Include all Azure config in the INI file.
Adds all the new config items to the INI file and adjusts some naming conventions so that these values sort together. Also adds defaults for some values where they're known.
This commit is contained in:
parent
ece4b20bcf
commit
b754f1384f
@ -3,7 +3,7 @@
|
||||
"files": "^.secrets.baseline$|^.*pgsslrootcert.yml$",
|
||||
"lines": null
|
||||
},
|
||||
"generated_at": "2020-01-27T19:24:43Z",
|
||||
"generated_at": "2020-02-04T21:00:49Z",
|
||||
"plugins_used": [
|
||||
{
|
||||
"base64_limit": 4.5,
|
||||
@ -82,7 +82,7 @@
|
||||
"hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
|
||||
"is_secret": false,
|
||||
"is_verified": false,
|
||||
"line_number": 32,
|
||||
"line_number": 43,
|
||||
"type": "Secret Keyword"
|
||||
}
|
||||
],
|
||||
|
@ -97,10 +97,14 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
self.secret_key = config["AZURE_SECRET_KEY"]
|
||||
self.tenant_id = config["AZURE_TENANT_ID"]
|
||||
self.vault_url = config["AZURE_VAULT_URL"]
|
||||
self.ps_client_id = config["POWERSHELL_CLIENT_ID"]
|
||||
self.owner_role_def_id = config["AZURE_OWNER_ROLE_DEF_ID"]
|
||||
self.ps_client_id = config["AZURE_POWERSHELL_CLIENT_ID"]
|
||||
self.graph_resource = config["AZURE_GRAPH_RESOURCE"]
|
||||
self.default_aadp_qty = config["AZURE_AADP_QTY"]
|
||||
self.roles = {
|
||||
"owner": config["AZURE_ROLE_DEF_ID_OWNER"],
|
||||
"contributor": config["AZURE_ROLE_DEF_ID_CONTRIBUTOR"],
|
||||
"billing": config["AZURE_ROLE_DEF_ID_BILLING_READER"],
|
||||
}
|
||||
|
||||
if azure_sdk_provider is None:
|
||||
self.sdk = AzureSDKProvider()
|
||||
@ -602,7 +606,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
def create_tenant_admin_ownership(self, payload: TenantAdminOwnershipCSPPayload):
|
||||
mgmt_token = self._get_elevated_management_token(payload.tenant_id)
|
||||
|
||||
role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.owner_role_def_id}"
|
||||
role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.roles['owner']}"
|
||||
|
||||
request_body = {
|
||||
"properties": {
|
||||
@ -630,7 +634,7 @@ class AzureCloudProvider(CloudProviderInterface):
|
||||
mgmt_token = self._get_elevated_management_token(payload.tenant_id)
|
||||
|
||||
# NOTE: the tenant_id is also the id of the root management group, once it is created
|
||||
role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.owner_role_def_id}"
|
||||
role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.roles['owner']}"
|
||||
|
||||
request_body = {
|
||||
"properties": {
|
||||
|
@ -1,9 +1,19 @@
|
||||
[default]
|
||||
ASSETS_URL
|
||||
AZURE_AADP_QTY=5
|
||||
AZURE_ACCOUNT_NAME
|
||||
AZURE_STORAGE_KEY
|
||||
AZURE_TO_BUCKET_NAME
|
||||
AZURE_CLIENT_ID
|
||||
AZURE_GRAPH_RESOURCE="https://graph.microsoft.com/"
|
||||
AZURE_POLICY_LOCATION=policies
|
||||
AZURE_POWERSHELL_CLIENT_ID
|
||||
AZURE_ROLE_DEF_ID_BILLING_READER="fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64"
|
||||
AZURE_ROLE_DEF_ID_CONTRIBUTOR="b24988ac-6180-42a0-ab88-20f7382dd24c"
|
||||
AZURE_ROLE_DEF_ID_OWNER="8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
|
||||
AZURE_SECRET_KEY
|
||||
AZURE_STORAGE_KEY
|
||||
AZURE_TENANT_ID
|
||||
AZURE_TO_BUCKET_NAME
|
||||
AZURE_VAULT_URL
|
||||
BLOB_STORAGE_URL=http://localhost:8000/
|
||||
CAC_URL = http://localhost:8000/login-redirect
|
||||
CA_CHAIN = ssl/server-certs/ca-chain.pem
|
||||
@ -42,10 +52,10 @@ REDIS_TLS=False
|
||||
REDIS_USER
|
||||
SECRET_KEY = change_me_into_something_secret
|
||||
SERVER_NAME
|
||||
SESSION_COOKIE_NAME=atat
|
||||
SESSION_COOKIE_DOMAIN
|
||||
SESSION_KEY_PREFIX=session:
|
||||
SESSION_COOKIE_NAME=atat
|
||||
SESSION_COOKIE_SECURE=false
|
||||
SESSION_KEY_PREFIX=session:
|
||||
SESSION_TYPE = redis
|
||||
SESSION_USE_SIGNER = True
|
||||
SQLALCHEMY_ECHO = False
|
||||
|
@ -9,8 +9,10 @@ AZURE_CONFIG = {
|
||||
"AZURE_TENANT_ID": "MOCK",
|
||||
"AZURE_POLICY_LOCATION": "policies",
|
||||
"AZURE_VAULT_URL": "http://vault",
|
||||
"POWERSHELL_CLIENT_ID": "MOCK",
|
||||
"AZURE_OWNER_ROLE_DEF_ID": "MOCK",
|
||||
"AZURE_POWERSHELL_CLIENT_ID": "MOCK",
|
||||
"AZURE_ROLE_DEF_ID_OWNER": "MOCK",
|
||||
"AZURE_ROLE_DEF_ID_CONTRIBUTOR": "MOCK",
|
||||
"AZURE_ROLE_DEF_ID_BILLING_READER": "MOCK",
|
||||
"AZURE_GRAPH_RESOURCE": "MOCK",
|
||||
"AZURE_AADP_QTY": 5,
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user