From 339dd69e2475954657ae76fe83110f4b3a7c5c97 Mon Sep 17 00:00:00 2001 From: nnandigam Date: Wed, 5 Jun 2024 14:30:01 -0700 Subject: [PATCH 1/3] SNI auth --- tests_e2e/tests/lib/network_security_rule.py | 6 +++--- tests_e2e/tests/lib/update_arm_template.py | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests_e2e/tests/lib/network_security_rule.py b/tests_e2e/tests/lib/network_security_rule.py index 8df51b204..81a574e40 100644 --- a/tests_e2e/tests/lib/network_security_rule.py +++ b/tests_e2e/tests/lib/network_security_rule.py @@ -55,7 +55,7 @@ def add_security_rule(self, security_rule: Dict[str, Any]) -> None: self._get_network_security_group()["properties"]["securityRules"].append(security_rule) def _get_network_security_group(self) -> Dict[str, Any]: - resources: List[Dict[str, Any]] = self._template["resources"] + resources: Dict[str, Dict[str, Any]] = self._template["resources"] # # If the NSG already exists, just return it # @@ -76,14 +76,14 @@ def _get_network_security_group(self) -> Dict[str, Any]: "securityRules": [] }} }}""") - resources.append(network_security_group) + nsg_reference = "network_security_groups" + resources[nsg_reference] = network_security_group # # Add a dependency on the NSG to the virtual network # network_resource = UpdateArmTemplate.get_resource(resources, "Microsoft.Network/virtualNetworks") network_resource_dependencies = network_resource.get("dependsOn") - nsg_reference = f"[resourceId('Microsoft.Network/networkSecurityGroups', '{self._NETWORK_SECURITY_GROUP}')]" if network_resource_dependencies is None: network_resource["dependsOn"] = [nsg_reference] else: diff --git a/tests_e2e/tests/lib/update_arm_template.py b/tests_e2e/tests/lib/update_arm_template.py index 010178ab9..2fc1b0980 100644 --- a/tests_e2e/tests/lib/update_arm_template.py +++ b/tests_e2e/tests/lib/update_arm_template.py @@ -16,7 +16,7 @@ # from abc import ABC, abstractmethod -from typing import Any, Dict, List +from typing import Any, Dict class UpdateArmTemplate(ABC): @@ -32,25 +32,25 @@ def update(self, template: Dict[str, Any], is_lisa_template: bool) -> None: """ @staticmethod - def get_resource(resources: List[Dict[str, Any]], type_name: str) -> Any: + def get_resource(resources: Dict[str, Dict[str, Any]], type_name: str) -> Any: """ Returns the first resource of the specified type in the given 'resources' list. Raises KeyError if no resource of the specified type is found. """ - for item in resources: + for item in resources.values(): if item["type"] == type_name: return item raise KeyError(f"Cannot find a resource of type {type_name} in the ARM template") @staticmethod - def get_resource_by_name(resources: List[Dict[str, Any]], resource_name: str, type_name: str) -> Any: + def get_resource_by_name(resources: Dict[str, Dict[str, Any]], resource_name: str, type_name: str) -> Any: """ Returns the first resource of the specified type and name in the given 'resources' list. Raises KeyError if no resource of the specified type and name is found. """ - for item in resources: + for item in resources.values(): if item["type"] == type_name and item["name"] == resource_name: return item raise KeyError(f"Cannot find a resource {resource_name} of type {type_name} in the ARM template") From 905f76b56c3b77dd97681a801585cb4f5d2e6977 Mon Sep 17 00:00:00 2001 From: Nageswara Nandigam Date: Wed, 5 Jun 2024 16:21:40 -0700 Subject: [PATCH 2/3] new env var --- tests_e2e/orchestrator/docker/Dockerfile | 2 +- tests_e2e/pipeline/scripts/execute_tests.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tests_e2e/orchestrator/docker/Dockerfile b/tests_e2e/orchestrator/docker/Dockerfile index 597e57418..219c9b869 100644 --- a/tests_e2e/orchestrator/docker/Dockerfile +++ b/tests_e2e/orchestrator/docker/Dockerfile @@ -67,7 +67,7 @@ RUN \ cd $HOME && \ git clone https://github.com/microsoft/lisa.git && \ cd lisa && \ - git checkout 2c16e32001fdefb9572dff61241451b648259dbf && \ + git checkout 95c09ff7d5b6e71d1642a628607ac9bb441c69f5 && \ \ python3 -m pip install --upgrade pip && \ python3 -m pip install --editable .[azure,libvirt] --config-settings editable_mode=compat && \ diff --git a/tests_e2e/pipeline/scripts/execute_tests.sh b/tests_e2e/pipeline/scripts/execute_tests.sh index 37716ec49..6c751d6a7 100755 --- a/tests_e2e/pipeline/scripts/execute_tests.sh +++ b/tests_e2e/pipeline/scripts/execute_tests.sh @@ -74,6 +74,8 @@ IP_ADDRESS=$(curl -4 ifconfig.io/ip) # certificate location in the container AZURE_CLIENT_CERTIFICATE_PATH="/home/waagent/app/cert.pem" +# Need to set this to True if we sue SNI based authentication for certificate +AZURE_CLIENT_SEND_CERTIFICATE_CHAIN="True" docker run --rm \ --volume "$BUILD_SOURCESDIRECTORY:/home/waagent/WALinuxAgent" \ @@ -83,6 +85,7 @@ docker run --rm \ --env AZURE_CLIENT_ID \ --env AZURE_TENANT_ID \ --env AZURE_CLIENT_CERTIFICATE_PATH=$AZURE_CLIENT_CERTIFICATE_PATH \ + --env AZURE_CLIENT_SEND_CERTIFICATE_CHAIN=$AZURE_CLIENT_SEND_CERTIFICATE_CHAIN \ waagenttests.azurecr.io/waagenttests \ bash --login -c \ "lisa \ From 423be8e24baf0ae9e7786feccbf4aa4a47ea4b48 Mon Sep 17 00:00:00 2001 From: Nageswara Nandigam Date: Wed, 5 Jun 2024 16:52:36 -0700 Subject: [PATCH 3/3] pylint --- tests_e2e/tests/lib/network_security_rule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests_e2e/tests/lib/network_security_rule.py b/tests_e2e/tests/lib/network_security_rule.py index 81a574e40..d2f67d19c 100644 --- a/tests_e2e/tests/lib/network_security_rule.py +++ b/tests_e2e/tests/lib/network_security_rule.py @@ -17,7 +17,7 @@ import json -from typing import Any, Dict, List +from typing import Any, Dict from tests_e2e.tests.lib.update_arm_template import UpdateArmTemplate