def setup_continuous_delivery(self, resource_group_name, name, repo_url,
branch, git_token, slot, cd_app_type_details,
cd_project_url, cd_create_account, location,
test, private_repo_username,
private_repo_password, webapp_list):
"""
This method sets up CD for an Azure Web App thru Team Services
"""
# Gather information about the Azure connection
profile = Profile()
subscription = profile.get_subscription()
user = profile.get_current_account_user()
cred, _, _ = profile.get_login_credentials(subscription_id=None)
cd_manager = ContinuousDeliveryManager(self._update_progress)
# Generate an Azure token with the VSTS resource app id
auth_token = profile.get_access_token_for_resource(
user, None, cd_manager.get_vsts_app_id())
cd_manager.set_repository_info(repo_url, branch, git_token,
private_repo_username,
private_repo_password)
cd_manager.set_azure_web_info(resource_group_name, name, cred,
subscription['id'], subscription['name'],
subscription['tenantId'], location)
vsts_cd_status = cd_manager.setup_continuous_delivery(
slot, cd_app_type_details, cd_project_url, cd_create_account,
auth_token, test, webapp_list)
return vsts_cd_status
def setup_continuous_delivery(self, cli_ctx,
resource_group_name, name, repo_url, branch, git_token,
slot, cd_app_type_details, cd_project_url, cd_create_account, location,
test, private_repo_username, private_repo_password, webapp_list):
"""
This method sets up CD for an Azure Web App thru Team Services
"""
# Gather information about the Azure connection
profile = Profile(cli_ctx=cli_ctx)
subscription = profile.get_subscription()
user = profile.get_current_account_user()
cred, _, _ = profile.get_login_credentials(subscription_id=None)
cd_manager = ContinuousDeliveryManager(self._update_progress)
# Generate an Azure token with the VSTS resource app id
auth_token = profile.get_access_token_for_resource(user, None, cd_manager.get_vsts_app_id())
cd_manager.set_repository_info(repo_url, branch, git_token, private_repo_username, private_repo_password)
cd_manager.set_azure_web_info(resource_group_name, name, cred, subscription['id'],
subscription['name'], subscription['tenantId'], location)
vsts_cd_status = cd_manager.setup_continuous_delivery(slot, cd_app_type_details, cd_project_url,
cd_create_account, auth_token, test, webapp_list)
return vsts_cd_status
def logout(username=None):
"""Log out to remove access to Azure subscriptions"""
if in_cloud_console():
raise CLIError(_CLOUD_CONSOLE_ERR_TEMPLATE.format('logout'))
profile = Profile()
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def logout(username=None):
"""Log out to remove access to Azure subscriptions"""
if _in_cloud_console():
raise CLIError(_CLOUD_CONSOLE_ERR_TEMPLATE.format('logout'))
profile = Profile()
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def logout(cmd, username=None):
"""Log out to remove access to Azure subscriptions"""
if in_cloud_console():
logger.warning(_CLOUD_CONSOLE_LOGOUT_WARNING)
profile = Profile(cli_ctx=cmd.cli_ctx)
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def logout(cmd, username=None):
"""Log out to remove access to Azure subscriptions"""
if in_cloud_console():
logger.warning(_CLOUD_CONSOLE_LOGOUT_WARNING)
profile = Profile(cli_ctx=cmd.cli_ctx)
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def logout(username=None):
"""Log out to remove access to Azure subscriptions"""
if in_cloud_console():
logger.warning(_CLOUD_CONSOLE_WARNING_TEMPLATE, 'logout')
return
profile = Profile()
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def logout(username=None):
"""Log out to remove access to Azure subscriptions"""
if in_cloud_console():
logger.warning(_CLOUD_CONSOLE_WARNING_TEMPLATE, 'logout')
return
profile = Profile()
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def get_default_subscription_info():
"""
Returns the Id, name, tenantID and environmentName of the default subscription
None if no default is set or no subscription is found
"""
profile = Profile()
dummy_user = profile.get_current_account_user() # noqa: F841
subscriptions = profile.load_cached_subscriptions(False)
for subscription in subscriptions:
if subscription['isDefault']:
return subscription['id'], subscription['name'], subscription['tenantId'], subscription['environmentName']
logger.debug('Your account does not have a default Azure subscription. Please run \'az login\' to setup account.')
return None, None, None, None
def test_get_current_account_user(self, mock_read_cred_file):
#setup
mock_read_cred_file.return_value = [Test_Profile.token_entry1]
storage_mock = {'subscriptions': None}
profile = Profile(storage_mock)
consolidated = Profile._normalize_properties(self.user1,
[self.subscription1],
False)
profile._set_subscriptions(consolidated)
#action
user = profile.get_current_account_user()
#verify
self.assertEqual(user, self.user1)
def test_get_current_account_user(self, mock_read_cred_file):
#setup
mock_read_cred_file.return_value = [Test_Profile.token_entry1]
storage_mock = {'subscriptions': None}
profile = Profile(storage_mock)
consolidated = Profile._normalize_properties(self.user1,
[self.subscription1],
False)
profile._set_subscriptions(consolidated)
#action
user = profile.get_current_account_user()
#verify
self.assertEqual(user, self.user1)
def get_token_from_az_logins(organization, pat_token_present):
profile = Profile()
dummy_user = profile.get_current_account_user() # noqa: F841
subscriptions = profile.load_cached_subscriptions(False)
tenantsDict = OrderedDict()
# first loop to make sure the first identity we try with is coming from selected subscription
for subscription in subscriptions:
if subscription['isDefault'] == "true":
tenantsDict[(subscription['tenantId'],
subscription['user']['name'])] = ''
for subscription in subscriptions:
tenantsDict[(subscription['tenantId'],
subscription['user']['name'])] = ''
skipValidateToken = False
if pat_token_present is False and len(tenantsDict) == 1:
skipValidateToken = True
try:
for key, dummy_value in tenantsDict.items():
try:
logger.debug(
'trying to get token (temp) for tenant %s and user %s ',
key[0], key[1])
token = get_token_from_az_login(profile, key[1], key[0])
credentials = BasicAuthentication('', token)
if skipValidateToken is True:
return token
if validate_token_for_instance(organization, credentials):
return token
logger.debug('invalid token obtained for tenant %s', key[0])
except BaseException as ex2:
logger.debug(ex2)
logger.debug('failed while trying to get token for tenant %s',
key[0])
except BaseException as ex:
logger.debug(ex)
return ''
def _get_login_account_principal_id(cli_ctx):
from azure.cli.core._profile import Profile
from azure.graphrbac import GraphRbacManagementClient
profile = Profile(cli_ctx=cli_ctx)
cred, _, tenant_id = profile.get_login_credentials(
resource=cli_ctx.cloud.endpoints.active_directory_graph_resource_id)
client = GraphRbacManagementClient(
cred,
tenant_id,
base_url=cli_ctx.cloud.endpoints.active_directory_graph_resource_id)
assignee = profile.get_current_account_user()
result = list(
client.users.list(filter=f"userPrincipalName eq '{assignee}'"))
if not result:
result = list(
client.service_principals.list(
filter=f"servicePrincipalNames/any(c:c eq '{assignee}')"))
if not result:
raise CLIInternalError((
f"Failed to retrieve principal id for '{assignee}', which is needed to create a "
f"role assignment"))
return result[0].object_id
def teamcloud_deploy(
cmd,
client,
name,
location,
resource_group_name='TeamCloud', # pylint: disable=too-many-statements, too-many-locals
principal_name=None,
principal_password=None,
tags=None,
version=None,
skip_app_deployment=False,
skip_name_validation=False,
skip_admin_user=False,
prerelease=False,
index_url=None):
from azure.cli.core._profile import Profile
from .vendored_sdks.teamcloud.models import UserDefinition
from ._deploy_utils import (get_github_latest_release, get_index_teamcloud,
deploy_arm_template_at_resource_group,
get_resource_group_by_name,
create_resource_group_name,
create_resource_manager_sp, set_appconfig_keys,
zip_deploy_app)
cli_ctx = cmd.cli_ctx
location = location.lower()
hook = cli_ctx.get_progress_controller()
hook.begin()
if version or prerelease:
if index_url:
raise CLIError(
'--index-url can not be used with --version or --pre.')
if index_url is None:
version = version or get_github_latest_release(
cmd.cli_ctx, 'TeamCloud', prerelease=prerelease)
index_url = 'https://github.com/microsoft/TeamCloud/releases/download/{}/index.json'.format(
version)
hook.add(message='Fetching index.json from GitHub')
index_teamcloud = get_index_teamcloud(index_url=index_url)
deploy_url, api_zip_url, orchestrator_zip_url = index_teamcloud.get(
'deployUrl'), index_teamcloud.get('apiZipUrl'), index_teamcloud.get(
'orchestratorZipUrl')
if not deploy_url:
raise CLIError('No deploy url found found in index')
if not api_zip_url:
raise CLIError('No zip url for the api found found in index')
if not orchestrator_zip_url:
raise CLIError('No zip url for the orchestrator found found in index')
hook.add(message='Getting resource group {}'.format(resource_group_name))
rg, _ = get_resource_group_by_name(cli_ctx, resource_group_name)
if rg is None:
hook.add(message="Resource group '{}' not found".format(
resource_group_name))
hook.add(
message="Creating resource group '{}'".format(resource_group_name))
rg, _ = create_resource_group_name(cli_ctx, resource_group_name,
location)
profile = Profile(cli_ctx=cli_ctx)
if principal_name is None and principal_password is None:
hook.add(message='Creating AAD app registration')
resource_manager_sp = create_resource_manager_sp(cmd)
else:
_, _, tenant_id = profile.get_login_credentials(
resource=cli_ctx.cloud.endpoints.active_directory_graph_resource_id
)
resource_manager_sp = {
'appId': principal_name,
'password': principal_password,
'tenant': tenant_id
}
parameters = []
parameters.append('webAppName={}'.format(name))
parameters.append('resourceManagerIdentityClientId={}'.format(
resource_manager_sp['appId']))
parameters.append('resourceManagerIdentityClientSecret={}'.format(
resource_manager_sp['password']))
hook.add(message='Deploying ARM template')
outputs = deploy_arm_template_at_resource_group(cmd,
resource_group_name,
template_uri=deploy_url,
parameters=[parameters])
api_url = outputs['apiUrl']['value']
orchestrator_url = outputs['orchestratorUrl']['value']
api_app_name = outputs['apiAppName']['value']
orchestrator_app_name = outputs['orchestratorAppName']['value']
config_service_conn_string = outputs['configServiceConnectionString'][
'value']
config_service_imports = outputs['configServiceImport']['value']
if not api_url:
raise CLIError(
'ARM template outputs did not include a value for apiUrl')
if not orchestrator_url:
raise CLIError(
'ARM template outputs did not include a value for orchestratorUrl')
if not api_app_name:
raise CLIError(
'ARM template outputs did not include a value for apiAppName')
if not orchestrator_app_name:
raise CLIError(
'ARM template outputs did not include a value for orchestratorAppName'
)
if not config_service_conn_string:
raise CLIError(
'ARM template outputs did not include a value for configServiceConnectionString'
)
if not config_service_imports:
raise CLIError(
'ARM template outputs did not include a value for configServiceImport'
)
config_kvs = []
for k, v in config_service_imports.items():
config_kvs.append({'key': k, 'value': v})
hook.add(
message='Adding ARM template outputs to App Configuration service')
set_appconfig_keys(cli_ctx, config_service_conn_string, config_kvs)
if skip_app_deployment:
logger.warning(
'IMPORTANT: --skip-deploy prevented source code for the TeamCloud instance deployment. '
'To deploy the applications use `az tc upgrade`.')
else:
hook.add(message='Deploying Orchestrator source code')
zip_deploy_app(cli_ctx, resource_group_name, orchestrator_app_name,
orchestrator_zip_url)
hook.add(message='Deploying API source code')
zip_deploy_app(cli_ctx, resource_group_name, api_app_name, api_zip_url)
version_string = version or 'the latest version'
hook.add(message='Successfully created TeamCloud instance ({})'.format(
version_string))
if skip_admin_user:
logger.warning(
'IMPORTANT: --redeploy prevented adding you as an Admin user to the TeamCloud instance deployment.'
)
else:
me = profile.get_current_account_user()
hook.add(message="Adding '{}' as an admin user".format(me))
client._client.config.base_url = api_url
user_definition = UserDefinition(identifier=me,
role='Admin',
properties=None)
_ = client.create_team_cloud_admin_user(user_definition)
hook.end(message=' ')
logger.warning(' ')
logger.warning('TeamCloud instance successfully created at: %s', api_url)
logger.warning(
'Use `az configure --defaults tc-base-url=%s` to configure '
'this as your default TeamCloud instance', api_url)
result = {
'deployed': not skip_app_deployment,
'version': version or 'latest',
'name': name,
'base_url': api_url,
'location': location,
'api': {
'name': api_app_name,
'url': api_url
},
'orchestrator': {
'name': orchestrator_app_name,
'url': orchestrator_url
},
'service_principal': {
'appId': resource_manager_sp['appId'],
# 'password': resource_manager_sp['password'],
'tenant': resource_manager_sp['tenant']
}
}
return result
def logout(username=None):
"""Log out to remove access to Azure subscriptions"""
profile = Profile()
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def teamcloud_deploy(
cmd,
client,
name,
location=None,
resource_group_name='TeamCloud', # pylint: disable=too-many-statements, too-many-locals
principal_name=None,
principal_password=None,
tags=None,
version=None,
skip_app_deployment=False,
skip_name_validation=False,
skip_admin_user=False,
prerelease=False,
index_url=None):
from re import sub
from azure.cli.core._profile import Profile
from .vendored_sdks.teamcloud.models import UserDefinition, TeamCloudInstance, AzureResourceGroup
from ._deploy_utils import (get_index_teamcloud,
deploy_arm_template_at_resource_group,
get_resource_group_by_name,
create_resource_group_name,
create_resource_manager_sp, set_appconfig_keys,
zip_deploy_app, get_arm_output)
cli_ctx = cmd.cli_ctx
hook = cli_ctx.get_progress_controller()
hook.begin()
hook.add(message='Fetching index.json from GitHub')
version, deploy_url, api_zip_url, orchestrator_zip_url = get_index_teamcloud(
cli_ctx, version, prerelease, index_url)
hook.add(message='Getting resource group {}'.format(resource_group_name))
rg, sub_id = get_resource_group_by_name(cli_ctx, resource_group_name)
if rg is None:
if location is None:
raise CLIError(
"--location/-l is required if resource group '{}' does not exist"
.format(resource_group_name))
hook.add(message="Resource group '{}' not found".format(
resource_group_name))
hook.add(
message="Creating resource group '{}'".format(resource_group_name))
rg, sub_id = create_resource_group_name(cli_ctx, resource_group_name,
location)
profile = Profile(cli_ctx=cli_ctx)
if principal_name is None and principal_password is None:
hook.add(message='Creating AAD app registration')
resource_manager_sp = create_resource_manager_sp(cmd, name)
else:
_, _, tenant_id = profile.get_login_credentials(
resource=cli_ctx.cloud.endpoints.active_directory_graph_resource_id
)
resource_manager_sp = {
'appId': principal_name,
'password': principal_password,
'tenant': tenant_id
}
parameters = []
parameters.append('webAppName={}'.format(name))
parameters.append('resourceManagerIdentityClientId={}'.format(
resource_manager_sp['appId']))
parameters.append('resourceManagerIdentityClientSecret={}'.format(
resource_manager_sp['password']))
hook.add(message='Deploying ARM template')
outputs = deploy_arm_template_at_resource_group(cmd,
resource_group_name,
template_uri=deploy_url,
parameters=[parameters])
api_url = get_arm_output(outputs, 'apiUrl')
orchestrator_url = get_arm_output(outputs, 'orchestratorUrl')
api_app_name = get_arm_output(outputs, 'apiAppName')
orchestrator_app_name = get_arm_output(outputs, 'orchestratorAppName')
config_service_conn_string = get_arm_output(
outputs, 'configServiceConnectionString')
config_service_imports = get_arm_output(outputs, 'configServiceImport')
config_kvs = []
for k, v in config_service_imports.items():
config_kvs.append({'key': k, 'value': v})
hook.add(
message='Adding ARM template outputs to App Configuration service')
set_appconfig_keys(cmd, config_service_conn_string, config_kvs)
if skip_app_deployment:
logger.warning(
'IMPORTANT: --skip-app-deployment prevented source code for the TeamCloud instance deployment. '
'To deploy the applications use `az tc upgrade`.')
else:
hook.add(message='Deploying Orchestrator source code')
zip_deploy_app(cli_ctx, resource_group_name, orchestrator_app_name,
orchestrator_zip_url)
hook.add(message='Deploying API source code')
zip_deploy_app(cli_ctx, resource_group_name, api_app_name, api_zip_url)
version_string = version or 'the latest version'
hook.add(message='Successfully created TeamCloud instance ({})'.format(
version_string))
_ensure_base_url(client, api_url)
if skip_admin_user:
logger.warning(
'IMPORTANT: --skip-admin-user prevented adding you as an Admin user to the TeamCloud instance deployment.'
)
else:
me = profile.get_current_account_user()
me = sub('http[s]?://', '', me)
hook.add(message="Adding '{}' as an admin user".format(me))
user_definition = UserDefinition(identifier=me,
role='Admin',
properties=None)
_ = client.create_team_cloud_admin_user(user_definition)
hook.add(message='Adding TeamCloud instance information')
resource_group = AzureResourceGroup(id=rg.id,
name=rg.name,
region=rg.location,
subscription_id=sub_id)
teamcloud_instance = TeamCloudInstance(version=version,
resource_group=resource_group,
tags=tags)
_ = client.create_team_cloud_instance(teamcloud_instance)
hook.end(message=' ')
logger.warning(' ')
logger.warning('TeamCloud instance successfully created at: %s', api_url)
logger.warning(
'Use `az configure --defaults tc-base-url=%s` to configure '
'this as your default TeamCloud instance', api_url)
result = {
'deployed': not skip_app_deployment,
'version': version or 'latest',
'name': name,
'base_url': api_url,
'location': rg.location,
'api': {
'name': api_app_name,
'url': api_url
},
'orchestrator': {
'name': orchestrator_app_name,
'url': orchestrator_url
},
'service_principal': {
'appId': resource_manager_sp['appId'],
# 'password': resource_manager_sp['password'],
'tenant': resource_manager_sp['tenant']
}
}
return result
def logout(username=None):
"""Log out to remove access to Azure subscriptions"""
profile = Profile()
if not username:
username = profile.get_current_account_user()
profile.logout(username)
def _get_user_azure_id():
try:
profile = Profile()
return _get_hash(profile.get_current_account_user())
except CLIError: #pylint: disable=broad-except
pass
