Microsoft usgov support (#27025)

https://jira-hq.paloaltonetworks.local/browse/CIAC-818 Adding support for All Azure clouds in Azure Key Vault, Azure Sentinel, Azure Kubernetes Service Adding support for all endpoints in Microsoft Defender for Endpoints
demisto · Jun 20, 2023 · db1ebc1 · db1ebc1
1 parent 1077ec7
commit db1ebc1
Show file tree

Hide file tree

Showing 40 changed files with 2,720 additions and 809 deletions.
diff --git a/Packs/ApiModules/.secrets-ignore b/Packs/ApiModules/.secrets-ignore
@@ -1766,4 +1766,11 @@ dummy2@gmail.com
 dummy3@gmail.com
 dummy4@gmail.com
 dummy5@gmail.com
-user1@dummy.com
+user1@dummy.com
+https://gallery.azure.com
+https://management.core.windows.net
+https://portal.azure.cn
+https://portal.azure.com
+https://portal.azure.us
+https://vault.azure.cn
+https://vault.azure.net
diff --git a/Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule.py b/Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule.py
diff --git a/Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule.yml b/Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule.yml
@@ -13,7 +13,7 @@ system: true
 scripttarget: 0
 dependson: {}
 timeout: 0s
-dockerimage: demisto/crypto:1.0.0.52480
+dockerimage: demisto/crypto:1.0.0.61689
 fromversion: 5.0.0
 tests:
 - No test
diff --git a/Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule_test.py b/Packs/ApiModules/Scripts/MicrosoftApiModule/MicrosoftApiModule_test.py
@@ -127,10 +127,8 @@ def test_page_not_found_error(mocker):
     mocker.patch.object(BaseClient, '_http_request', return_value=error_404)
     mocker.patch.object(client, 'get_access_token')
 
-    try:
+    with pytest.raises(NotFoundError):
         client.http_request()
-    except Exception as e:  # Validate that a `NotFoundError` was raised
-        assert type(e).__name__ == 'NotFoundError'
 
 
 def test_epoch_seconds(mocker):
@@ -394,8 +392,8 @@ def test_self_deployed_multi_resource(requests_mock, resource):
     assert client.resource_to_access_token[resource] == TOKEN
 
 
-@pytest.mark.parametrize('endpoint', ['com', 'gcc-high', 'dod', 'de', 'cn'])
-def test_national_endpoints(mocker, endpoint):
+@pytest.mark.parametrize('azure_cloud_name', ['com', 'gcc', 'gcc-high', 'dod', 'de', 'cn'])
+def test_national_endpoints(mocker, azure_cloud_name):
     """
     Given:
         self-deployed client
@@ -408,14 +406,14 @@ def test_national_endpoints(mocker, endpoint):
     auth_id = f'{AUTH_ID}@{TOKEN_URL}'
     enc_key = ENC_KEY
     app_name = APP_NAME
-    base_url = BASE_URL
     ok_codes = OK_CODES
+    azure_cloud = AZURE_CLOUDS[azure_cloud_name]
     client = MicrosoftClient(self_deployed=True, auth_id=auth_id, enc_key=enc_key, app_name=app_name,
-                             tenant_id=tenant_id, base_url=base_url, verify=True, proxy=False, ok_codes=ok_codes,
-                             endpoint=endpoint)
+                             tenant_id=tenant_id, verify=True, proxy=False, ok_codes=ok_codes,
+                             azure_cloud=azure_cloud)
 
-    assert client.azure_ad_endpoint == TOKEN_RETRIEVAL_ENDPOINTS[endpoint]
-    assert client.scope == f'{GRAPH_ENDPOINTS[endpoint]}/.default'
+    assert client.azure_ad_endpoint == TOKEN_RETRIEVAL_ENDPOINTS[client.azure_cloud.abbreviation]
+    assert client.scope == f'{GRAPH_ENDPOINTS[client.azure_cloud.abbreviation]}/.default'
 
 
 def test_retry_on_rate_limit(requests_mock, mocker):
@@ -483,11 +481,8 @@ def test_fail_on_retry_on_rate_limit(requests_mock, mocker):
     mocker.patch.object(sys, 'exit')
     mocker.patch.object(demisto, 'callingContext', {'context': {'ExecutedCommands': [{'moduleBrand': 'msgraph'}]}})
 
-    try:
+    with pytest.raises(DemistoException, match=r'Rate limit reached!'):
         client.http_request(method='GET', url_suffix='test_id')
-        assert False
-    except DemistoException as err:
-        assert 'Rate limit reached!' in err.args[0]['content']
 
 
 def test_rate_limit_when_retry_is_false(requests_mock):
@@ -510,11 +505,8 @@ def test_rate_limit_when_retry_is_false(requests_mock):
         json={'content': "Rate limit reached!"}
     )
 
-    try:
+    with pytest.raises(DemistoException, match="Error in API call \[429\]"):
         client.http_request(method='GET', url_suffix='test_id')
-        assert False
-    except DemistoException as err:
-        assert 'Error in API call [429]' in err.args[0]
 
 
 @pytest.mark.parametrize('response, result', [
@@ -556,13 +548,11 @@ def test_general_error_metrics(requests_mock, mocker):
     mocker.patch.object(demisto, 'command', return_value='testing_command')
     mocker.patch.object(demisto, 'results')
 
-    try:
+    with pytest.raises(DemistoException):
         client.http_request(method='GET', url_suffix='test_id')
-        assert False
-    except DemistoException:
-        metric_results = demisto.results.call_args_list[0][0][0]
-        assert metric_results.get('Contents') == 'Metrics reported successfully.'
-        assert metric_results.get('APIExecutionMetrics') == [{'Type': 'GeneralError', 'APICallsCount': 1}]
+    metric_results = demisto.results.call_args_list[0][0][0]
+    assert metric_results.get('Contents') == 'Metrics reported successfully.'
+    assert metric_results.get('APIExecutionMetrics') == [{'Type': 'GeneralError', 'APICallsCount': 1}]
 
 
 @pytest.mark.parametrize(argnames='client_id', argvalues=['test_client_id', None])

diff --git a/Packs/AzureKeyVault/.pack-ignore b/Packs/AzureKeyVault/.pack-ignore
@@ -3,3 +3,79 @@ ignore=IM111
 
 [file:AzureKeyVault.yml]
 ignore=IN145
+
+[known_words]
+AQAB
+Azur
+Boolean
+CN
+D
+Encipherment
+Endpoints
+Issuers
+K
+Purgeable
+Rbac
+URLs
+UTC
+VM
+Vaul
+XXX
+XXXX
+XXXXX
+XXXXXX
+aa
+australiacentral
+australiaeast
+australiasoutheast
+br
+brazilsouth
+canadacentral
+canadaeast
+centralindia
+centralus
+deleteissuers
+deletesas
+eastasia
+eastus
+ekus
+exportable
+francecentral
+germanywestcentral
+getissuers
+getsas
+gt
+ifica
+japaneast
+japanwest
+jioindiawest
+koreacentral
+kty
+listissuers
+listsas
+managecontacts
+manageissuers
+nbf
+northcentralus
+northeurope
+norwayeast
+readonly
+regeneratekey
+setissuers
+setsas
+southafricanorth
+southcentralus
+southeastasia
+southindia
+switzerlandnorth
+t
+uaenorth
+uksouth
+ukwest
+westcentralus
+westeurope
+westindia
+westus
+x
+GCC
+n
diff --git a/Packs/AzureKeyVault/.secrets-ignore b/Packs/AzureKeyVault/.secrets-ignore
@@ -10,4 +10,11 @@ https://xsoar-test-285.vault.azure.net
 "https://xsoar-test-265.vault.azure.net
 1.3.6.1
 5.5.7.3
-https://portal.azure.com
+https://portal.azure.com
+https://gallery.azure.com
+https://management.core.windows.net
+https://portal.azure.cn
+https://portal.azure.com
+https://portal.azure.us
+https://vault.azure.cn
+https://vault.azure.net