Task order uploads and downloads were broken. Uploads were broken
because file content was eing read in as plaintext every time, resulting
in encoding issues. I updated the bundle to use the newer Azure JS SDK.
We can now use a method for uploading browser files directly without
having to read their content. This required a few small internal changes
to the upload component, since the response structure is different.
I also removed the `downloadUrl` method from the JS uploader since it
was not being used.
Downloads were broken because the method that generates the download
link was not updated to use the BlobSasPermissions class from the
updated Azure Python SDK.
This method is added to the Azure cloud interface. We need to set the
AAD user's alternate email, which is a subsequent PATCH call to the API.
These two calls are handled with a single interface method and payload
because ATAT would never create a user without an associated email.
This commit also:
- Expands internal method for getting principal tokens so that it can be
scoped to different resources.
- Retains the tenant domain name in the portfolios.csp_data column
because ATAT needs that information for provisioning users via API.
Like claim_for_update, the claim_many_for_update claims resources with
an expiring lock. This was written to allow the updating of multiple
application roles with a single cloud_id, since multiple application
roles will map to a single Azure Active Directory user.
This adds a query method to return the IDs of the application roles that
should be provisioned as users in Azure. We will provision one Azure
Active Directory user per ATAT user in a portfolio, meaning that one AAD
user might correspond to multiple application roles under a single
portfolio. The query method returns IDs in a nested list grouped by
portfolio and user because of this.
add method for getting app roles that are pending creation
update application_roles query to group by portfolio
check for user existing and role status correct when filtering ApplicationRole for creation
Adds cloud_id and claimed_until columns to the application_roles table
so that rows can be locked when they're being processed and updated with
relevant Azure information when processing is finished. Since the
claimed_until column is now common to a few different models, I've also
moved it to a mixin.
Renames Python classes that refer to Upload to something to FileService.
We added this change because these classes now handle downloading as
well as uploading.
This is a temporary fix to avoid spending too much time trying to use app.config variables in a Form class field descriptions and labels. This is tech debt and should be fixed in the future.
This fixes a bug I introduced with commit
6edc7b138b0745d0b3f9d99da76c445fe954c5a7
The value for SESSION_COOKIE_SECURE was being read in as a truthy string
every time. In order for it to be interpreted correctly, we need to map
it to a boolean.
Currently the create call will be consumed by on-demand requests from the frontend, and the 2 stage create will be used by the enviroment management group provisioning to verify an initial subscription was created.
In some functions, we redirect a user based on a parameter in a query
string. This commit adds a function that checks to see if a given url
matches a url pattern of a view function. This will help us ensure that
the url passed as the next parameter isn't malicious.
The tenant ID should be hashed and used as the key for the JSON blob of
relevant creds for any given tenant. Azure CSP interface methods that
need to source creds should call the internal `_source_creds` method,
either with a `tenant_id` or no parameters. That method will source the
creds. If a tenant ID is provided, it will source them from the Key
Vault. If not provided, it will return the default creds for the app
registration in the home tenant.
