pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source Azure Environment Values from Config

Browse Source 
This commit switches a few previously hardcoded values to be parsed from configuration, either from the SDK or current consts.
This commit is contained in:
tomdds 2020-01-27 16:49:19 -05:00
parent 49edd028a0
commit 475ceaed7c
2 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
atst/domain/csp/cloud/azure_cloud_provider.py
View File

@ -27,16 +27,16 @@ from .models import (
) )
from .policy import AzurePolicyManager from .policy import AzurePolicyManager
AZURE_ENVIRONMENT = "AZURE_PUBLIC_CLOUD" # TBD
AZURE_SKU_ID = "?" # probably a static sku specific to ATAT/JEDI
SUBSCRIPTION_ID_REGEX = re.compile( SUBSCRIPTION_ID_REGEX = re.compile(
"subscriptions\/([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})", "subscriptions\/([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})",
re.I, re.I,
) )
# This needs to be a fully pathed role definition identifier, not just a UUID # This needs to be a fully pathed role definition identifier, not just a UUID
# TODO: Extract these from sdk msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
AZURE_SKU_ID = "0001" # probably a static sku specific to ATAT/JEDI
REMOTE_ROOT_ROLE_DEF_ID = "/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-4000-8000-000000000000" REMOTE_ROOT_ROLE_DEF_ID = "/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-4000-8000-000000000000"
AZURE_MANAGEMENT_API = "https://management.azure.com"
class AzureSDKProvider(object): class AzureSDKProvider(object):
@ -47,8 +47,6 @@ class AzureSDKProvider(object):
import azure.common.credentials as credentials import azure.common.credentials as credentials
import azure.identity as identity import azure.identity as identity
from azure.keyvault import secrets from azure.keyvault import secrets
from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
import adal import adal
import requests import requests
@ -63,7 +61,10 @@ class AzureSDKProvider(object):
self.exceptions = exceptions self.exceptions = exceptions
self.secrets = secrets self.secrets = secrets
self.requests = requests self.requests = requests
# may change to a JEDI cloud
# TODO: choose cloud type from config
from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
self.cloud = AZURE_PUBLIC_CLOUD self.cloud = AZURE_PUBLIC_CLOUD
@ -298,7 +299,7 @@ class AzureCloudProvider(CloudProviderInterface):
} }
result = self.sdk.requests.post( result = self.sdk.requests.post(
"https://management.azure.com/providers/Microsoft.SignUp/createTenant?api-version=2020-01-01-preview", f"{self.sdk.cloud.endpoints.resource_manager}/providers/Microsoft.SignUp/createTenant?api-version=2020-01-01-preview",
json=create_tenant_body, json=create_tenant_body,
headers=create_tenant_headers, headers=create_tenant_headers,
) )
@ -329,7 +330,7 @@ class AzureCloudProvider(CloudProviderInterface):
"Authorization": f"Bearer {sp_token}", "Authorization": f"Bearer {sp_token}",
} }
billing_account_create_url = f"https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles?api-version=2019-10-01-preview" billing_account_create_url = f"{self.sdk.cloud.endpoints.resource_manager}/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles?api-version=2019-10-01-preview"
result = self.sdk.requests.post( result = self.sdk.requests.post(
billing_account_create_url, billing_account_create_url,
@ -387,7 +388,7 @@ class AzureCloudProvider(CloudProviderInterface):
"Authorization": f"Bearer {sp_token}", "Authorization": f"Bearer {sp_token}",
} }
url = f"https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles/{payload.billing_profile_name}/createBillingRoleAssignment?api-version=2019-10-01-preview" url = f"{self.sdk.cloud.endpoints.resource_manager}/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles/{payload.billing_profile_name}/createBillingRoleAssignment?api-version=2019-10-01-preview"
result = self.sdk.requests.post(url, headers=headers, json=request_body) result = self.sdk.requests.post(url, headers=headers, json=request_body)
if result.status_code == 201: if result.status_code == 201:
@ -403,7 +404,7 @@ class AzureCloudProvider(CloudProviderInterface):
{ {
"op": "replace", "op": "replace",
"path": "/enabledAzurePlans", "path": "/enabledAzurePlans",
"value": [{"skuId": "0001"}], "value": [{"skuId": AZURE_SKU_ID}],
} }
] ]
@ -411,7 +412,7 @@ class AzureCloudProvider(CloudProviderInterface):
"Authorization": f"Bearer {sp_token}", "Authorization": f"Bearer {sp_token}",
} }
url = f"https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles/{payload.billing_profile_name}?api-version=2019-10-01-preview" url = f"{self.sdk.cloud.endpoints.resource_manager}/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles/{payload.billing_profile_name}?api-version=2019-10-01-preview"
result = self.sdk.requests.patch( result = self.sdk.requests.patch(
url, headers=request_headers, json=request_body url, headers=request_headers, json=request_body
@ -465,7 +466,7 @@ class AzureCloudProvider(CloudProviderInterface):
} }
} }
url = f"https://management.azure.com/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles/{payload.billing_profile_name}/instructions/{payload.initial_task_order_id}:CLIN00{payload.initial_clin_type}?api-version=2019-10-01-preview" url = f"{self.sdk.cloud.endpoints.resource_manager}/providers/Microsoft.Billing/billingAccounts/{payload.billing_account_name}/billingProfiles/{payload.billing_profile_name}/instructions/{payload.initial_task_order_id}:CLIN00{payload.initial_clin_type}?api-version=2019-10-01-preview"
auth_header = { auth_header = {
"Authorization": f"Bearer {sp_token}", "Authorization": f"Bearer {sp_token}",
@ -567,17 +568,13 @@ class AzureCloudProvider(CloudProviderInterface):
client_id = creds.get("client_id") client_id = creds.get("client_id")
secret_key = creds.get("secret_key") secret_key = creds.get("secret_key")
# TODO: Make endpoints consts or configs
authentication_endpoint = "https://login.microsoftonline.com/"
resource = "https://management.azure.com/"
context = self.sdk.adal.AuthenticationContext( context = self.sdk.adal.AuthenticationContext(
authentication_endpoint + home_tenant_id f"{self.sdk.cloud.endpoints.active_directory}/{home_tenant_id}"
) )
# TODO: handle failure states here # TODO: handle failure states here
token_response = context.acquire_token_with_client_credentials( token_response = context.acquire_token_with_client_credentials(
resource, client_id, secret_key self.sdk.cloud.endpoints.resource_manager, client_id, secret_key
) )
return token_response.get("accessToken", None) return token_response.get("accessToken", None)

10
tests/mock_azure.py
View File

@ -72,9 +72,14 @@ def mock_secrets():
return Mock(spec=secrets) return Mock(spec=secrets)
def mock_cloud_details():
from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
return AZURE_PUBLIC_CLOUD
class MockAzureSDK(object): class MockAzureSDK(object):
def __init__(self): def __init__(self):
from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
self.subscription = mock_subscription() self.subscription = mock_subscription()
self.authorization = mock_authorization() self.authorization = mock_authorization()
@ -86,8 +91,7 @@ class MockAzureSDK(object):
self.policy = mock_policy() self.policy = mock_policy()
self.secrets = mock_secrets() self.secrets = mock_secrets()
self.requests = mock_requests() self.requests = mock_requests()
# may change to a JEDI cloud self.cloud = mock_cloud_details()
self.cloud = AZURE_PUBLIC_CLOUD
@pytest.fixture(scope="function") @pytest.fixture(scope="function")