def find_subscriptions_on_login(self,
interactive,
username,
password,
is_service_principal,
tenant,
allow_no_subscriptions=False,
subscription_finder=None):
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscriptions = []
if not subscription_finder:
subscription_finder = SubscriptionFinder(
self.cli_ctx, self.auth_ctx_factory,
self._creds_cache.adal_token_cache)
if interactive:
subscriptions = subscription_finder.find_through_interactive_flow(
tenant, self._ad_resource_uri)
else:
if is_service_principal:
if not tenant:
raise CLIError('Please supply tenant using "--tenant"')
sp_auth = ServicePrincipalAuth(password)
subscriptions = subscription_finder.find_from_service_principal_id(
username, sp_auth, tenant, self._ad_resource_uri)
else:
subscriptions = subscription_finder.find_from_user_account(
username, password, tenant, self._ad_resource_uri)
if not allow_no_subscriptions and not subscriptions:
raise CLIError(
"No subscriptions were found for '{}'. If this is expected, use "
"'--allow-no-subscriptions' to have tenant level accesses".
format(username))
if is_service_principal:
self._creds_cache.save_service_principal_cred(
sp_auth.get_entry_to_persist(username, tenant))
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
if allow_no_subscriptions:
t_list = [s.tenant_id for s in subscriptions]
bare_tenants = [
t for t in subscription_finder.tenants if t not in t_list
]
profile = Profile(cli_ctx=self.cli_ctx)
subscriptions = profile._build_tenant_level_accounts(bare_tenants) # pylint: disable=protected-access
if not subscriptions:
return []
consolidated = self._normalize_properties(subscription_finder.user_id,
subscriptions,
is_service_principal)
self._set_subscriptions(consolidated)
# use deepcopy as we don't want to persist these changes to file.
return deepcopy(consolidated)
def refresh_accounts(self, subscription_finder=None):
subscriptions = self.load_cached_subscriptions()
to_refresh = subscriptions
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscription_finder = subscription_finder or SubscriptionFinder(
self.cli_ctx, self.auth_ctx_factory,
self._creds_cache.adal_token_cache)
refreshed_list = set()
result = []
for s in to_refresh:
user_name = s[_USER_ENTITY][_USER_NAME]
if user_name in refreshed_list:
continue
refreshed_list.add(user_name)
is_service_principal = (
s[_USER_ENTITY][_USER_TYPE] == _SERVICE_PRINCIPAL)
tenant = s[_TENANT_ID]
subscriptions = []
try:
if is_service_principal:
sp_auth = ServicePrincipalAuth(
self._creds_cache.retrieve_secret_of_service_principal(
user_name))
subscriptions = subscription_finder.find_from_service_principal_id(
user_name, sp_auth, tenant, self._ad_resource_uri)
else:
subscriptions = subscription_finder.find_from_user_account(
user_name, None, None, self._ad_resource_uri)
except Exception as ex: # pylint: disable=broad-except
logger.warning(
"Refreshing for '%s' failed with an error '%s'. The existing accounts were not "
"modified. You can run 'az login' later to explictly refresh them",
user_name, ex)
result += deepcopy([
r for r in to_refresh
if r[_USER_ENTITY][_USER_NAME] == user_name
])
continue
if not subscriptions:
if s[_SUBSCRIPTION_NAME] == _TENANT_LEVEL_ACCOUNT_NAME:
subscriptions = self._build_tenant_level_accounts(
[s[_TENANT_ID]])
if not subscriptions:
continue
consolidated = self._normalize_properties(
subscription_finder.user_id, subscriptions,
is_service_principal)
result += consolidated
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
self._set_subscriptions(result, merge=False)
def find_subscriptions_on_login(self,
interactive,
username,
password,
is_service_principal,
tenant,
allow_no_subscriptions=False,
subscription_finder=None):
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscriptions = []
if not subscription_finder:
subscription_finder = SubscriptionFinder(self.cli_ctx,
self.auth_ctx_factory,
self._creds_cache.adal_token_cache)
if interactive:
subscriptions = subscription_finder.find_through_interactive_flow(
tenant, self._ad_resource_uri)
else:
if is_service_principal:
if not tenant:
raise CLIError('Please supply tenant using "--tenant"')
sp_auth = ServicePrincipalAuth(password)
subscriptions = subscription_finder.find_from_service_principal_id(
username, sp_auth, tenant, self._ad_resource_uri)
else:
subscriptions = subscription_finder.find_from_user_account(
username, password, tenant, self._ad_resource_uri)
if not allow_no_subscriptions and not subscriptions:
raise CLIError("No subscriptions were found for '{}'. If this is expected, use "
"'--allow-no-subscriptions' to have tenant level accesses".format(
username))
if is_service_principal:
self._creds_cache.save_service_principal_cred(sp_auth.get_entry_to_persist(username,
tenant))
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
if allow_no_subscriptions:
t_list = [s.tenant_id for s in subscriptions]
bare_tenants = [t for t in subscription_finder.tenants if t not in t_list]
profile = Profile(cli_ctx=self.cli_ctx)
subscriptions = profile._build_tenant_level_accounts(bare_tenants) # pylint: disable=protected-access
if not subscriptions:
return []
consolidated = self._normalize_properties(subscription_finder.user_id, subscriptions, is_service_principal)
self._set_subscriptions(consolidated)
# use deepcopy as we don't want to persist these changes to file.
return deepcopy(consolidated)
def refresh_accounts(self, subscription_finder=None):
subscriptions = self.load_cached_subscriptions()
to_refresh = [s for s in subscriptions if not s[_SUBSCRIPTION_NAME].startswith(_MSI_ACCOUNT_NAME)]
not_to_refresh = [s for s in subscriptions if s not in to_refresh]
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscription_finder = subscription_finder or SubscriptionFinder(self.auth_ctx_factory,
self._creds_cache.adal_token_cache)
refreshed_list = set()
result = []
for s in to_refresh:
user_name = s[_USER_ENTITY][_USER_NAME]
if user_name in refreshed_list:
continue
refreshed_list.add(user_name)
is_service_principal = (s[_USER_ENTITY][_USER_TYPE] == _SERVICE_PRINCIPAL)
tenant = s[_TENANT_ID]
subscriptions = []
try:
if is_service_principal:
sp_auth = ServicePrincipalAuth(self._creds_cache.retrieve_secret_of_service_principal(user_name))
subscriptions = subscription_finder.find_from_service_principal_id(user_name, sp_auth, tenant,
self._ad_resource_uri)
else:
subscriptions = subscription_finder.find_from_user_account(user_name, None, None,
self._ad_resource_uri)
except Exception as ex: # pylint: disable=broad-except
logger.warning("Refreshing for '%s' failed with an error '%s'. The existing accounts were not "
"modified. You can run 'az login' later to explictly refresh them", user_name, ex)
result += deepcopy([r for r in to_refresh if r[_USER_ENTITY][_USER_NAME] == user_name])
continue
if not subscriptions:
if s[_SUBSCRIPTION_NAME] == _TENANT_LEVEL_ACCOUNT_NAME:
subscriptions = Profile._build_tenant_level_accounts([s[_TENANT_ID]])
if not subscriptions:
continue
consolidated = Profile._normalize_properties(subscription_finder.user_id,
subscriptions,
is_service_principal)
result += consolidated
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
result = result + not_to_refresh
self._set_subscriptions(result, merge=False)
def find_subscriptions_on_login(
self, # pylint: disable=too-many-arguments
interactive,
username,
password,
is_service_principal,
tenant,
subscription_finder=None):
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscriptions = []
if not subscription_finder:
subscription_finder = SubscriptionFinder(
self.auth_ctx_factory, self._creds_cache.adal_token_cache)
if interactive:
subscriptions = subscription_finder.find_through_interactive_flow(
tenant, self._ad_resource_uri)
else:
if is_service_principal:
if not tenant:
raise CLIError('Please supply tenant using "--tenant"')
sp_auth = ServicePrincipalAuth(password)
subscriptions = subscription_finder.find_from_service_principal_id(
username, sp_auth, tenant, self._ad_resource_uri)
else:
subscriptions = subscription_finder.find_from_user_account(
username, password, tenant, self._ad_resource_uri)
if not subscriptions:
raise CLIError('No subscriptions found for this account.')
if is_service_principal:
self._creds_cache.save_service_principal_cred(
sp_auth.get_entry_to_persist(username, tenant))
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
consolidated = Profile._normalize_properties(
subscription_finder.user_id, subscriptions, is_service_principal)
self._set_subscriptions(consolidated)
# use deepcopy as we don't want to persist these changes to file.
return deepcopy(consolidated)
def find_subscriptions_on_login(self, # pylint: disable=too-many-arguments
interactive,
username,
password,
is_service_principal,
tenant):
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscriptions = []
if interactive:
subscriptions = self._subscription_finder.find_through_interactive_flow(
tenant, self._ad_resource_uri)
else:
if is_service_principal:
if not tenant:
raise CLIError('Please supply tenant using "--tenant"')
sp_auth = ServicePrincipalAuth(password)
subscriptions = self._subscription_finder.find_from_service_principal_id(
username, sp_auth, tenant, self._ad_resource_uri)
else:
subscriptions = self._subscription_finder.find_from_user_account(
username, password, tenant, self._ad_resource_uri)
if not subscriptions:
raise CLIError('No subscriptions found for this account.')
if is_service_principal:
self._creds_cache.save_service_principal_cred(sp_auth.get_entry_to_persist(username,
tenant))
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
consolidated = Profile._normalize_properties(self._subscription_finder.user_id,
subscriptions,
is_service_principal)
self._set_subscriptions(consolidated)
# use deepcopy as we don't want to persist these changes to file.
return deepcopy(consolidated)
def find_subscriptions_on_login(
self, # pylint: disable=too-many-arguments
interactive,
username,
password,
is_service_principal,
tenant):
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscriptions = []
if interactive:
subscriptions = self._subscription_finder.find_through_interactive_flow(
self._management_resource_uri)
else:
if is_service_principal:
if not tenant:
raise CLIError('Please supply tenant using "--tenant"')
subscriptions = self._subscription_finder.find_from_service_principal_id(
username, password, tenant, self._management_resource_uri)
else:
subscriptions = self._subscription_finder.find_from_user_account(
username, password, self._management_resource_uri)
if not subscriptions:
raise CLIError('No subscriptions found for this account.')
if is_service_principal:
self._creds_cache.save_service_principal_cred(
username, password, tenant)
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
consolidated = Profile._normalize_properties(
self._subscription_finder.user_id, subscriptions,
is_service_principal)
self._set_subscriptions(consolidated)
return consolidated
def find_subscriptions_on_login(self,
interactive,
username,
password,
is_service_principal,
tenant,
use_device_code=False,
allow_no_subscriptions=False,
subscription_finder=None):
from azure.cli.core._debug import allow_debug_adal_connection
allow_debug_adal_connection()
subscriptions = []
if not subscription_finder:
subscription_finder = SubscriptionFinder(self.cli_ctx,
self.auth_ctx_factory,
self._creds_cache.adal_token_cache)
if interactive:
if not use_device_code and (in_cloud_console() or not can_launch_browser()):
logger.info('Detect no GUI is available, so fall back to device code')
use_device_code = True
if not use_device_code:
try:
authority_url, _ = _get_authority_url(self.cli_ctx, tenant)
subscriptions = subscription_finder.find_through_authorization_code_flow(
tenant, self._ad_resource_uri, authority_url)
except RuntimeError:
use_device_code = True
logger.warning('Not able to launch a browser to log you in, falling back to device code...')
if use_device_code:
subscriptions = subscription_finder.find_through_interactive_flow(
tenant, self._ad_resource_uri)
else:
if is_service_principal:
if not tenant:
raise CLIError('Please supply tenant using "--tenant"')
sp_auth = ServicePrincipalAuth(password)
subscriptions = subscription_finder.find_from_service_principal_id(
username, sp_auth, tenant, self._ad_resource_uri)
else:
subscriptions = subscription_finder.find_from_user_account(
username, password, tenant, self._ad_resource_uri)
if not allow_no_subscriptions and not subscriptions:
raise CLIError("No subscriptions were found for '{}'. If this is expected, use "
"'--allow-no-subscriptions' to have tenant level accesses".format(
username))
if is_service_principal:
self._creds_cache.save_service_principal_cred(sp_auth.get_entry_to_persist(username,
tenant))
if self._creds_cache.adal_token_cache.has_state_changed:
self._creds_cache.persist_cached_creds()
if allow_no_subscriptions:
t_list = [s.tenant_id for s in subscriptions]
bare_tenants = [t for t in subscription_finder.tenants if t not in t_list]
profile = Profile(cli_ctx=self.cli_ctx)
subscriptions = profile._build_tenant_level_accounts(bare_tenants) # pylint: disable=protected-access
if not subscriptions:
return []
consolidated = self._normalize_properties(subscription_finder.user_id, subscriptions, is_service_principal)
self._set_subscriptions(consolidated)
# use deepcopy as we don't want to persist these changes to file.
return deepcopy(consolidated)
