From 81140ee669b39458a31cf12d1c802351bf12bfda Mon Sep 17 00:00:00 2001 From: Nageswara Nandigam <84482346+nagworld9@users.noreply.github.com> Date: Mon, 10 Jun 2024 11:14:05 -0700 Subject: [PATCH] Switching to SNI based authentication for aad app (#3137) * SNI auth * new env var * pylint --- tests_e2e/orchestrator/docker/Dockerfile | 2 +- tests_e2e/pipeline/scripts/execute_tests.sh | 3 +++ tests_e2e/tests/lib/network_security_rule.py | 8 ++++---- tests_e2e/tests/lib/update_arm_template.py | 10 +++++----- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/tests_e2e/orchestrator/docker/Dockerfile b/tests_e2e/orchestrator/docker/Dockerfile index 597e57418b..219c9b8694 100644 --- a/tests_e2e/orchestrator/docker/Dockerfile +++ b/tests_e2e/orchestrator/docker/Dockerfile @@ -67,7 +67,7 @@ RUN \ cd $HOME && \ git clone https://github.com/microsoft/lisa.git && \ cd lisa && \ - git checkout 2c16e32001fdefb9572dff61241451b648259dbf && \ + git checkout 95c09ff7d5b6e71d1642a628607ac9bb441c69f5 && \ \ python3 -m pip install --upgrade pip && \ python3 -m pip install --editable .[azure,libvirt] --config-settings editable_mode=compat && \ diff --git a/tests_e2e/pipeline/scripts/execute_tests.sh b/tests_e2e/pipeline/scripts/execute_tests.sh index 37716ec493..6c751d6a78 100755 --- a/tests_e2e/pipeline/scripts/execute_tests.sh +++ b/tests_e2e/pipeline/scripts/execute_tests.sh @@ -74,6 +74,8 @@ IP_ADDRESS=$(curl -4 ifconfig.io/ip) # certificate location in the container AZURE_CLIENT_CERTIFICATE_PATH="/home/waagent/app/cert.pem" +# Need to set this to True if we sue SNI based authentication for certificate +AZURE_CLIENT_SEND_CERTIFICATE_CHAIN="True" docker run --rm \ --volume "$BUILD_SOURCESDIRECTORY:/home/waagent/WALinuxAgent" \ @@ -83,6 +85,7 @@ docker run --rm \ --env AZURE_CLIENT_ID \ --env AZURE_TENANT_ID \ --env AZURE_CLIENT_CERTIFICATE_PATH=$AZURE_CLIENT_CERTIFICATE_PATH \ + --env AZURE_CLIENT_SEND_CERTIFICATE_CHAIN=$AZURE_CLIENT_SEND_CERTIFICATE_CHAIN \ waagenttests.azurecr.io/waagenttests \ bash --login -c \ "lisa \ diff --git a/tests_e2e/tests/lib/network_security_rule.py b/tests_e2e/tests/lib/network_security_rule.py index 8df51b2048..d2f67d19cb 100644 --- a/tests_e2e/tests/lib/network_security_rule.py +++ b/tests_e2e/tests/lib/network_security_rule.py @@ -17,7 +17,7 @@ import json -from typing import Any, Dict, List +from typing import Any, Dict from tests_e2e.tests.lib.update_arm_template import UpdateArmTemplate @@ -55,7 +55,7 @@ def add_security_rule(self, security_rule: Dict[str, Any]) -> None: self._get_network_security_group()["properties"]["securityRules"].append(security_rule) def _get_network_security_group(self) -> Dict[str, Any]: - resources: List[Dict[str, Any]] = self._template["resources"] + resources: Dict[str, Dict[str, Any]] = self._template["resources"] # # If the NSG already exists, just return it # @@ -76,14 +76,14 @@ def _get_network_security_group(self) -> Dict[str, Any]: "securityRules": [] }} }}""") - resources.append(network_security_group) + nsg_reference = "network_security_groups" + resources[nsg_reference] = network_security_group # # Add a dependency on the NSG to the virtual network # network_resource = UpdateArmTemplate.get_resource(resources, "Microsoft.Network/virtualNetworks") network_resource_dependencies = network_resource.get("dependsOn") - nsg_reference = f"[resourceId('Microsoft.Network/networkSecurityGroups', '{self._NETWORK_SECURITY_GROUP}')]" if network_resource_dependencies is None: network_resource["dependsOn"] = [nsg_reference] else: diff --git a/tests_e2e/tests/lib/update_arm_template.py b/tests_e2e/tests/lib/update_arm_template.py index 010178ab9c..2fc1b09805 100644 --- a/tests_e2e/tests/lib/update_arm_template.py +++ b/tests_e2e/tests/lib/update_arm_template.py @@ -16,7 +16,7 @@ # from abc import ABC, abstractmethod -from typing import Any, Dict, List +from typing import Any, Dict class UpdateArmTemplate(ABC): @@ -32,25 +32,25 @@ def update(self, template: Dict[str, Any], is_lisa_template: bool) -> None: """ @staticmethod - def get_resource(resources: List[Dict[str, Any]], type_name: str) -> Any: + def get_resource(resources: Dict[str, Dict[str, Any]], type_name: str) -> Any: """ Returns the first resource of the specified type in the given 'resources' list. Raises KeyError if no resource of the specified type is found. """ - for item in resources: + for item in resources.values(): if item["type"] == type_name: return item raise KeyError(f"Cannot find a resource of type {type_name} in the ARM template") @staticmethod - def get_resource_by_name(resources: List[Dict[str, Any]], resource_name: str, type_name: str) -> Any: + def get_resource_by_name(resources: Dict[str, Dict[str, Any]], resource_name: str, type_name: str) -> Any: """ Returns the first resource of the specified type and name in the given 'resources' list. Raises KeyError if no resource of the specified type and name is found. """ - for item in resources: + for item in resources.values(): if item["type"] == type_name and item["name"] == resource_name: return item raise KeyError(f"Cannot find a resource {resource_name} of type {type_name} in the ARM template")