def main(req: func.HttpRequest) -> func.HttpResponse: logging.info("Python HTTP trigger function processed a request.") o = Onefuzz() o.config( endpoint=os.environ.get("ONEFUZZ_ENDPOINT"), authority=os.environ.get("ONEFUZZ_AUTHORITY"), client_id=os.environ.get("ONEFUZZ_CLIENT_ID"), ) info = o.info.get() return func.HttpResponse(info.json())
class APIRestrictionTests: def __init__(self, resource_group: str = None, onefuzz_config_path: str = None) -> None: self.onefuzz = Onefuzz(config_path=onefuzz_config_path) self.intial_config = self.onefuzz.instance_config.get() self.instance_name = urlparse( self.onefuzz.config().endpoint).netloc.split(".")[0] if resource_group: self.resource_group = resource_group else: self.resource_group = self.instance_name def restore_config(self) -> None: self.onefuzz.instance_config.update(self.intial_config) def assign(self, group_id: UUID, member_id: UUID) -> None: instance_config = self.onefuzz.instance_config.get() if instance_config.group_membership is None: instance_config.group_membership = {} if member_id not in instance_config.group_membership: instance_config.group_membership[member_id] = [] if group_id not in instance_config.group_membership[member_id]: instance_config.group_membership[member_id].append(group_id) self.onefuzz.instance_config.update(instance_config) def assign_current_user(self, group_id: UUID) -> None: onefuzz_service_appId = az_cli([ "ad", "signed-in-user", "show", ]) member_id = UUID(onefuzz_service_appId["objectId"]) print(f"adding user {member_id}") self.assign(group_id, member_id) def test_restriction_on_current_user(self) -> None: print("Checking that the current user can get jobs") self.onefuzz.jobs.list() print("Creating test group") group_id = uuid.uuid4() print("Adding restriction to the jobs endpoint") instance_config = self.onefuzz.instance_config.get() if instance_config.api_access_rules is None: instance_config.api_access_rules = {} instance_config.api_access_rules["/api/jobs"] = ApiAccessRule( allowed_groups=[group_id], methods=["GET"], ) self.onefuzz.instance_config.update(instance_config) restart_instance(self.instance_name, self.resource_group) time.sleep(20) print("Checking that the current user cannot get jobs") try: self.onefuzz.jobs.list() failed = False except Exception: failed = True pass if not failed: raise Exception("Current user was able to get jobs") print("Assigning current user to test group") self.assign_current_user(group_id) restart_instance(self.instance_name, self.resource_group) time.sleep(20) print("Checking that the current user can get jobs") self.onefuzz.jobs.list()