Skip to content

Commit 38efe91

Browse files
author
Hanzhang Zeng (Roger)
authored
Merge pull request #4585 from Hazhzeng/hazeng-pr1-gettoken
Add admin/host/token endpoint
2 parents 634ae0e + 103f3ce commit 38efe91

File tree

2 files changed

+65
-0
lines changed

2 files changed

+65
-0
lines changed

src/WebJobs.Script.WebHost/Controllers/HostController.cs

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
using Microsoft.Azure.WebJobs.Script.WebHost.Filters;
2020
using Microsoft.Azure.WebJobs.Script.WebHost.Management;
2121
using Microsoft.Azure.WebJobs.Script.WebHost.Models;
22+
using Microsoft.Azure.WebJobs.Script.WebHost.Security;
2223
using Microsoft.Azure.WebJobs.Script.WebHost.Security.Authorization;
2324
using Microsoft.Azure.WebJobs.Script.WebHost.Security.Authorization.Policies;
2425
using Microsoft.Extensions.Logging;
@@ -229,6 +230,28 @@ public async Task<IActionResult> SetState([FromBody] string state)
229230
return Accepted();
230231
}
231232

233+
/// <summary>
234+
/// This endpoint generates a temporary x-ms-site-restricted-token for core tool
235+
/// to access KuduLite zipdeploy endpoint in Linux Consumption
236+
/// </summary>
237+
/// <returns>
238+
/// 200 on token generated
239+
/// 400 on non-Linux container environment
240+
/// </returns>
241+
[HttpGet]
242+
[Route("admin/host/token")]
243+
[Authorize(Policy = PolicyNames.AdminAuthLevel)]
244+
public IActionResult GetAdminToken()
245+
{
246+
if (!_environment.IsLinuxContainerEnvironment())
247+
{
248+
return BadRequest("Endpoint is only available when running in Linux Container");
249+
}
250+
251+
string requestHeaderToken = SimpleWebTokenHelper.CreateToken(DateTime.UtcNow.AddMinutes(5));
252+
return Ok(requestHeaderToken);
253+
}
254+
232255
[AcceptVerbs("GET", "POST", "DELETE")]
233256
[Authorize(AuthenticationSchemes = AuthLevelAuthenticationDefaults.AuthenticationScheme)]
234257
[Route("runtime/webhooks/{name}/{*extra}")]

test/WebJobs.Script.Tests/Controllers/Admin/HostControllerTests.cs

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@
44
using System.IO;
55
using System.Net;
66
using System.Threading.Tasks;
7+
using Microsoft.AspNetCore.Authentication;
78
using Microsoft.AspNetCore.Authorization;
89
using Microsoft.AspNetCore.Mvc;
910
using Microsoft.Azure.WebJobs.Script.WebHost.Controllers;
1011
using Microsoft.Azure.WebJobs.Script.WebHost.Management;
12+
using Microsoft.Azure.WebJobs.Script.WebHost.Security;
1113
using Microsoft.Extensions.Logging;
1214
using Microsoft.Extensions.Options;
1315
using Microsoft.WebJobs.Script.Tests;
@@ -90,5 +92,45 @@ public async Task SetState_Succeeds(string desiredState, ScriptHostState current
9092
Assert.False(fileExists);
9193
}
9294
}
95+
96+
[Fact]
97+
public void GetAdminToken_Succeeds()
98+
{
99+
// Arrange
100+
_mockEnvironment.Setup(p => p.GetEnvironmentVariable(It.Is<string>(k => k == EnvironmentSettingNames.ContainerName))).Returns<string>(v => v = "ContainerName");
101+
102+
var key = TestHelpers.GenerateKeyBytes();
103+
var stringKey = TestHelpers.GenerateKeyHexString(key);
104+
using (new TestScopedEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, stringKey))
105+
{
106+
// Act
107+
ObjectResult result = (ObjectResult)_hostController.GetAdminToken();
108+
HttpStatusCode resultStatus = (HttpStatusCode)result.StatusCode;
109+
string token = (string)result.Value;
110+
111+
// Assert
112+
Assert.Equal(HttpStatusCode.OK, resultStatus);
113+
Assert.True(SimpleWebTokenHelper.ValidateToken(token, new SystemClock()));
114+
}
115+
}
116+
117+
[Fact]
118+
public void GetAdminToken_Fails_NotLinuxContainer()
119+
{
120+
// Arrange
121+
_mockEnvironment.Setup(p => p.GetEnvironmentVariable(It.Is<string>(k => k == EnvironmentSettingNames.ContainerName))).Returns<string>(v => v = null);
122+
123+
var key = TestHelpers.GenerateKeyBytes();
124+
var stringKey = TestHelpers.GenerateKeyHexString(key);
125+
using (new TestScopedEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, stringKey))
126+
{
127+
// Act
128+
ObjectResult result = (ObjectResult)_hostController.GetAdminToken();
129+
HttpStatusCode resultStatus = (HttpStatusCode)result.StatusCode;
130+
131+
// Assert
132+
Assert.Equal(HttpStatusCode.BadRequest, resultStatus);
133+
}
134+
}
93135
}
94136
}

0 commit comments

Comments
 (0)