mirror of
https://github.com/microsoft/onefuzz.git
synced 2025-06-15 19:38:11 +00:00
Updating AAD Docs and UserAssignment Roel Description. (#1581)
* Updating doc and role description. * Update src/deployment/deploy.py Co-authored-by: Cheick Keita <kcheick@gmail.com> * Update docs/AADEntitites.md Co-authored-by: Cheick Keita <kcheick@gmail.com> Co-authored-by: nharper285 <nharper285@gmail.com> Co-authored-by: Cheick Keita <kcheick@gmail.com>
This commit is contained in:
Noah McGregor Harper
committed by
GitHub
GitHub
parent
7c3beb4d6f
commit
f02f3f0ae2
@ -9,14 +9,19 @@ This is the registration of the OneFuzz instance.
|
|||||||
* value: ManagedNode
|
* value: ManagedNode
|
||||||
* Allowed Member types: Applications
|
* Allowed Member types: Applications
|
||||||
* _CliClient_
|
* _CliClient_
|
||||||
* value: ManagedNode
|
* value: CliClient
|
||||||
* Allowed Member types: Applications
|
* Allowed Member types: Applications
|
||||||
|
* _UserAssignment_
|
||||||
|
* value: UserAssignment
|
||||||
|
* Allowed Member types: Users/Groups
|
||||||
* API Permissions
|
* API Permissions
|
||||||
* _User.Read_ ([Microsoft Graph](https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions))
|
* _User.Read_ ([Microsoft Graph](https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions))
|
||||||
* scope
|
* scope
|
||||||
* `user_impersonation`
|
* `user_impersonation`
|
||||||
* Authorized application:
|
* Authorized application:
|
||||||
* OneFuzz CLI registration
|
* OneFuzz CLI registration
|
||||||
|
* Properties:
|
||||||
|
* Assignment required?: Yes
|
||||||
|
|
||||||
### OneFuzz Application Service Principal
|
### OneFuzz Application Service Principal
|
||||||
Service principal linked to the OneFuzz application registration.
|
Service principal linked to the OneFuzz application registration.
|
||||||
@ -42,3 +47,11 @@ This entity is available after the first deployment. This is the service princip
|
|||||||
* Service Principal
|
* Service Principal
|
||||||
* Permission
|
* Permission
|
||||||
* _ManagedNode_ (from OneFuzz Application registration)
|
* _ManagedNode_ (from OneFuzz Application registration)
|
||||||
|
|
||||||
|
### Deployment Service Principal
|
||||||
|
This entity is the 'user' service principal that invokes a OneFuzz deployment. This service principal is assigned access to the instance's primary App Registration.
|
||||||
|
|
||||||
|
* name: `<user_name_sp>`
|
||||||
|
* Service Principal
|
||||||
|
* Permission
|
||||||
|
* _UserAssignment_ (from OneFuzz Application registration)
|
||||||
|
|||||||
@ -324,7 +324,7 @@ class Client:
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"allowedMemberTypes": ["User"],
|
"allowedMemberTypes": ["User"],
|
||||||
"description": "Allows user access from the CLI.",
|
"description": "Allows user to access the OneFuzz instance.",
|
||||||
"displayName": OnefuzzAppRole.UserAssignment.value,
|
"displayName": OnefuzzAppRole.UserAssignment.value,
|
||||||
"id": str(uuid.uuid4()),
|
"id": str(uuid.uuid4()),
|
||||||
"isEnabled": True,
|
"isEnabled": True,
|
||||||
|
|||||||
Reference in New Issue
Block a user