Skip to content

Commit

Permalink
Removed FF calls causing instability in during VMSS configuration (#4750
Browse files Browse the repository at this point in the history
)

* wip

* cleanup

* fix
  • Loading branch information
merlynomsft authored Apr 9, 2024
1 parent a3d9127 commit b34a9c3
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 10 deletions.
38 changes: 28 additions & 10 deletions src/Agent.Listener/Configuration/ConfigurationManager.cs
Original file line number Diff line number Diff line change
Expand Up @@ -120,13 +120,13 @@ public async Task ConfigureAsync(CommandSettings command)
break;
case PlatformUtil.OS.Windows:
// Warn and continue if .NET 4.6 is not installed.
#pragma warning disable CA1416 // SupportedOSPlatformGuard not honored on enum members
#pragma warning disable CA1416 // SupportedOSPlatformGuard not honored on enum members
if (!NetFrameworkUtil.Test(new Version(4, 6), Trace))
{
WriteSection(StringUtil.Loc("PrerequisitesSectionHeader")); // Section header.
_term.WriteLine(StringUtil.Loc("MinimumNetFrameworkTfvc")); // Warning.
}
#pragma warning restore CA1416
#pragma warning restore CA1416

break;
default:
Expand Down Expand Up @@ -180,16 +180,34 @@ public async Task ConfigureAsync(CommandSettings command)
_term.WriteError(StringUtil.Loc("FailedToConnect"));
}
}

// We want to use the native CSP of the platform for storage, so we use the RSACSP directly

bool rsaKeyGetConfigFromFF = global::Agent.Sdk.Knob.AgentKnobs.RsaKeyGetConfigFromFF.GetValue(UtilKnobValueContext.Instance()).AsBoolean();

RSAParameters publicKey;
var keyManager = HostContext.GetService<IRSAKeyManager>();
var ffResult = await keyManager.GetStoreAgentTokenInNamedContainerFF(HostContext, Trace, agentSettings, creds);
var enableAgentKeyStoreInNamedContainer = ffResult.useNamedContainer;
var useCng = ffResult.useCng;
using (var rsa = keyManager.CreateKey(enableAgentKeyStoreInNamedContainer, useCng))

if (rsaKeyGetConfigFromFF)
{
// We want to use the native CSP of the platform for storage, so we use the RSACSP directly
var keyManager = HostContext.GetService<IRSAKeyManager>();
var ffResult = await keyManager.GetStoreAgentTokenInNamedContainerFF(HostContext, Trace, agentSettings, creds);
var enableAgentKeyStoreInNamedContainer = ffResult.useNamedContainer;
var useCng = ffResult.useCng;
using (var rsa = keyManager.CreateKey(enableAgentKeyStoreInNamedContainer, useCng))
{
publicKey = rsa.ExportParameters(false);
}
}
else
{
publicKey = rsa.ExportParameters(false);
// We want to use the native CSP of the platform for storage, so we use the RSACSP directly
var keyManager = HostContext.GetService<IRSAKeyManager>();
var result = keyManager.GetStoreAgentTokenConfig();
var enableAgentKeyStoreInNamedContainer = result.useNamedContainer;
var useCng = result.useCng;
using (var rsa = keyManager.CreateKey(enableAgentKeyStoreInNamedContainer, useCng))
{
publicKey = rsa.ExportParameters(false);
}
}

// Loop getting agent name and pool name
Expand Down
8 changes: 8 additions & 0 deletions src/Agent.Listener/Configuration/IRSAKeyManager.cs
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,14 @@ public static class IRSAKeyManagerExtensions

return (enableAgentKeyStoreInNamedContainerFF, useCngFF);
}

public static (bool useNamedContainer, bool useCng) GetStoreAgentTokenConfig(this IRSAKeyManager _)
{
var useNamedContainer = AgentKnobs.StoreAgentKeyInCSPContainer.GetValue(UtilKnobValueContext.Instance()).AsBoolean();
var useCng = AgentKnobs.AgentKeyUseCng.GetValue(UtilKnobValueContext.Instance()).AsBoolean();

return (useNamedContainer, useCng);
}
}

// Newtonsoft 10 is not working properly with dotnet RSAParameters class
Expand Down
6 changes: 6 additions & 0 deletions src/Agent.Sdk/Knob/AgentKnobs.cs
Original file line number Diff line number Diff line change
Expand Up @@ -663,5 +663,11 @@ public class AgentKnobs
new RuntimeKnobSource("AZP_AGENT_USE_INTEROP_TO_FIND_PARENT_PROCESS"),
new EnvironmentKnobSource("AZP_AGENT_USE_INTEROP_TO_FIND_PARENT_PROCESS"),
new BuiltInDefaultKnobSource("false"));

public static readonly Knob RsaKeyGetConfigFromFF = new Knob(
nameof(RsaKeyGetConfigFromFF),
"Get config from FF.",
new EnvironmentKnobSource("RSAKEYGETCONFIGFROMFF"),
new BuiltInDefaultKnobSource("false"));
}
}

0 comments on commit b34a9c3

Please sign in to comment.