Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Storing secrets in azure keyvault #326

Merged
merged 66 commits into from
Jan 25, 2021
Merged

Conversation

chkeita
Copy link
Contributor

@chkeita chkeita commented Nov 18, 2020

No description provided.

@chkeita chkeita changed the title [WIP] Storing secrets in azure keyvault Storing secrets in azure keyvault Nov 30, 2020
@chkeita chkeita marked this pull request as ready for review November 30, 2020 18:54
@bmc-msft bmc-msft linked an issue Nov 30, 2020 that may be closed by this pull request
@chkeita chkeita mentioned this pull request Dec 1, 2020
5 tasks
@bmc-msft
Copy link
Contributor

bmc-msft commented Dec 1, 2020

Should we hold off on reviewing this while you're working on #349?

@chkeita
Copy link
Contributor Author

chkeita commented Dec 1, 2020

Should we hold off on reviewing this while you're working on #349?

yes i will convert this back into a draft to avoid any confusions

@chkeita chkeita self-assigned this Dec 1, 2020
@chkeita chkeita marked this pull request as draft December 1, 2020 17:30
src/pytypes/onefuzztypes/models.py Show resolved Hide resolved
src/pytypes/onefuzztypes/models.py Show resolved Hide resolved
src/pytypes/onefuzztypes/models.py Show resolved Hide resolved
src/pytypes/onefuzztypes/models.py Outdated Show resolved Hide resolved
src/pytypes/onefuzztypes/models.py Outdated Show resolved Hide resolved
src/api-service/__app__/onefuzzlib/secrets.py Show resolved Hide resolved
src/api-service/__app__/onefuzzlib/secrets.py Show resolved Hide resolved
src/api-service/__app__/onefuzzlib/secrets.py Show resolved Hide resolved
src/api-service/__app__/onefuzzlib/secrets.py Show resolved Hide resolved
src/api-service/__app__/onefuzzlib/secrets.py Outdated Show resolved Hide resolved
@bmc-msft
Copy link
Contributor

Testing with Teams integration results in the following error:

Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Exception while executing function: Functions.queue_file_changes
 ---> Microsoft.Azure.WebJobs.Script.Workers.Rpc.RpcException: Result: Failure
Exception: AttributeError: 'str' object has no attribute 'value'
Stack:   File "/azure-functions-host/workers/python/3.7/LINUX/X64/azure_functions_worker/dispatcher.py", line 357, in _handle__invocation_request
    self.__run_sync_func, invocation_id, fi.func, args)
  File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/azure-functions-host/workers/python/3.7/LINUX/X64/azure_functions_worker/dispatcher.py", line 542, in __run_sync_func
    return func(**params)
  File "/home/site/wwwroot/queue_file_changes/__init__.py", line 34, in main
    file_added(event)
  File "/home/site/wwwroot/queue_file_changes/__init__.py", line 22, in file_added
    new_files(container, path)
  File "/home/site/wwwroot/onefuzzlib/notifications/main.py", line 138, in new_files
    notify_teams(notification.config, container, filename, report)
  File "/home/site/wwwroot/onefuzzlib/notifications/teams.py", line 130, in notify_teams
    send_teams_webhook(config, title, facts, text)
  File "/home/site/wwwroot/onefuzzlib/notifications/teams.py", line 50, in send_teams_webhook
    config_url = get_secret_string_value(config.url)
  File "/home/site/wwwroot/onefuzzlib/secrets.py", line 39, in get_secret_string_value
    return cast(str, secret.value)

My notification config is:

[
    {
        "config": {
            "url": {
                "secret": {
                    "url": "https://INSTANCE_NAME_HERE.vault.azure.net/secrets/3b26a03b-cb51-4722-9ad4-fa94f9ee8c7c/1833f0a96d504574b8b614a69f6c57c1"
                }
            }
        },
        "container": "oft-unique-reports-fc60e3f7cb2f58a692e7ee189f6d113c",
        "notification_id": "479ed0b4-473c-4501-aba1-99f21372ff02"
    }
]

@bmc-msft bmc-msft merged commit 3f2883d into microsoft:main Jan 25, 2021
ghost pushed a commit that referenced this pull request Jan 25, 2021
@chkeita chkeita deleted the chkeita/49 branch March 31, 2021 21:53
@ghost ghost locked as resolved and limited conversation to collaborators May 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Move to registered secrets in keyvault for 3rd-party integrations
3 participants