Skip to content

Commit

Permalink
Switching to SNI based authentication for aad app (Azure#3137)
Browse files Browse the repository at this point in the history
* SNI auth

* new env var

* pylint

(cherry picked from commit 81140ee)
  • Loading branch information
nagworld9 authored and maddieford committed Aug 13, 2024
1 parent 9b7dee6 commit d169f66
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 10 deletions.
2 changes: 1 addition & 1 deletion tests_e2e/orchestrator/docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ RUN \
cd $HOME && \
git clone https://github.com/microsoft/lisa.git && \
cd lisa && \
git checkout 2c16e32001fdefb9572dff61241451b648259dbf && \
git checkout 95c09ff7d5b6e71d1642a628607ac9bb441c69f5 && \
\
python3 -m pip install --upgrade pip && \
python3 -m pip install --editable .[azure,libvirt] --config-settings editable_mode=compat && \
Expand Down
3 changes: 3 additions & 0 deletions tests_e2e/pipeline/scripts/execute_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@ IP_ADDRESS=$(curl -4 ifconfig.io/ip)

# certificate location in the container
AZURE_CLIENT_CERTIFICATE_PATH="/home/waagent/app/cert.pem"
# Need to set this to True if we sue SNI based authentication for certificate
AZURE_CLIENT_SEND_CERTIFICATE_CHAIN="True"

docker run --rm \
--volume "$BUILD_SOURCESDIRECTORY:/home/waagent/WALinuxAgent" \
Expand All @@ -80,6 +82,7 @@ docker run --rm \
--env AZURE_CLIENT_ID \
--env AZURE_TENANT_ID \
--env AZURE_CLIENT_CERTIFICATE_PATH=$AZURE_CLIENT_CERTIFICATE_PATH \
--env AZURE_CLIENT_SEND_CERTIFICATE_CHAIN=$AZURE_CLIENT_SEND_CERTIFICATE_CHAIN \
waagenttests.azurecr.io/waagenttests \
bash --login -c \
"lisa \
Expand Down
8 changes: 4 additions & 4 deletions tests_e2e/tests/lib/network_security_rule.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

import json

from typing import Any, Dict, List
from typing import Any, Dict

from tests_e2e.tests.lib.update_arm_template import UpdateArmTemplate

Expand Down Expand Up @@ -55,7 +55,7 @@ def add_security_rule(self, security_rule: Dict[str, Any]) -> None:
self._get_network_security_group()["properties"]["securityRules"].append(security_rule)

def _get_network_security_group(self) -> Dict[str, Any]:
resources: List[Dict[str, Any]] = self._template["resources"]
resources: Dict[str, Dict[str, Any]] = self._template["resources"]
#
# If the NSG already exists, just return it
#
Expand All @@ -76,14 +76,14 @@ def _get_network_security_group(self) -> Dict[str, Any]:
"securityRules": []
}}
}}""")
resources.append(network_security_group)
nsg_reference = "network_security_groups"
resources[nsg_reference] = network_security_group

#
# Add a dependency on the NSG to the virtual network
#
network_resource = UpdateArmTemplate.get_resource(resources, "Microsoft.Network/virtualNetworks")
network_resource_dependencies = network_resource.get("dependsOn")
nsg_reference = f"[resourceId('Microsoft.Network/networkSecurityGroups', '{self._NETWORK_SECURITY_GROUP}')]"
if network_resource_dependencies is None:
network_resource["dependsOn"] = [nsg_reference]
else:
Expand Down
10 changes: 5 additions & 5 deletions tests_e2e/tests/lib/update_arm_template.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
#

from abc import ABC, abstractmethod
from typing import Any, Dict, List
from typing import Any, Dict


class UpdateArmTemplate(ABC):
Expand All @@ -32,25 +32,25 @@ def update(self, template: Dict[str, Any], is_lisa_template: bool) -> None:
"""

@staticmethod
def get_resource(resources: List[Dict[str, Any]], type_name: str) -> Any:
def get_resource(resources: Dict[str, Dict[str, Any]], type_name: str) -> Any:
"""
Returns the first resource of the specified type in the given 'resources' list.
Raises KeyError if no resource of the specified type is found.
"""
for item in resources:
for item in resources.values():
if item["type"] == type_name:
return item
raise KeyError(f"Cannot find a resource of type {type_name} in the ARM template")

@staticmethod
def get_resource_by_name(resources: List[Dict[str, Any]], resource_name: str, type_name: str) -> Any:
def get_resource_by_name(resources: Dict[str, Dict[str, Any]], resource_name: str, type_name: str) -> Any:
"""
Returns the first resource of the specified type and name in the given 'resources' list.
Raises KeyError if no resource of the specified type and name is found.
"""
for item in resources:
for item in resources.values():
if item["type"] == type_name and item["name"] == resource_name:
return item
raise KeyError(f"Cannot find a resource {resource_name} of type {type_name} in the ARM template")
Expand Down

0 comments on commit d169f66

Please sign in to comment.