forked from superfunhappytime/ARO-RP
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Migrate RP from Azure AD Graph to Microsoft Graph (Azure#1970)
* go.mod: Add github.com/microsoftgraph/msgraph-sdk-go
* azureclient: Add NewGraphServiceClient
Creates a GraphServiceClient with scope and graph endpoint set
appropriately for the cloud environment (public or US government).
* pkg/util/graph: Add GetServicePrincipalIDByAppID
* armhelper: Use MS Graph to obtain service principal ID
* armhelper: Remove unused authorizer parameter
* Use MS Graph endpoint to validate service principal
I don't think it matters for the purpose of validation, but the
AD Graph endpoint is nearing its end-of-life.
* pkg/cluster: Use MS Graph to obtain service principal ID
* pkg/util/cluster: Use MS Graph to create and delete clusters
* Pretty-print OData errors from MS Graph
To aid debugging failed MS Graph requests.
MS Graph's top-level APIError message is hard-coded and only says
"error status code received from the API". Further details have
to be extracted from the "ODataErrorable" interface type.
* azureclient: Remove ActiveDirectoryGraphScope
No longer used.
* Remove pkg/util/azureclient/graphrbac
No longer used.
* pipelines: Run CodeQL analysis for Go on 1ES Hosted Pool
Vendoring the Microsoft Graph SDK for Go causes memory consumption
during CodeQL analysis to double due to its enormous API surface,
putting it well beyond the memory limit of standard GitHub Action
runners.
I inquired with the Azure organization admins about provisioning
larger GitHub runners, but was directed instead to use the 1ES
Hosted Pool which runs our other CI checks. Since ARO controls
the VM type for Hosted Pool agents, we can use a VM type with
adequate memory for CodeQL analysis with the Graph SDK.
Note: Implemented CodeQL commands in a template in case we
ever decide to move Javascript or Python analysis to
1ES Hosted Pool as well.- Loading branch information
1 parent
ca05657
commit 703dbad
Showing
10,374 changed files
with
1,326,042 additions
and
12,109 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| parameters: | ||
| - name: language | ||
| type: string | ||
| values: | ||
| # Based on "codeql resolve languages" | ||
| - cpp | ||
| - csharp | ||
| - csv | ||
| - go | ||
| - html | ||
| - java | ||
| - javascript | ||
| - properties | ||
| - python | ||
| - ruby | ||
| - xml | ||
| - name: target | ||
| type: string | ||
| default: host | ||
| - name: github_token | ||
| type: string | ||
|
|
||
| # Based on "Use CodeQL in CI system" documentation: | ||
| # https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system | ||
| steps: | ||
| - script: | | ||
| set -xe | ||
| sarif_file=codeql-results-${{ parameters.language }}.sarif | ||
| wget --quiet --output-document=- https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.gz | tar --extract --gunzip | ||
| ./codeql/codeql database create ./codeql-db --language=${{ parameters.language }} | ||
| ./codeql/codeql database analyze ./codeql-db --format=sarif-latest --sarif-category=no --output=${sarif_file} | ||
| ./codeql/codeql github upload-results --sarif=${sarif_file} --ref=$(Build.SourceBranch) | ||
| env: | ||
| GITHUB_TOKEN: ${{ parameters.github_token }} | ||
| displayName: ⚙️ CodeQL Analysis (${{ parameters.language }}) | ||
| target: ${{ parameters.target }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.