <marc@greisen.org> * Set compiler env vars to effect Win10 SDK downgrade (#1388) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: stas <statis@microsoft.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: Marc Greisen <marc@greisen.org> Co-authored-by: Cheick Keita <kcheick@gmail.com> Co-authored-by: Joe Ranweiler <joranwei@microsoft.com> Co-authored-by: Noah McGregor Harper <74685766+nharper285@users.noreply.github.com> Co-authored-by: nharper285 <nharper285@gmail.com> * Updating configuration.py to check for 'block all' config. * Fixing error message. * associate subnets with NSG (#1393) * associate subnets with NSG change NSG rule protocol to ANY * subnet wait * Improve NSG update logic Co-authored-by: stas <statis@microsoft.com> Co-authored-by: nharper285 <nharper285@gmail.com> Co-authored-by: Stas <stishkin@live.com> Co-authored-by: stas <statis@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joe Ranweiler <joe@lemma.co> Co-authored-by: Marc Greisen <marc@greisen.org> Co-authored-by: Cheick Keita <kcheick@gmail.com> Co-authored-by: Joe Ranweiler <joranwei@microsoft.com>
2025-06-13 02:28:10 +00:00 · 2021-10-22 07:00:46 -07:00
parent 93cee17689
commit cbe6ef8e40
10 changed files with 233 additions and 82 deletions
--- a/src/deployment/configuration.py
+++ b/src/deployment/configuration.py
@ -0,0 +1,157 @@
+#!/usr/bin/env python
+#
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+import ipaddress
+import json
+import logging
+from typing import List, Optional
+from uuid import UUID
+
+from azure.cosmosdb.table.tableservice import TableService
+
+storage_client_logger = logging.getLogger("azure.cosmosdb.table.common.storageclient")
+TABLE_NAME = "InstanceConfig"
+
+logger = logging.getLogger("deploy")
+
+
+class InstanceConfigClient:
+
+    table_service: TableService
+    resource_group: str
+
+    def __init__(self, table_service: TableService, resource_group: str):
+        self.resource_group = resource_group
+        self.table_service = table_service
+        self.create_if_missing(table_service)
+
+    ## Disable logging from storageclient. This module displays an error message
+    ## when a resource is not found even if the exception is raised and handled internally.
+    ## This happen when a table does not exist. An error message is displayed but the exception is
+    ## handled by the library.
+    def disable_storage_client_logging(self) -> None:
+        if storage_client_logger:
+            storage_client_logger.disabled = True
+
+    def enable_storage_client_logging(self) -> None:
+        if storage_client_logger:
+            storage_client_logger.disabled = False
+
+    def create_if_missing(self, table_service: TableService) -> None:
+        try:
+            self.disable_storage_client_logging()
+
+            if not table_service.exists(TABLE_NAME):
+                table_service.create_table(TABLE_NAME)
+        finally:
+            self.enable_storage_client_logging()
+
+
+class NsgRule:
+
+    rule: str
+    is_tag: bool
+
+    def __init__(self, rule: str):
+        try:
+            self.is_tag = False
+            self.check_rule(rule)
+            self.rule = rule
+        except Exception:
+            raise ValueError(
+                "Invalid rule. Please provide a valid rule or supply the wild card *."
+            )
+
+    def check_rule(self, value: str) -> None:
+        if value is None:
+            raise ValueError(
+                "Please provide a valid rule or supply the empty string '' to block all sources or the wild card * to allow all sources."
+            )
+        # Check block all
+        if len(value.strip()) == 0:
+            return
+        # Check Wild Card
+        if value == "*":
+            return
+        # Check if IP Address
+        try:
+            ipaddress.ip_address(value)
+            return
+        except ValueError:
+            pass
+        # Check if IP Range
+        try:
+            ipaddress.ip_network(value)
+            return
+        except ValueError:
+            pass
+
+        self.is_tag = True
+
+
+def update_allowed_aad_tenants(
+    config_client: InstanceConfigClient, tenants: List[UUID]
+) -> None:
+    as_str = [str(x) for x in tenants]
+    config_client.table_service.insert_or_merge_entity(
+        TABLE_NAME,
+        {
+            "PartitionKey": config_client.resource_group,
+            "RowKey": config_client.resource_group,
+            "allowed_aad_tenants": json.dumps(as_str),
+        },
+    )
+
+
+def update_admins(config_client: InstanceConfigClient, admins: List[UUID]) -> None:
+    admins_as_str: Optional[List[str]] = None
+    if admins:
+        admins_as_str = [str(x) for x in admins]
+
+    config_client.table_service.insert_or_merge_entity(
+        TABLE_NAME,
+        {
+            "PartitionKey": config_client.resource_group,
+            "RowKey": config_client.resource_group,
+            "admins": json.dumps(admins_as_str),
+        },
+    )
+
+
+def parse_rules(rules_str: str) -> List[NsgRule]:
+    rules_list = rules_str.split(",")
+
+    nsg_rules = []
+    for rule in rules_list:
+        try:
+            nsg_rule = NsgRule(rule)
+            nsg_rules.append(nsg_rule)
+        except Exception:
+            raise ValueError(
+                "One or more input rules was invalid. Please enter a comma-separted list if valid sources."
+            )
+    return nsg_rules
+
+
+def update_nsg(
+    config_client: InstanceConfigClient,
+    allowed_rules: List[NsgRule],
+) -> None:
+    tags_as_str = [x.rule for x in allowed_rules if x.is_tag]
+    ips_as_str = [x.rule for x in allowed_rules if not x.is_tag]
+    nsg_config = {"allowed_service_tags": tags_as_str, "allowed_ips": ips_as_str}
+    # create class initialized by table service/resource group outside function that's checked in deploy.py
+    config_client.table_service.insert_or_merge_entity(
+        TABLE_NAME,
+        {
+            "PartitionKey": config_client.resource_group,
+            "RowKey": config_client.resource_group,
+            "proxy_nsg_config": json.dumps(nsg_config),
+        },
+    )
+
+
+if __name__ == "__main__":
+    pass
--- a/src/deployment/deploy.py
+++ b/src/deployment/deploy.py
@ -47,6 +47,13 @@ from azure.storage.blob import (
 )
 from msrest.serialization import TZ_UTC

+from configuration import (
+    InstanceConfigClient,
+    parse_rules,
+    update_admins,
+    update_allowed_aad_tenants,
+    update_nsg,
+)
 from data_migration import migrate
 from registration import (
    GraphQueryError,
@ -61,7 +68,6 @@ from registration import (
    set_app_audience,
    update_pool_registration,
 )
-from set_admins import update_admins, update_allowed_aad_tenants

 # Found by manually assigning the User.Read permission to application
 # registration in the admin portal. The values are in the manifest under
@ -104,6 +110,7 @@ class Client:
        location: str,
        application_name: str,
        owner: str,
+        nsg_config: str,
        client_id: Optional[str],
        client_secret: Optional[str],
        app_zip: str,
@ -127,6 +134,7 @@ class Client:
        self.location = location
        self.application_name = application_name
        self.owner = owner
+        self.nsg_config = nsg_config
        self.app_zip = app_zip
        self.tools = tools
        self.instance_specific = instance_specific
@ -608,13 +616,19 @@ class Client:
        tenant = UUID(self.results["deploy"]["tenant_id"]["value"])
        table_service = TableService(account_name=name, account_key=key)

+        config_client = InstanceConfigClient(table_service, self.application_name)
+
+        if self.nsg_config:
+            rules = parse_rules(self.nsg_config)
+            update_nsg(config_client, rules)
+
        if self.admins:
-            update_admins(table_service, self.application_name, self.admins)
+            update_admins(config_client, self.admins)

        tenants = self.allowed_aad_tenants
        if tenant not in tenants:
            tenants.append(tenant)
-        update_allowed_aad_tenants(table_service, self.application_name, tenants)
+        update_allowed_aad_tenants(config_client, tenants)

    def create_eventgrid(self) -> None:
        logger.info("creating eventgrid subscription")
@ -972,6 +986,7 @@ def main() -> None:
    parser.add_argument("resource_group")
    parser.add_argument("application_name")
    parser.add_argument("owner")
+    parser.add_argument("nsg_config")
    parser.add_argument(
        "--arm-template",
        type=arg_file,
@ -1079,6 +1094,7 @@ def main() -> None:
        location=args.location,
        application_name=args.application_name,
        owner=args.owner,
+        nsg_config=args.nsg_config,
        client_id=args.client_id,
        client_secret=args.client_secret,
        app_zip=args.app_zip,
--- a/src/deployment/requirements.txt
+++ b/src/deployment/requirements.txt
@ -8,4 +8,4 @@ azure-storage-blob==12.8.1
 pyfunctional==1.4.3
 pyopenssl==19.1.0
 adal~=1.2.5
-idna<3,>=2.5
+idna<3,>=2.5
--- a/src/deployment/set_admins.py
+++ b/src/deployment/set_admins.py
@ -4,74 +4,17 @@
 # Licensed under the MIT License.

 import argparse
-import json
-import logging
-from typing import List, Optional
 from uuid import UUID

 from azure.common.client_factory import get_client_from_cli_profile
 from azure.cosmosdb.table.tableservice import TableService
 from azure.mgmt.storage import StorageManagementClient

-storage_client_logger = logging.getLogger("azure.cosmosdb.table.common.storageclient")
-TABLE_NAME = "InstanceConfig"
-
-
-## Disable logging from storageclient. This module displays an error message
-## when a resource is not found even if the exception is raised and handled internally.
-## This happen when a table does not exist. An error message is displayed but the exception is
-## handled by the library.
-def disable_storage_client_logging() -> None:
-    if storage_client_logger:
-        storage_client_logger.disabled = True
-
-
-def enable_storage_client_logging() -> None:
-    if storage_client_logger:
-        storage_client_logger.disabled = False
-
-
-def create_if_missing(table_service: TableService) -> None:
-    try:
-        disable_storage_client_logging()
-
-        if not table_service.exists(TABLE_NAME):
-            table_service.create_table(TABLE_NAME)
-    finally:
-        enable_storage_client_logging()
-
-
-def update_allowed_aad_tenants(
-    table_service: TableService, resource_group: str, tenants: List[UUID]
-) -> None:
-    create_if_missing(table_service)
-    as_str = [str(x) for x in tenants]
-    table_service.insert_or_merge_entity(
-        TABLE_NAME,
-        {
-            "PartitionKey": resource_group,
-            "RowKey": resource_group,
-            "allowed_aad_tenants": json.dumps(as_str),
-        },
-    )
-
-
-def update_admins(
-    table_service: TableService, resource_group: str, admins: List[UUID]
-) -> None:
-    create_if_missing(table_service)
-    admins_as_str: Optional[List[str]] = None
-    if admins:
-        admins_as_str = [str(x) for x in admins]
-
-    table_service.insert_or_merge_entity(
-        TABLE_NAME,
-        {
-            "PartitionKey": resource_group,
-            "RowKey": resource_group,
-            "admins": json.dumps(admins_as_str),
-        },
-    )
+from configuration import (
+    InstanceConfigClient,
+    update_admins,
+    update_allowed_aad_tenants,
+)


 def main() -> None:
@ -90,12 +33,11 @@ def main() -> None:
    table_service = TableService(
        account_name=args.storage_account, account_key=storage_keys.keys[0].value
    )
+    config_client = InstanceConfigClient(table_service, args.resource_group)
    if args.admins:
-        update_admins(table_service, args.resource_group, args.admins)
+        update_admins(config_client, args.admins)
    if args.allowed_aad_tenants:
-        update_allowed_aad_tenants(
-            table_service, args.resource_group, args.allowed_aad_tenants
-        )
+        update_allowed_aad_tenants(config_client, args.allowed_aad_tenants)


 if __name__ == "__main__":