nagworld9
commented
3 months ago changes LGTM, I don't know how to validate JIT flow though
Closed narrieta closed 3 months ago
nagworld9
commented
3 months ago changes LGTM, I don't know how to validate JIT flow though
nagworld9
commented
3 months ago qq @narrieta how do you able to pass this condition in update.py? This condition never true due to GoalStateInconsistentError?
while not self._try_update_goal_state(protocol):Discussed offline, changes looks good
Extensions with protected settings and JIT requests are both broken under FIPS 140-3.
The fix for extensions requires fixes on other Azure components, including CRP, Fabric and the Extensions themselves. The corresponding fixes in the Agent will be addressed along with those.
Fixing JIT requests is a lot simpler, though, since it only involves changing the cipher user for RemoteAccess requests. This PR does that. The PR also includes a fix in protocol detection caused by the mentioned issues in Extensions (more details are given in the code).