-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added builders and builds resource type api specifications #23697
Added builders and builds resource type api specifications #23697
Conversation
Hi, @pauld-msft Thanks for your PR. I am workflow bot for review process. Here are some small tips. Any feedback about review process or workflow bot, pls contact swagger and tools team. [email protected] |
Swagger Validation Report
|
Swagger Generation Artifacts
|
Generated ApiView
|
Hi, @pauld-msft your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board([email protected]). |
Hi @pauld-msft, Your PR has some issues. Please fix the CI sequentially by following the order of
|
Hi @pauld-msft, one or multiple validation error/warning suppression(s) is detected in your PR. Please follow the Swagger-Suppression-Process to get approval. |
Swagger Validation Report
|
compared tags (via openapi-validator v2.1.1) | new version | base version |
---|---|---|
package-preview-2023-05 | package-preview-2023-05(fdc34f4) | package-preview-2023-05(release-app-Microsoft.App-2023-05-01-preview) |
[must fix]The following errors/warnings are introduced by current PR:
Rule | Message | Related RPC [For API reviewers] |
---|---|---|
LroErrorContent |
Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.App/preview/2023-05-01-preview/Builders.json#L222 |
|
LroErrorContent |
Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.App/preview/2023-05-01-preview/Builders.json#L290 |
|
LroErrorContent |
Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.App/preview/2023-05-01-preview/Builders.json#L349 |
|
LroErrorContent |
Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.App/preview/2023-05-01-preview/Builds.json#L213 |
|
LroErrorContent |
Error response content of long running operations must follow the error schema provided in the common types v2 and above. Location: Microsoft.App/preview/2023-05-01-preview/Builds.json#L285 |
|
200 response schema in long running DELETE operation is missing ProvisioningState property. A LRO DELETE operations 200 response schema must have ProvisioningState specified. Location: Microsoft.App/preview/2023-05-01-preview/Builders.json#L332 |
||
200 response schema in long running DELETE operation is missing ProvisioningState property. A LRO DELETE operations 200 response schema must have ProvisioningState specified. Location: Microsoft.App/preview/2023-05-01-preview/Builds.json#L268 |
️️✔️
Avocado succeeded [Detail] [Expand]
Validation passes for Avocado.
️️✔️
SwaggerAPIView succeeded [Detail] [Expand]
️️✔️
CadlAPIView succeeded [Detail] [Expand]
️️✔️
TypeSpecAPIView succeeded [Detail] [Expand]
️️✔️
ModelValidation succeeded [Detail] [Expand]
Validation passes for ModelValidation.
️️✔️
SemanticValidation succeeded [Detail] [Expand]
Validation passes for SemanticValidation.
️️✔️
PrettierCheck succeeded [Detail] [Expand]
Validation passes for PrettierCheck.
️️✔️
SpellCheck succeeded [Detail] [Expand]
Validation passes for SpellCheck.
️️✔️
CadlValidation succeeded [Detail] [Expand]
Validation passes for CadlValidation.
️️✔️
TypeSpec Validation succeeded [Detail] [Expand]
Validation passes for TypeSpec Validation.
️️✔️
PR Summary succeeded [Detail] [Expand]
Validation passes for Summary.
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builders.json
Show resolved
Hide resolved
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builds.json
Show resolved
Hide resolved
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builds.json
Show resolved
Hide resolved
}, | ||
"description": "List of custom commands to run." | ||
}, | ||
"httpGet": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please confirm this GET isn't made with your first party app's identity. Also, be very careful about following redirects, allowing localhost, and other server-side request forgery type attack vectors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I can confirm that. This GET will be made from within the container app that is identified by the buildComputeId
. As this is created through ARM in the customer's subscription, we will not have any sensitive data / 1PA information in it.
The request will be formatted like curl -o {fileName} -H {header1} -H {header2} {url}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. They will likely be able to make requests against the IMDS endpoint that resides inside the container app. Since this is a resource they own that likely isn't a problem but something that needs to be kept in mind. https://learn.microsoft.com/en-us/azure/container-apps/managed-identity?tabs=cli%2Chttp#rest-endpoint-reference
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The IMDS endpoint is not available inside a Container App. SSRF is something we need to consider though; @pauld-msft as long as the Build Container App runs in the same end-user context as any other Container App AND we're not sending any sensitive values in the request (secrets, keys, tokens..) then it shouldn't be a problem (it would be no different than a user deploying their own Container App that makes HTTP requests).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vturecek this is part of the build configuration / pre-build stesps that the user provides. So the user would provide the values that create the http get request. Which means that we wouldn't be sending any sensitive values unless the customer decided to do so
Please ensure to respond feedbacks from the ARM API reviewer. When you are ready to continue the ARM API review, please remove |
@Wzb123456789 @weidongxu-microsoft would one of you be able to approve this pull request so that it can be merged? |
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builders.json
Outdated
Show resolved
Hide resolved
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builds.json
Outdated
Show resolved
Hide resolved
…example containerApps to jobs to represent latest design
I've updated this pr based on feedback. Is there anything else that I need to do before this can be approved and merged @Wzb123456789 @weidongxu-microsoft @kazrael2119 ? |
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builders.json
Outdated
Show resolved
Hide resolved
specification/app/resource-manager/Microsoft.App/preview/2023-05-01-preview/Builders.json
Show resolved
Hide resolved
LintDiff failing due to a https://github.com/Azure/azure-openapi-validator/blob/main/docs/lro-error-response.md validation that I assume was introduced in the We are not using the common error response for these new resources to promote consistency with the rest of the Microsoft.App RP, as it also doesn't use the common-types error. |
OK, I've skip that LroErrorContent for now. However I assume yours should be compatible with that in common-types and may consider a swtich. |
f6c24a1
into
release-app-Microsoft.App-2023-05-01-preview
ARM API Information (Control Plane)
MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.
Azure 1st Party Service can try out the Shift Left experience to initiate API design review from ADO code repo. If you are interested, may request engineering support by filling in with the form https://aka.ms/ShiftLeftSupportForm.
Changelog
Add a changelog entry for this PR by answering the following questions:
End of June
Mid-June
OK
Contribution checklist (MS Employees Only):
If any further question about AME onboarding or validation tools, please view the FAQ.
ARM API Review Checklist
Otherwise your PR may be subject to ARM review requirements. Complete the following:
Check this box if any of the following apply to the PR so that the label "ARMReview" and "WaitForARMFeedback" will be added by bot to kick off ARM API Review. Missing to check this box in the following scenario may result in delays to the ARM manifest review and deployment.
-[x] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits. You can use OpenAPIHub to initialize the PR for adding a new version. For more details refer to the wiki.
Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.
If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
Breaking Change Review Checklist
If you have any breaking changes as defined in the Breaking Change Policy, request approval from the Breaking Change Review Board.
Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Additional details on the process and office hours are on the Breaking Change Wiki.
NOTE: To update API(s) in public preview for over 1 year (refer to Retirement of Previews)
Please follow the link to find more details on PR review process.