def _build_application_creds(password=None, key_value=None, key_type=None,#pylint: disable=too-many-arguments
key_usage=None, start_date=None, end_date=None):
if password and key_value:
raise CLIError('specify either --password or --key-value, but not both.')
if not start_date:
start_date = datetime.datetime.utcnow()
elif isinstance(start_date, str):
start_date = dateutil.parser.parse(start_date)
if not end_date:
end_date = start_date + relativedelta(years=1)
elif isinstance(end_date, str):
end_date = dateutil.parser.parse(end_date)#pylint: disable=redefined-variable-type
key_type = key_type or 'AsymmetricX509Cert'
key_usage = key_usage or 'Verify'
password_creds = None
key_creds = None
if password:
password_creds = [PasswordCredential(start_date, end_date, str(uuid.uuid4()), password)]
elif key_value:
key_creds = [KeyCredential(start_date, end_date, key_value, str(uuid.uuid4()),
key_usage, key_type)]
return (password_creds, key_creds)
def reset_service_principal_credential(name, password=None, create_cert=False, cert=None, years=1):
'''reset credential, on expiration or you forget it.
:param str name: the name, can be the app id uri, app id guid, or display name
:param str password: the password used to login. If missing, command will generate one.
:param str cert: PEM formatted public certificate. Do not include private key info.
:param str years: Years the password will be valid.
'''
client = _graph_client_factory()
# pylint: disable=no-member
# look for the existing application
query_exp = "servicePrincipalNames/any(x:x eq \'{0}\') or displayName eq '{0}'".format(name)
aad_sps = list(client.service_principals.list(filter=query_exp))
if not aad_sps:
raise CLIError("can't find a service principal matching '{}'".format(name))
if len(aad_sps) > 1:
raise CLIError(
'more than one entry matches the name, please provide unique names like app id guid, or app id uri') # pylint: disable=line-too-long
app = show_application(client.applications, aad_sps[0].app_id)
# build a new password/cert credential and patch it
public_cert_string = None
cert_file = None
if len([x for x in [cert, create_cert, password] if x]) > 1:
raise CLIError('Usage error: --cert | --create-cert | --password')
if create_cert:
public_cert_string, cert_file = _create_self_signed_cert(years)
elif cert:
public_cert_string = cert
else:
password = password or str(uuid.uuid4())
start_date = datetime.datetime.utcnow()
end_date = start_date + relativedelta(years=years)
key_id = str(uuid.uuid4())
app_creds = [PasswordCredential(start_date, end_date, key_id, password)] if password else None
cert_creds = [KeyCredential(start_date, end_date, public_cert_string, str(uuid.uuid4()),
usage='Verify',
type='AsymmetricX509Cert')] if public_cert_string else None # pylint: disable=line-too-long
app_create_param = ApplicationUpdateParameters(password_credentials=app_creds,
key_credentials=cert_creds)
client.applications.patch(app.object_id, app_create_param)
result = {
'appId': app.app_id,
'password': password,
'name': name,
'tenant': client.config.tenant_id
}
if cert_file:
result['fileWithCertAndPrivateKey'] = cert_file
return result
def _build_application_creds(password=None,
key_value=None,
key_type=None,
key_usage=None,
start_date=None,
end_date=None):
if password and key_value:
raise AzCLIError(
"specify either --password or --key-value, but not both.")
if not start_date:
start_date = datetime.datetime.utcnow()
elif isinstance(start_date, str):
start_date = dateutil.parser.parse(start_date)
if not end_date:
end_date = start_date + relativedelta(years=1)
elif isinstance(end_date, str):
end_date = dateutil.parser.parse(end_date)
key_type = key_type or "AsymmetricX509Cert"
key_usage = key_usage or "Verify"
password_creds = None
key_creds = None
if password:
password_creds = [
PasswordCredential(start_date=start_date,
end_date=end_date,
key_id=str(uuid.uuid4()),
value=password)
]
elif key_value:
key_creds = [
KeyCredential(
start_date=start_date,
end_date=end_date,
value=key_value,
key_id=str(uuid.uuid4()),
usage=key_usage,
type=key_type,
)
]
return (password_creds, key_creds)
def reset_service_principal_credential(name, password=None, create_cert=False,
cert=None, years=None, keyvault=None):
import pytz
client = _graph_client_factory()
# pylint: disable=no-member
years = years or 1
# look for the existing application
query_exp = "servicePrincipalNames/any(x:x eq \'{0}\') or displayName eq '{0}'".format(name)
aad_sps = list(client.service_principals.list(filter=query_exp))
if not aad_sps:
raise CLIError("can't find a service principal matching '{}'".format(name))
if len(aad_sps) > 1:
raise CLIError(
'more than one entry matches the name, please provide unique names like '
'app id guid, or app id uri')
app = show_application(client.applications, aad_sps[0].app_id)
app_start_date = datetime.datetime.now(pytz.utc)
app_end_date = app_start_date + relativedelta(years=years or 1)
# build a new password/cert credential and patch it
public_cert_string = None
cert_file = None
password, public_cert_string, cert_file, cert_start_date, cert_end_date = \
_process_service_principal_creds(years, app_start_date, app_end_date, cert, create_cert,
password, keyvault)
app_start_date, app_end_date, cert_start_date, cert_end_date = \
_validate_app_dates(app_start_date, app_end_date, cert_start_date, cert_end_date)
app_creds = None
cert_creds = None
if password:
app_creds = [
PasswordCredential(
start_date=app_start_date,
end_date=app_end_date,
key_id=str(uuid.uuid4()),
value=password
)
]
if public_cert_string:
cert_creds = [
KeyCredential(
start_date=app_start_date,
end_date=app_end_date,
value=public_cert_string,
key_id=str(uuid.uuid4()),
usage='Verify',
type='AsymmetricX509Cert'
)
]
app_create_param = ApplicationUpdateParameters(password_credentials=app_creds, key_credentials=cert_creds)
client.applications.patch(app.object_id, app_create_param)
result = {
'appId': app.app_id,
'password': password,
'name': name,
'tenant': client.config.tenant_id
}
if cert_file:
result['fileWithCertAndPrivateKey'] = cert_file
return result
