Config Refactor Part 2 - Change Opt Param Names & Set File Expiry (#2835)

* Remove Old Optional Parameters and Hardcoded Values.

* Set file to expire.

* Adding expiry.

* test sleep

* Tested expiry.

* Set expirty to 24hrs.

* Syntax error.

* Formatting.

* Changing optional.

* Adding new params.

* Removing arguments.

* Removing arguments.

* Changing param names.

* Update params.

Author: nharper285

src/ApiService/ApiService/Functions/Config.cs

@@ -24,7 +24,8 @@ public async Async.Task<HttpResponseData> Get(HttpRequestData req) {
         var endpointParams = new ConfigResponse(
                 Authority: _context.ServiceConfiguration.Authority,
                 ClientId: _context.ServiceConfiguration.CliAppId,
-                TenantDomain: _context.ServiceConfiguration.TenantDomain);
+                TenantDomain: _context.ServiceConfiguration.TenantDomain,
+                MultiTenantDomain: _context.ServiceConfiguration.MultiTenantDomain);
 
         var response = req.CreateResponse(HttpStatusCode.OK);
         await response.WriteAsJsonAsync(endpointParams);

src/ApiService/ApiService/OneFuzzTypes/Responses.cs

@@ -162,7 +162,8 @@ public static ScalesetResponse ForScaleset(Scaleset s, bool includeAuth)
 public record ConfigResponse(
     string? Authority,
     string? ClientId,
-    string? TenantDomain
+    string? TenantDomain,
+    string? MultiTenantDomain
 ) : BaseResponse();
 
 public class BaseResponseConverter : JsonConverter<BaseResponse> {

src/cli/examples/azure-functions-example/info/__init__.py

@@ -12,8 +12,8 @@ def main(req: func.HttpRequest) -> func.HttpResponse:
     o = Onefuzz()
     o.config(
         endpoint=os.environ.get("ONEFUZZ_ENDPOINT"),
-        authority=os.environ.get("ONEFUZZ_AUTHORITY"),
-        client_id=os.environ.get("ONEFUZZ_CLIENT_ID"),
+        override_authority=os.environ.get("ONEFUZZ_AUTHORITY"),
+        override_client_id=os.environ.get("ONEFUZZ_CLIENT_ID"),
     )
     info = o.info.get()
     return func.HttpResponse(info.json())

src/cli/onefuzz/api.py

@@ -1896,10 +1896,10 @@ def login(self) -> str:
     def config(
         self,
         endpoint: Optional[str] = None,
-        authority: Optional[str] = None,
-        client_id: Optional[str] = None,
+        override_authority: Optional[str] = None,
+        override_client_id: Optional[str] = None,
+        override_tenant_domain: Optional[str] = None,
         enable_feature: Optional[PreviewFeature] = None,
-        tenant_domain: Optional[str] = None,
         reset: Optional[bool] = None,
     ) -> BackendConfig:
         """Configure onefuzz CLI"""
@@ -1924,14 +1924,14 @@ def config(
                     "Missing HTTP Authentication"
                 )
             self._backend.config.endpoint = endpoint
-        if authority is not None:
-            self._backend.config.authority = authority
-        if client_id is not None:
-            self._backend.config.client_id = client_id
+        if override_authority is not None:
+            self._backend.config.authority = override_authority
+        if override_client_id is not None:
+            self._backend.config.client_id = override_client_id
         if enable_feature:
             self._backend.enable_feature(enable_feature.name)
-        if tenant_domain is not None:
-            self._backend.config.tenant_domain = tenant_domain
+        if override_tenant_domain is not None:
+            self._backend.config.tenant_domain = override_tenant_domain
         self._backend.app = None
         self._backend.save_config()
 

src/cli/onefuzz/backend.py

@@ -12,6 +12,7 @@
 import tempfile
 import time
 from dataclasses import asdict, is_dataclass
+from datetime import datetime, timedelta
 from enum import Enum
 from typing import (
     Any,
@@ -97,6 +98,7 @@ class BackendConfig(BaseModel):
     endpoint: Optional[str]
     features: Set[str] = Field(default_factory=set)
     tenant_domain: str
+    expires_on: datetime = datetime.utcnow() + timedelta(hours=24)
 
     def get_multi_tenant_domain(self) -> Optional[str]:
         if "https://login.microsoftonline.com/common" in self.authority:
@@ -326,7 +328,6 @@ def config_params(
 
         response = self.session.request("GET", endpoint + "/api/config")
 
-        logging.debug(response.json())
         endpoint_params = responses.Config.parse_obj(response.json())
 
         # Will override values in storage w/ provided values for SP use
@@ -352,6 +353,13 @@ def request(
         if not endpoint:
             raise Exception("endpoint not configured")
 
+        # If file expires, remove and force user to reset
+        if datetime.utcnow() > self.config.expires_on:
+            os.remove(self.config_path)
+            self.config = BackendConfig(
+                endpoint=endpoint, authority="", client_id="", tenant_domain=""
+            )
+
         url = endpoint + "/api/" + path
 
         if self.config.client_id == "" or (

src/deployment/config.json

@@ -1,8 +1,8 @@
 {
-    "tenant_id": "72f988bf-86f1-41af-91ab-2d7cd011db47",
-    "tenant_domain": "azurewebsites.net",
+    "tenant_id": "",
+    "tenant_domain": "",
     "multi_tenant_domain": "",
-    "cli_client_id": "72f1562a-8c0c-41ea-beb9-fa2b71c80134",
+    "cli_client_id": "",
     "proxy_nsg_config": {
         "allowed_ips": [
             "*"

src/deployment/deploy.py

@@ -147,12 +147,10 @@ def __init__(
         create_registration: bool,
         migrations: List[str],
         export_appinsights: bool,
-        multi_tenant_domain: str,
         upgrade: bool,
         subscription_id: Optional[str],
         admins: List[UUID],
         allowed_aad_tenants: List[UUID],
-        cli_app_id: str,
         auto_create_cli_app: bool,
         host_dotnet_on_windows: bool,
         enable_profiler: bool,
@@ -169,7 +167,6 @@ def __init__(
         self.instance_specific = instance_specific
         self.third_party = third_party
         self.create_registration = create_registration
-        self.multi_tenant_domain = multi_tenant_domain
         self.custom_domain = custom_domain
         self.upgrade = upgrade
         self.results: Dict = {
@@ -183,16 +180,17 @@ def __init__(
 
         self.arm_template = bicep_to_arm(bicep_template)
 
-        self.cli_app_id = cli_app_id
         self.auto_create_cli_app = auto_create_cli_app
         self.host_dotnet_on_windows = host_dotnet_on_windows
         self.enable_profiler = enable_profiler
 
         self.rules: List[NsgRule] = []
 
+        self.cli_app_id = ""
+        self.authority = ""
         self.tenant_id = ""
         self.tenant_domain = ""
-        self.authority = ""
+        self.multi_tenant_domain = ""
 
         self.cli_config: Dict[str, Union[str, UUID]] = {
             "client_id": "",
@@ -1268,12 +1266,6 @@ def main() -> None:
         action="store_true",
         help="enable appinsight log export",
     )
-    parser.add_argument(
-        "--multi_tenant_domain",
-        type=str,
-        default="",
-        help="enable multi-tenant authentication with this tenant domain",
-    )
     parser.add_argument(
         "--subscription_id",
         type=str,
@@ -1295,12 +1287,6 @@ def main() -> None:
         nargs="*",
         help="Set additional AAD tenants beyond the tenant the app is deployed in",
     )
-    parser.add_argument(
-        "--cli_app_id",
-        type=str,
-        default="",
-        help="CLI App Registration to be used during deployment.",
-    )
     parser.add_argument(
         "--auto_create_cli_app",
         action="store_true",
@@ -1348,12 +1334,10 @@ def main() -> None:
         create_registration=args.create_pool_registration,
         migrations=args.apply_migrations,
         export_appinsights=args.export_appinsights,
-        multi_tenant_domain=args.multi_tenant_domain,
         upgrade=args.upgrade,
         subscription_id=args.subscription_id,
         admins=args.set_admins,
         allowed_aad_tenants=args.allowed_aad_tenants or [],
-        cli_app_id=args.cli_app_id,
         auto_create_cli_app=args.auto_create_cli_app,
         host_dotnet_on_windows=args.host_dotnet_on_windows,
         enable_profiler=args.enable_profiler,

src/pytypes/onefuzztypes/responses.py

@@ -56,6 +56,7 @@ class Config(BaseResponse):
     authority: str
     client_id: str
     tenant_domain: str
+    multi_tenant_domain: Optional[str]
 
 
 class ContainerInfoBase(BaseResponse):