Remove creds from payloads and passthroughs.
This commit is contained in:
parent
475ceaed7c
commit
7bf6b9addc
@ -86,7 +86,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
|
||||
def set_secret(self, secret_key, secret_value):
|
||||
credential = self._get_client_secret_credential_obj({})
|
||||
secret_client = self.secrets.SecretClient(
|
||||
secret_client = self.sdk.secrets.SecretClient(
|
||||
vault_url=self.vault_url, credential=credential,
|
||||
)
|
||||
try:
|
||||
@ -99,7 +99,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
|
||||
def get_secret(self, secret_key):
|
||||
credential = self._get_client_secret_credential_obj({})
|
||||
secret_client = self.secrets.SecretClient(
|
||||
secret_client = self.sdk.secrets.SecretClient(
|
||||
vault_url=self.vault_url, credential=credential,
|
||||
)
|
||||
try:
|
||||
@ -288,7 +288,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
)
|
||||
|
||||
def create_tenant(self, payload: TenantCSPPayload):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
if sp_token is None:
|
||||
raise AuthenticationException("Could not resolve token for tenant creation")
|
||||
payload.password = token_urlsafe(16)
|
||||
@ -318,7 +318,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
def create_billing_profile_creation(
|
||||
self, payload: BillingProfileCreationCSPPayload
|
||||
):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
if sp_token is None:
|
||||
raise AuthenticationException(
|
||||
"Could not resolve token for billing profile creation"
|
||||
@ -350,7 +350,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
def create_billing_profile_verification(
|
||||
self, payload: BillingProfileVerificationCSPPayload
|
||||
):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
if sp_token is None:
|
||||
raise AuthenticationException(
|
||||
"Could not resolve token for billing profile validation"
|
||||
@ -375,7 +375,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
def create_billing_profile_tenant_access(
|
||||
self, payload: BillingProfileTenantAccessCSPPayload
|
||||
):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
request_body = {
|
||||
"properties": {
|
||||
"principalTenantId": payload.tenant_id, # from tenant creation
|
||||
@ -399,7 +399,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
def create_task_order_billing_creation(
|
||||
self, payload: TaskOrderBillingCreationCSPPayload
|
||||
):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
request_body = [
|
||||
{
|
||||
"op": "replace",
|
||||
@ -429,7 +429,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
def create_task_order_billing_verification(
|
||||
self, payload: TaskOrderBillingVerificationCSPPayload
|
||||
):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
if sp_token is None:
|
||||
raise AuthenticationException(
|
||||
"Could not resolve token for task order billing validation"
|
||||
@ -452,7 +452,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
return self._error(result.json())
|
||||
|
||||
def create_billing_instruction(self, payload: BillingInstructionCSPPayload):
|
||||
sp_token = self._get_sp_token(payload.creds)
|
||||
sp_token = self.get_root_provisioning_token()
|
||||
if sp_token is None:
|
||||
raise AuthenticationException(
|
||||
"Could not resolve token for task order billing validation"
|
||||
@ -563,13 +563,20 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
if sub_id_match:
|
||||
return sub_id_match.group(1)
|
||||
|
||||
def get_tenant_principal_token(self, tenant_id):
|
||||
creds = self.get_secret(tenant_id)
|
||||
return self._get_sp_token(creds)
|
||||
|
||||
def get_root_provisioning_token(self):
|
||||
return self._get_sp_token(self._root_creds)
|
||||
|
||||
def _get_sp_token(self, creds):
|
||||
home_tenant_id = creds.get("home_tenant_id")
|
||||
tenant_id = creds.get("tenant_id")
|
||||
client_id = creds.get("client_id")
|
||||
secret_key = creds.get("secret_key")
|
||||
|
||||
context = self.sdk.adal.AuthenticationContext(
|
||||
f"{self.sdk.cloud.endpoints.active_directory}/{home_tenant_id}"
|
||||
f"{self.sdk.cloud.endpoints.active_directory}/{tenant_id}"
|
||||
)
|
||||
|
||||
# TODO: handle failure states here
|
||||
|
@ -20,20 +20,10 @@ class AliasModel(BaseModel):
|
||||
|
||||
|
||||
class BaseCSPPayload(AliasModel):
|
||||
# {"username": "mock-cloud", "pass": "shh"}
|
||||
creds: Dict
|
||||
|
||||
def dict(self, *args, **kwargs):
|
||||
exclude = {"creds"}
|
||||
if "exclude" not in kwargs:
|
||||
kwargs["exclude"] = exclude
|
||||
else:
|
||||
kwargs["exclude"].update(exclude)
|
||||
|
||||
return super().dict(*args, **kwargs)
|
||||
tenant_id: str
|
||||
|
||||
|
||||
class TenantCSPPayload(BaseCSPPayload):
|
||||
class TenantCSPPayload(AliasModel):
|
||||
user_id: str
|
||||
password: Optional[str]
|
||||
domain_name: str
|
||||
@ -232,3 +222,4 @@ class BillingInstructionCSPResult(AliasModel):
|
||||
fields = {
|
||||
"reported_clin_name": "name",
|
||||
}
|
||||
|
||||
|
@ -22,11 +22,6 @@ from atst.domain.csp.cloud.models import (
|
||||
TenantCSPResult,
|
||||
)
|
||||
|
||||
creds = {
|
||||
"home_tenant_id": "tenant_id",
|
||||
"client_id": "client_id",
|
||||
"secret_key": "secret_key",
|
||||
}
|
||||
BILLING_ACCOUNT_NAME = "52865e4c-52e8-5a6c-da6b-c58f0814f06f:7ea5de9d-b8ce-4901-b1c5-d864320c7b03_2019-05-31"
|
||||
|
||||
|
||||
@ -146,7 +141,7 @@ def test_create_tenant(mock_azure: AzureCloudProvider):
|
||||
mock_azure.sdk.requests.post.return_value = mock_result
|
||||
payload = TenantCSPPayload(
|
||||
**dict(
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
user_id="admin",
|
||||
password="JediJan13$coot", # pragma: allowlist secret
|
||||
domain_name="jediccpospawnedtenant2",
|
||||
@ -183,7 +178,6 @@ def test_create_billing_profile_creation(mock_azure: AzureCloudProvider):
|
||||
country="US",
|
||||
postal_code="19109",
|
||||
),
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
billing_profile_display_name="Test Billing Profile",
|
||||
billing_account_name=BILLING_ACCOUNT_NAME,
|
||||
@ -234,7 +228,7 @@ def test_validate_billing_profile_creation(mock_azure: AzureCloudProvider):
|
||||
|
||||
payload = BillingProfileVerificationCSPPayload(
|
||||
**dict(
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
billing_profile_verify_url="https://management.azure.com/providers/Microsoft.Billing/billingAccounts/7c89b735-b22b-55c0-ab5a-c624843e8bf6:de4416ce-acc6-44b1-8122-c87c4e903c91_2019-05-31/operationResults/createBillingProfile_478d5706-71f9-4a8b-8d4e-2cbaca27a668?api-version=2019-10-01-preview",
|
||||
)
|
||||
)
|
||||
@ -273,7 +267,6 @@ def test_create_billing_profile_tenant_access(mock_azure: AzureCloudProvider):
|
||||
|
||||
payload = BillingProfileTenantAccessCSPPayload(
|
||||
**dict(
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
user_object_id="0a5f4926-e3ee-4f47-a6e3-8b0a30a40e3d",
|
||||
billing_account_name="7c89b735-b22b-55c0-ab5a-c624843e8bf6:de4416ce-acc6-44b1-8122-c87c4e903c91_2019-05-31",
|
||||
@ -305,7 +298,7 @@ def test_create_task_order_billing_creation(mock_azure: AzureCloudProvider):
|
||||
|
||||
payload = TaskOrderBillingCreationCSPPayload(
|
||||
**dict(
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
billing_account_name="7c89b735-b22b-55c0-ab5a-c624843e8bf6:de4416ce-acc6-44b1-8122-c87c4e903c91_2019-05-31",
|
||||
billing_profile_name="KQWI-W2SU-BG7-TGB",
|
||||
)
|
||||
@ -365,7 +358,7 @@ def test_create_task_order_billing_verification(mock_azure):
|
||||
|
||||
payload = TaskOrderBillingVerificationCSPPayload(
|
||||
**dict(
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
task_order_billing_verify_url="https://management.azure.com/providers/Microsoft.Billing/billingAccounts/7c89b735-b22b-55c0-ab5a-c624843e8bf6:de4416ce-acc6-44b1-8122-c87c4e903c91_2019-05-31/operationResults/createBillingProfile_478d5706-71f9-4a8b-8d4e-2cbaca27a668?api-version=2019-10-01-preview",
|
||||
)
|
||||
)
|
||||
@ -400,7 +393,7 @@ def test_create_billing_instruction(mock_azure: AzureCloudProvider):
|
||||
|
||||
payload = BillingInstructionCSPPayload(
|
||||
**dict(
|
||||
creds=creds,
|
||||
tenant_id="60ff9d34-82bf-4f21-b565-308ef0533435",
|
||||
initial_clin_amount=1000.00,
|
||||
initial_clin_start_date="2020/1/1",
|
||||
initial_clin_end_date="2020/3/1",
|
||||
@ -413,3 +406,4 @@ def test_create_billing_instruction(mock_azure: AzureCloudProvider):
|
||||
result = mock_azure.create_billing_instruction(payload)
|
||||
body: BillingInstructionCSPResult = result.get("body")
|
||||
assert body.reported_clin_name == "TO1:CLIN001"
|
||||
|
||||
|
@ -106,8 +106,6 @@ def test_fsm_transition_start(mock_cloud_provider, portfolio: Portfolio):
|
||||
FSMStates.BILLING_INSTRUCTION_CREATED,
|
||||
]
|
||||
|
||||
# Should source all creds for portfolio? might be easier to manage than per-step specific ones
|
||||
creds = {"username": "mock-cloud", "password": "shh"} # pragma: allowlist secret
|
||||
if portfolio.csp_data is not None:
|
||||
csp_data = portfolio.csp_data
|
||||
else:
|
||||
@ -150,7 +148,7 @@ def test_fsm_transition_start(mock_cloud_provider, portfolio: Portfolio):
|
||||
collected_data = dict(
|
||||
list(csp_data.items()) + list(portfolio_data.items()) + list(config.items())
|
||||
)
|
||||
sm.trigger_next_transition(creds=creds, csp_data=collected_data)
|
||||
sm.trigger_next_transition(csp_data=collected_data)
|
||||
assert sm.state == expected_state
|
||||
if portfolio.csp_data is not None:
|
||||
csp_data = portfolio.csp_data
|
||||
|
@ -48,6 +48,12 @@ def mock_credentials():
|
||||
return Mock(spec=credentials)
|
||||
|
||||
|
||||
def mock_identity():
|
||||
import azure.identity as identity
|
||||
|
||||
return Mock(spec=identity)
|
||||
|
||||
|
||||
def mock_policy():
|
||||
from azure.mgmt.resource import policy
|
||||
|
||||
@ -88,6 +94,7 @@ class MockAzureSDK(object):
|
||||
self.managementgroups = mock_managementgroups()
|
||||
self.graphrbac = mock_graphrbac()
|
||||
self.credentials = mock_credentials()
|
||||
self.identity = mock_identity()
|
||||
self.policy = mock_policy()
|
||||
self.secrets = mock_secrets()
|
||||
self.requests = mock_requests()
|
||||
|
Loading…
x
Reference in New Issue
Block a user