def find_subscriptions_on_login(self, interactive, username, password, is_service_principal, tenant, allow_no_subscriptions=False, subscription_finder=None): from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscriptions = [] if not subscription_finder: subscription_finder = SubscriptionFinder( self.cli_ctx, self.auth_ctx_factory, self._creds_cache.adal_token_cache) if interactive: subscriptions = subscription_finder.find_through_interactive_flow( tenant, self._ad_resource_uri) else: if is_service_principal: if not tenant: raise CLIError('Please supply tenant using "--tenant"') sp_auth = ServicePrincipalAuth(password) subscriptions = subscription_finder.find_from_service_principal_id( username, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = subscription_finder.find_from_user_account( username, password, tenant, self._ad_resource_uri) if not allow_no_subscriptions and not subscriptions: raise CLIError( "No subscriptions were found for '{}'. If this is expected, use " "'--allow-no-subscriptions' to have tenant level accesses". format(username)) if is_service_principal: self._creds_cache.save_service_principal_cred( sp_auth.get_entry_to_persist(username, tenant)) if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() if allow_no_subscriptions: t_list = [s.tenant_id for s in subscriptions] bare_tenants = [ t for t in subscription_finder.tenants if t not in t_list ] profile = Profile(cli_ctx=self.cli_ctx) subscriptions = profile._build_tenant_level_accounts(bare_tenants) # pylint: disable=protected-access if not subscriptions: return [] consolidated = self._normalize_properties(subscription_finder.user_id, subscriptions, is_service_principal) self._set_subscriptions(consolidated) # use deepcopy as we don't want to persist these changes to file. return deepcopy(consolidated)
def refresh_accounts(self, subscription_finder=None): subscriptions = self.load_cached_subscriptions() to_refresh = subscriptions from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscription_finder = subscription_finder or SubscriptionFinder( self.cli_ctx, self.auth_ctx_factory, self._creds_cache.adal_token_cache) refreshed_list = set() result = [] for s in to_refresh: user_name = s[_USER_ENTITY][_USER_NAME] if user_name in refreshed_list: continue refreshed_list.add(user_name) is_service_principal = ( s[_USER_ENTITY][_USER_TYPE] == _SERVICE_PRINCIPAL) tenant = s[_TENANT_ID] subscriptions = [] try: if is_service_principal: sp_auth = ServicePrincipalAuth( self._creds_cache.retrieve_secret_of_service_principal( user_name)) subscriptions = subscription_finder.find_from_service_principal_id( user_name, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = subscription_finder.find_from_user_account( user_name, None, None, self._ad_resource_uri) except Exception as ex: # pylint: disable=broad-except logger.warning( "Refreshing for '%s' failed with an error '%s'. The existing accounts were not " "modified. You can run 'az login' later to explictly refresh them", user_name, ex) result += deepcopy([ r for r in to_refresh if r[_USER_ENTITY][_USER_NAME] == user_name ]) continue if not subscriptions: if s[_SUBSCRIPTION_NAME] == _TENANT_LEVEL_ACCOUNT_NAME: subscriptions = self._build_tenant_level_accounts( [s[_TENANT_ID]]) if not subscriptions: continue consolidated = self._normalize_properties( subscription_finder.user_id, subscriptions, is_service_principal) result += consolidated if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() self._set_subscriptions(result, merge=False)
def find_subscriptions_on_login(self, interactive, username, password, is_service_principal, tenant, allow_no_subscriptions=False, subscription_finder=None): from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscriptions = [] if not subscription_finder: subscription_finder = SubscriptionFinder(self.cli_ctx, self.auth_ctx_factory, self._creds_cache.adal_token_cache) if interactive: subscriptions = subscription_finder.find_through_interactive_flow( tenant, self._ad_resource_uri) else: if is_service_principal: if not tenant: raise CLIError('Please supply tenant using "--tenant"') sp_auth = ServicePrincipalAuth(password) subscriptions = subscription_finder.find_from_service_principal_id( username, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = subscription_finder.find_from_user_account( username, password, tenant, self._ad_resource_uri) if not allow_no_subscriptions and not subscriptions: raise CLIError("No subscriptions were found for '{}'. If this is expected, use " "'--allow-no-subscriptions' to have tenant level accesses".format( username)) if is_service_principal: self._creds_cache.save_service_principal_cred(sp_auth.get_entry_to_persist(username, tenant)) if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() if allow_no_subscriptions: t_list = [s.tenant_id for s in subscriptions] bare_tenants = [t for t in subscription_finder.tenants if t not in t_list] profile = Profile(cli_ctx=self.cli_ctx) subscriptions = profile._build_tenant_level_accounts(bare_tenants) # pylint: disable=protected-access if not subscriptions: return [] consolidated = self._normalize_properties(subscription_finder.user_id, subscriptions, is_service_principal) self._set_subscriptions(consolidated) # use deepcopy as we don't want to persist these changes to file. return deepcopy(consolidated)
def refresh_accounts(self, subscription_finder=None): subscriptions = self.load_cached_subscriptions() to_refresh = [s for s in subscriptions if not s[_SUBSCRIPTION_NAME].startswith(_MSI_ACCOUNT_NAME)] not_to_refresh = [s for s in subscriptions if s not in to_refresh] from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscription_finder = subscription_finder or SubscriptionFinder(self.auth_ctx_factory, self._creds_cache.adal_token_cache) refreshed_list = set() result = [] for s in to_refresh: user_name = s[_USER_ENTITY][_USER_NAME] if user_name in refreshed_list: continue refreshed_list.add(user_name) is_service_principal = (s[_USER_ENTITY][_USER_TYPE] == _SERVICE_PRINCIPAL) tenant = s[_TENANT_ID] subscriptions = [] try: if is_service_principal: sp_auth = ServicePrincipalAuth(self._creds_cache.retrieve_secret_of_service_principal(user_name)) subscriptions = subscription_finder.find_from_service_principal_id(user_name, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = subscription_finder.find_from_user_account(user_name, None, None, self._ad_resource_uri) except Exception as ex: # pylint: disable=broad-except logger.warning("Refreshing for '%s' failed with an error '%s'. The existing accounts were not " "modified. You can run 'az login' later to explictly refresh them", user_name, ex) result += deepcopy([r for r in to_refresh if r[_USER_ENTITY][_USER_NAME] == user_name]) continue if not subscriptions: if s[_SUBSCRIPTION_NAME] == _TENANT_LEVEL_ACCOUNT_NAME: subscriptions = Profile._build_tenant_level_accounts([s[_TENANT_ID]]) if not subscriptions: continue consolidated = Profile._normalize_properties(subscription_finder.user_id, subscriptions, is_service_principal) result += consolidated if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() result = result + not_to_refresh self._set_subscriptions(result, merge=False)
def find_subscriptions_on_login( self, # pylint: disable=too-many-arguments interactive, username, password, is_service_principal, tenant, subscription_finder=None): from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscriptions = [] if not subscription_finder: subscription_finder = SubscriptionFinder( self.auth_ctx_factory, self._creds_cache.adal_token_cache) if interactive: subscriptions = subscription_finder.find_through_interactive_flow( tenant, self._ad_resource_uri) else: if is_service_principal: if not tenant: raise CLIError('Please supply tenant using "--tenant"') sp_auth = ServicePrincipalAuth(password) subscriptions = subscription_finder.find_from_service_principal_id( username, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = subscription_finder.find_from_user_account( username, password, tenant, self._ad_resource_uri) if not subscriptions: raise CLIError('No subscriptions found for this account.') if is_service_principal: self._creds_cache.save_service_principal_cred( sp_auth.get_entry_to_persist(username, tenant)) if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() consolidated = Profile._normalize_properties( subscription_finder.user_id, subscriptions, is_service_principal) self._set_subscriptions(consolidated) # use deepcopy as we don't want to persist these changes to file. return deepcopy(consolidated)
def find_subscriptions_on_login(self, # pylint: disable=too-many-arguments interactive, username, password, is_service_principal, tenant): from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscriptions = [] if interactive: subscriptions = self._subscription_finder.find_through_interactive_flow( tenant, self._ad_resource_uri) else: if is_service_principal: if not tenant: raise CLIError('Please supply tenant using "--tenant"') sp_auth = ServicePrincipalAuth(password) subscriptions = self._subscription_finder.find_from_service_principal_id( username, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = self._subscription_finder.find_from_user_account( username, password, tenant, self._ad_resource_uri) if not subscriptions: raise CLIError('No subscriptions found for this account.') if is_service_principal: self._creds_cache.save_service_principal_cred(sp_auth.get_entry_to_persist(username, tenant)) if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() consolidated = Profile._normalize_properties(self._subscription_finder.user_id, subscriptions, is_service_principal) self._set_subscriptions(consolidated) # use deepcopy as we don't want to persist these changes to file. return deepcopy(consolidated)
def find_subscriptions_on_login( self, # pylint: disable=too-many-arguments interactive, username, password, is_service_principal, tenant): from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscriptions = [] if interactive: subscriptions = self._subscription_finder.find_through_interactive_flow( self._management_resource_uri) else: if is_service_principal: if not tenant: raise CLIError('Please supply tenant using "--tenant"') subscriptions = self._subscription_finder.find_from_service_principal_id( username, password, tenant, self._management_resource_uri) else: subscriptions = self._subscription_finder.find_from_user_account( username, password, self._management_resource_uri) if not subscriptions: raise CLIError('No subscriptions found for this account.') if is_service_principal: self._creds_cache.save_service_principal_cred( username, password, tenant) if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() consolidated = Profile._normalize_properties( self._subscription_finder.user_id, subscriptions, is_service_principal) self._set_subscriptions(consolidated) return consolidated
def find_subscriptions_on_login(self, interactive, username, password, is_service_principal, tenant, use_device_code=False, allow_no_subscriptions=False, subscription_finder=None): from azure.cli.core._debug import allow_debug_adal_connection allow_debug_adal_connection() subscriptions = [] if not subscription_finder: subscription_finder = SubscriptionFinder(self.cli_ctx, self.auth_ctx_factory, self._creds_cache.adal_token_cache) if interactive: if not use_device_code and (in_cloud_console() or not can_launch_browser()): logger.info('Detect no GUI is available, so fall back to device code') use_device_code = True if not use_device_code: try: authority_url, _ = _get_authority_url(self.cli_ctx, tenant) subscriptions = subscription_finder.find_through_authorization_code_flow( tenant, self._ad_resource_uri, authority_url) except RuntimeError: use_device_code = True logger.warning('Not able to launch a browser to log you in, falling back to device code...') if use_device_code: subscriptions = subscription_finder.find_through_interactive_flow( tenant, self._ad_resource_uri) else: if is_service_principal: if not tenant: raise CLIError('Please supply tenant using "--tenant"') sp_auth = ServicePrincipalAuth(password) subscriptions = subscription_finder.find_from_service_principal_id( username, sp_auth, tenant, self._ad_resource_uri) else: subscriptions = subscription_finder.find_from_user_account( username, password, tenant, self._ad_resource_uri) if not allow_no_subscriptions and not subscriptions: raise CLIError("No subscriptions were found for '{}'. If this is expected, use " "'--allow-no-subscriptions' to have tenant level accesses".format( username)) if is_service_principal: self._creds_cache.save_service_principal_cred(sp_auth.get_entry_to_persist(username, tenant)) if self._creds_cache.adal_token_cache.has_state_changed: self._creds_cache.persist_cached_creds() if allow_no_subscriptions: t_list = [s.tenant_id for s in subscriptions] bare_tenants = [t for t in subscription_finder.tenants if t not in t_list] profile = Profile(cli_ctx=self.cli_ctx) subscriptions = profile._build_tenant_level_accounts(bare_tenants) # pylint: disable=protected-access if not subscriptions: return [] consolidated = self._normalize_properties(subscription_finder.user_id, subscriptions, is_service_principal) self._set_subscriptions(consolidated) # use deepcopy as we don't want to persist these changes to file. return deepcopy(consolidated)