Ejemplo n.º 1
0
def update_adla_catalog_credential(client,
                                   account_name,
                                   database_name,
                                   credential_name,
                                   credential_user_name,
                                   uri,
                                   credential_user_password=None,
                                   new_credential_user_password=None):
    if not credential_user_password:
        try:
            credential_user_password = prompt_pass('Current Password:'******'Please specify --user-name --password and --new-password in non-interactive mode.')

    if not new_credential_user_password:
        try:
            new_credential_user_password = prompt_pass('New Password:'******'Please specify --user-name --password and --new-password in non-interactive mode.')

    update_params = DataLakeAnalyticsCatalogCredentialUpdateParameters(credential_user_password,
                                                                       new_credential_user_password,
                                                                       uri,
                                                                       credential_user_name)
    client.update_credential(account_name, database_name, credential_name, update_params)
Ejemplo n.º 2
0
def create_image_registry_credentials(registry_login_server, registry_username, registry_password, image):
    """Create image registry credentials. """
    image_registry_credentials = None
    if registry_login_server:
        if not registry_username:
            raise CLIError('Please specify --registry-username in order to use custom image registry.')
        if not registry_password:
            try:
                registry_password = prompt_pass(msg='Image registry password: '******'Please specify --registry-password in order to use custom image registry.')
        image_registry_credentials = [ImageRegistryCredential(server=registry_login_server,
                                                              username=registry_username,
                                                              password=registry_password)]
    elif ACR_SERVER_SUFFIX in image:
        if not registry_password:
            try:
                registry_password = prompt_pass(msg='Image registry password: '******'Please specify --registry-password in order to use Azure Container Registry.')

        acr_server = image.split("/")[0] if image.split("/") else None
        acr_username = image.split(ACR_SERVER_SUFFIX)[0] if image.split(ACR_SERVER_SUFFIX) else None
        if acr_server and acr_username:
            image_registry_credentials = [ImageRegistryCredential(server=acr_server,
                                                                  username=acr_username,
                                                                  password=registry_password)]
        else:
            raise CLIError('Failed to parse ACR server or username from image name; please explicitly specify --registry-server and --registry-username.')

    return image_registry_credentials
Ejemplo n.º 3
0
def update_adla_catalog_credential(client,
                                   account_name,
                                   database_name,
                                   credential_name,
                                   credential_user_name,
                                   uri,
                                   credential_user_password=None,
                                   new_credential_user_password=None):
    if not credential_user_password:
        try:
            credential_user_password = prompt_pass('Current Password:'******'Please specify --user-name --password and --new-password in non-interactive mode.')

    if not new_credential_user_password:
        try:
            new_credential_user_password = prompt_pass('New Password:'******'Please specify --user-name --password and --new-password in non-interactive mode.')

    update_params = DataLakeAnalyticsCatalogCredentialUpdateParameters(credential_user_password,
                                                                       new_credential_user_password,
                                                                       uri,
                                                                       credential_user_name)
    client.update_credential(account_name, database_name, credential_name, update_params)
Ejemplo n.º 4
0
def _validate_user_credentials(registry_name, path, resultIndex, username=None, password=None):
    registry, _ = get_registry_by_name(registry_name)
    login_server = registry.login_server #pylint: disable=no-member

    if username:
        if not password:
            try:
                password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')
        return _obtain_data_from_registry(login_server, path, resultIndex, username, password)

    try:
        cred = acr_credential_show(registry_name)
        username = cred.username
        password = cred.password
        return _obtain_data_from_registry(login_server, path, resultIndex, username, password)
    except: #pylint: disable=bare-except
        pass

    try:
        username = prompt('Username: '******'Password: '******'Unable to authenticate using admin login credentials or admin is not enabled. ' +
            'Please specify both username and password in non-interactive mode.')
    return _obtain_data_from_registry(login_server, path, resultIndex, username, password)
Ejemplo n.º 5
0
def _validate_user_credentials(registry_name, path, resultIndex, username=None, password=None):
    registry, _ = get_registry_by_name(registry_name)
    login_server = registry.login_server  # pylint: disable=no-member

    if username:
        if not password:
            try:
                password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')
        return _obtain_data_from_registry(login_server, path, resultIndex, username, password)

    try:
        cred = acr_credential_show(registry_name)
        username = cred.username
        password = cred.passwords[0].value
        return _obtain_data_from_registry(login_server, path, resultIndex, username, password)
    except:  # pylint: disable=bare-except
        pass

    try:
        username = prompt('Username: '******'Password: '******'Unable to authenticate using admin login credentials or admin is not enabled. ' +
            'Please specify both username and password in non-interactive mode.')
    return _obtain_data_from_registry(login_server, path, resultIndex, username, password)
Ejemplo n.º 6
0
def _get_credentials(registry_name,
                     resource_group_name,
                     username,
                     password,
                     only_refresh_token,
                     repository=None,
                     permission='*'):
    """Try to get AAD authorization tokens or admin user credentials.
    :param str registry_name: The name of container registry
    :param str resource_group_name: The name of resource group
    :param str username: The username used to log into the container registry
    :param str password: The password used to log into the container registry
    :param bool only_refresh_token: Whether to ask for only refresh token, or for both refresh and access tokens
    :param str repository: Repository for which the access token is requested
    :param str permission: The requested permission on the repository, '*' or 'pull'
    """
    registry, _ = get_registry_by_name(registry_name, resource_group_name)
    login_server = registry.login_server

    # 1. if username was specified, verify that password was also specified
    if username:
        if not password:
            try:
                password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')

        return login_server, username, password

    # 2. if we don't yet have credentials, attempt to get a refresh token
    if not password and registry.sku.name in MANAGED_REGISTRY_SKU:
        try:
            username = "******" if only_refresh_token else None
            password = _get_aad_token(login_server, only_refresh_token, repository, permission)
            return login_server, username, password
        except CLIError as e:
            logger.warning("Unable to get AAD authorization tokens with message: %s", str(e))

    # 3. if we still don't have credentials, attempt to get the admin credentials (if enabled)
    if not password:
        try:
            cred = acr_credential_show(registry_name)
            username = cred.username
            password = cred.passwords[0].value
            return login_server, username, password
        except CLIError as e:
            logger.warning("Unable to get admin user credentials with message: %s", str(e))

    # 4. if we still don't have credentials, prompt the user
    if not password:
        try:
            username = prompt('Username: '******'Password: '******'Unable to authenticate using AAD or admin login credentials. ' +
                'Please specify both username and password in non-interactive mode.')
Ejemplo n.º 7
0
def _validate_user_credentials(registry_name,
                               resource_group_name,
                               path,
                               username=None,
                               password=None,
                               repository=None,
                               result_index=None,
                               request_method=None):
    registry, _ = get_registry_by_name(registry_name, resource_group_name)
    sku_tier = registry.sku.tier
    login_server = registry.login_server

    # 1. if username was specified, verify that password was also specified
    if username:
        if not password:
            try:
                password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')
        return request_method(login_server, path, username, password, result_index)

    if sku_tier == SkuTier.managed.value:
        # 2. if we don't yet have credentials, attempt to get an access token
        try:
            managed_registry_validation(registry_name, resource_group_name)
            access_token = get_login_access_token(login_server, repository)
            return request_method(login_server, path, None, access_token, result_index)
        except NotFound as e:
            raise CLIError(str(e))
        except Unauthorized as e:
            logger.warning("Unable to authenticate using AAD tokens: %s", str(e))
        except Exception as e:  # pylint: disable=broad-except
            logger.warning("AAD authentication failed with message: %s", str(e))

    # 3. if we still don't have credentials, attempt to get the admin credentials (if enabled)
    try:
        cred = acr_credential_show(registry_name)
        username = cred.username
        password = cred.passwords[0].value
        return request_method(login_server, path, username, password, result_index)
    except NotFound as e:
        raise CLIError(str(e))
    except Unauthorized as e:
        logger.warning("Unable to authenticate using admin login credentials: %s", str(e))
    except Exception as e:  # pylint: disable=broad-except
        logger.warning("Admin user authentication failed with message: %s", str(e))

    # 4. if we still don't have credentials, prompt the user
    try:
        username = prompt('Username: '******'Password: '******'Unable to authenticate using AAD tokens or admin login credentials. ' +
            'Please specify both username and password in non-interactive mode.')
    return request_method(login_server, path, username, password, result_index)
def acr_login(registry_name, resource_group_name=None, username=None, password=None):
    """Login to a container registry through Docker.
    :param str registry_name: The name of container registry
    :param str resource_group_name: The name of resource group
    :param str username: The username used to log into the container registry
    :param str password: The password used to log into the container registry
    """
    try:
        call(["docker", "ps"], stdout=PIPE, stderr=PIPE)
    except:
        raise CLIError("Please verify whether docker is installed and running properly")

    registry, _ = get_registry_by_name(registry_name, resource_group_name)
    sku_tier = registry.sku.tier
    login_server = registry.login_server

    # 1. if username was specified, verify that password was also specified
    if username and not password:
        try:
            password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')

    if sku_tier == SkuTier.managed.value:
        # 2. if we don't yet have credentials, attempt to get a refresh token
        if not password:
            try:
                username = "******"
                password = get_login_refresh_token(login_server)
            except Exception as e:  # pylint: disable=broad-except
                logger.warning("AAD authentication failed with message: %s", str(e))

    # 3. if we still don't have credentials, attempt to get the admin credentials (if enabled)
    if not password:
        try:
            cred = acr_credential_show(registry_name)
            username = cred.username
            password = cred.passwords[0].value
        except Exception as e:  # pylint: disable=broad-except
            logger.warning("Admin user authentication failed with message: %s", str(e))

    # 4. if we still don't have credentials, prompt the user
    if not password:
        try:
            username = prompt('Username: '******'Password: '******'Unable to authenticate using AAD or admin login credentials. ' +
                'Please specify both username and password in non-interactive mode.')

    call(["docker", "login",
          "--username", username,
          "--password", password,
          login_server])
Ejemplo n.º 9
0
def login(username=None, password=None, service_principal=None, tenant=None,
          allow_no_subscriptions=False, msi=False, msi_port=DefaultStr(50342)):
    """Log in to access Azure subscriptions"""
    import os
    import re
    from adal.adal_error import AdalError
    import requests

    # quick argument usage check
    if (any([username, password, service_principal, tenant, allow_no_subscriptions]) and
            any([msi, not getattr(msi_port, 'is_default', None)])):
        raise CLIError("usage error: '--msi/--msi-port' are not applicable with other arguments")

    interactive = False

    profile = Profile()

    if _in_cloud_console():
        console_tokens = os.environ.get('AZURE_CONSOLE_TOKENS', None)
        if console_tokens:
            return profile.find_subscriptions_in_cloud_console(re.split(';|,', console_tokens))
        else:
            raise CLIError(_CLOUD_CONSOLE_ERR_TEMPLATE.format('login'))

    if msi:
        return profile.find_subscriptions_in_vm_with_msi(msi_port)

    if username:
        if not password:
            try:
                password = prompt_pass('Password: '******'Please specify both username and password in non-interactive mode.')
    else:
        interactive = True

    try:
        subscriptions = profile.find_subscriptions_on_login(
            interactive,
            username,
            password,
            service_principal,
            tenant,
            allow_no_subscriptions=allow_no_subscriptions)
    except AdalError as err:
        # try polish unfriendly server errors
        if username:
            msg = str(err)
            suggestion = "For cross-check, try 'az login' to authenticate through browser."
            if ('ID3242:' in msg) or ('Server returned an unknown AccountType' in msg):
                raise CLIError("The user name might be invalid. " + suggestion)
            if 'Server returned error in RSTR - ErrorCode' in msg:
                raise CLIError("Logging in through command line is not supported. " + suggestion)
        raise CLIError(err)
    except requests.exceptions.ConnectionError as err:
        raise CLIError('Please ensure you have network connection. Error detail: ' + str(err))
    all_subscriptions = list(subscriptions)
    for sub in all_subscriptions:
        sub['cloudName'] = sub.pop('environmentName', None)
    return all_subscriptions
Ejemplo n.º 10
0
def validate_authentication_type(namespace, formula=None):
    if formula and formula.formula_content:
        if formula.formula_content.is_authentication_with_ssh_key is True:
            namespace.authentication_type = 'ssh'
            namespace.ssh_key = formula.formula_content.ssh_key
        elif formula.formula_content.is_authentication_with_ssh_key is False:
            namespace.admin_username = formula.formula_content.user_name
            namespace.admin_password = formula.formula_content.password
            namespace.authentication_type = 'password'

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        if namespace.ssh_key or namespace.generate_ssh_keys:
            raise ValueError(
                "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD")

        if not namespace.admin_password:
            # prompt for admin password if not supplied
            from azure.cli.core.prompting import prompt_pass, NoTTYException
            try:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify both username and password in non-interactive mode.')

    elif namespace.authentication_type == 'ssh':
        if namespace.os_type != 'Linux':
            raise CLIError("incorrect authentication-type '{}' for os type '{}'".format(
                namespace.authentication_type, namespace.os_type))
        if namespace.admin_password:
            raise ValueError('Admin password cannot be used with SSH authentication type')

        validate_ssh_key(namespace)
    else:
        raise CLIError("incorrect value for authentication-type: {}".format(namespace.authentication_type))
Ejemplo n.º 11
0
def _prompt_for_parameters(missing_parameters):
    result = {}
    for param_name in missing_parameters:
        prompt_str = 'Please provide a value for \'{}\' (? for help): '.format(param_name)
        param = missing_parameters[param_name]
        param_type = param.get('type', 'string')
        description = 'Missing description'
        metadata = param.get('metadata', None)
        if metadata is not None:
            description = metadata.get('description', description)
        allowed_values = param.get('allowedValues', None)

        while True:
            if allowed_values is not None:
                ix = prompt_choice_list(prompt_str, allowed_values, help_string=description)
                result[param_name] = allowed_values[ix]
                break
            elif param_type == 'securestring':
                value = prompt_pass(prompt_str, help_string=description)
            elif param_type == 'int':
                int_value = prompt_int(prompt_str, help_string=description)
                result[param_name] = int_value
                break
            elif param_type == 'bool':
                value = prompt_t_f(prompt_str, help_string=description)
                result[param_name] = value
                break
            else:
                value = prompt(prompt_str, help_string=description)
            if len(value) > 0:
                break
    return {}
Ejemplo n.º 12
0
def login(username=None, password=None, service_principal=None, tenant=None,
          allow_no_subscriptions=False, msi=False, msi_port=DefaultStr(50342)):
    """Log in to access Azure subscriptions"""
    import os
    import re
    from adal.adal_error import AdalError
    import requests

    # quick argument usage check
    if (any([username, password, service_principal, tenant, allow_no_subscriptions]) and
            any([msi, not getattr(msi_port, 'is_default', None)])):
        raise CLIError("usage error: '--msi/--msi-port' are not applicable with other arguments")

    interactive = False

    profile = Profile()

    if in_cloud_console():
        console_tokens = os.environ.get('AZURE_CONSOLE_TOKENS', None)
        if console_tokens:
            return profile.find_subscriptions_in_cloud_console(re.split(';|,', console_tokens))
        logger.warning(_CLOUD_CONSOLE_WARNING_TEMPLATE, 'login')
        return

    if msi:
        return profile.find_subscriptions_in_vm_with_msi(msi_port)

    if username:
        if not password:
            try:
                password = prompt_pass('Password: '******'Please specify both username and password in non-interactive mode.')
    else:
        interactive = True

    try:
        subscriptions = profile.find_subscriptions_on_login(
            interactive,
            username,
            password,
            service_principal,
            tenant,
            allow_no_subscriptions=allow_no_subscriptions)
    except AdalError as err:
        # try polish unfriendly server errors
        if username:
            msg = str(err)
            suggestion = "For cross-check, try 'az login' to authenticate through browser."
            if ('ID3242:' in msg) or ('Server returned an unknown AccountType' in msg):
                raise CLIError("The user name might be invalid. " + suggestion)
            if 'Server returned error in RSTR - ErrorCode' in msg:
                raise CLIError("Logging in through command line is not supported. " + suggestion)
        raise CLIError(err)
    except requests.exceptions.ConnectionError as err:
        raise CLIError('Please ensure you have network connection. Error detail: ' + str(err))
    all_subscriptions = list(subscriptions)
    for sub in all_subscriptions:
        sub['cloudName'] = sub.pop('environmentName', None)
    return all_subscriptions
Ejemplo n.º 13
0
def _prompt_for_parameters(missing_parameters):
    result = {}
    for param_name in missing_parameters:
        prompt_str = 'Please provide a value for \'{}\' (? for help): '.format(param_name)
        param = missing_parameters[param_name]
        param_type = param.get('type', 'string')
        description = 'Missing description'
        metadata = param.get('metadata', None)
        if metadata is not None:
            description = metadata.get('description', description)
        allowed_values = param.get('allowedValues', None)

        while True:
            if allowed_values is not None:
                ix = prompt_choice_list(prompt_str, allowed_values, help_string=description)
                result[param_name] = allowed_values[ix]
                break
            elif param_type == 'securestring':
                value = prompt_pass(prompt_str, help_string=description)
                result[param_name] = value
            elif param_type == 'int':
                int_value = prompt_int(prompt_str, help_string=description)
                result[param_name] = int_value
                break
            elif param_type == 'bool':
                value = prompt_t_f(prompt_str, help_string=description)
                result[param_name] = value
                break
            else:
                value = prompt(prompt_str, help_string=description)
                result[param_name] = value
            if value:
                break
    return result
Ejemplo n.º 14
0
def _validate_vm_create_auth(namespace):
    if namespace.storage_profile == StorageProfile.ManagedSpecializedOSDisk:
        return

    if len(namespace.admin_username) < 6 or namespace.admin_username.lower(
    ) == 'root':
        # prompt for admin username if inadequate
        from azure.cli.core.prompting import prompt, NoTTYException
        try:
            logger.warning(
                "Cannot use admin username: %s. Admin username should be at "
                "least 6 characters and cannot be 'root'",
                namespace.admin_username)
            namespace.admin_username = prompt('Admin Username: '******'Please specify a valid admin username in non-interactive mode.'
            )

    if not namespace.os_type:
        raise CLIError(
            "Unable to resolve OS type. Specify '--os-type' argument.")

    if not namespace.authentication_type:
        # apply default auth type (password for Windows, ssh for Linux) by examining the OS type
        namespace.authentication_type = 'password' if namespace.os_type == 'windows' else 'ssh'

    if namespace.os_type == 'windows' and namespace.authentication_type == 'ssh':
        raise CLIError('SSH not supported for Windows VMs.')

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        if namespace.ssh_key_value or namespace.ssh_dest_key_path:
            raise ValueError(
                "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD")

        if not namespace.admin_password:
            # prompt for admin password if not supplied
            from azure.cli.core.prompting import prompt_pass, NoTTYException
            try:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify both username and password in non-interactive mode.'
                )

    elif namespace.authentication_type == 'ssh':

        if namespace.admin_password:
            raise ValueError(
                'Admin password cannot be used with SSH authentication type')

        validate_ssh_key(namespace)

        if not namespace.ssh_dest_key_path:
            namespace.ssh_dest_key_path = \
                '/home/{}/.ssh/authorized_keys'.format(namespace.admin_username)
Ejemplo n.º 15
0
def validate_authentication_type(namespace, formula=None):
    if formula and formula.formula_content:
        if formula.formula_content.is_authentication_with_ssh_key is True:
            namespace.authentication_type = 'ssh'
            namespace.ssh_key = formula.formula_content.ssh_key
        elif formula.formula_content.is_authentication_with_ssh_key is False:
            namespace.admin_username = formula.formula_content.user_name
            namespace.admin_password = formula.formula_content.password
            namespace.authentication_type = 'password'

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        password_usage_error = "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD | " \
                               "[--admin-username USERNAME] --saved-secret SECRETNAME"
        if namespace.ssh_key or namespace.generate_ssh_keys or (
                namespace.saved_secret and namespace.admin_password):
            raise ValueError(password_usage_error)

        # Respect user's provided saved secret name for password authentication
        if namespace.saved_secret:
            namespace.admin_password = "******".format(namespace.saved_secret)

        if not namespace.admin_password:
            # prompt for admin password if not supplied
            from azure.cli.core.prompting import prompt_pass, NoTTYException
            try:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify both username and password in non-interactive mode.'
                )

    elif namespace.authentication_type == 'ssh':
        if namespace.os_type != 'Linux':
            raise CLIError(
                "incorrect authentication-type '{}' for os type '{}'".format(
                    namespace.authentication_type, namespace.os_type))

        ssh_usage_error = "incorrect usage for authentication-type 'ssh': " \
                          "[--admin-username USERNAME] | " \
                          "[--admin-username USERNAME] --ssh-key KEY | " \
                          "[--admin-username USERNAME] --generate-ssh-keys | " \
                          "[--admin-username USERNAME] --saved-secret SECRETNAME"
        if namespace.admin_password or (namespace.saved_secret and
                                        (namespace.ssh_key
                                         or namespace.generate_ssh_keys)):
            raise ValueError(ssh_usage_error)

        # Respect user's provided saved secret name for ssh authentication
        if namespace.saved_secret:
            namespace.ssh_key = "[[{}]]".format(namespace.saved_secret)
        else:
            validate_ssh_key(namespace)
    else:
        raise CLIError("incorrect value for authentication-type: {}".format(
            namespace.authentication_type))
Ejemplo n.º 16
0
def _config_env_public_azure(_):
    from adal.adal_error import AdalError
    from azure.cli.core.commands.client_factory import get_mgmt_service_client
    from azure.mgmt.resource import ResourceManagementClient
    from azure.cli.core._profile import Profile
    # Determine if user logged in
    try:
        list(get_mgmt_service_client(ResourceManagementClient).resources.list())
    except CLIError:
        # Not logged in
        login_successful = False
        while not login_successful:
            method_index = prompt_choice_list(MSG_PROMPT_LOGIN, LOGIN_METHOD_LIST)
            answers['login_index'] = method_index
            answers['login_options'] = str(LOGIN_METHOD_LIST)
            profile = Profile()
            interactive = False
            username = None
            password = None
            service_principal = None
            tenant = None
            if method_index == 0:  # device auth
                interactive = True
            elif method_index == 1:  # username and password
                username = prompt('Username: '******'Password: '******'Service principal: ')
                tenant = prompt('Tenant: ')
                password = prompt_pass(msg='Client secret: ')
            elif method_index == 3:  # skip
                return
            try:
                profile.find_subscriptions_on_login(
                    interactive,
                    username,
                    password,
                    service_principal,
                    tenant)
                login_successful = True
                logger.warning('Login successful!')
            except AdalError as err:
                logger.error('Login error!')
                logger.error(err)
Ejemplo n.º 17
0
def _config_env_public_azure(_):
    from adal.adal_error import AdalError
    from azure.cli.core.commands.client_factory import get_mgmt_service_client
    from azure.mgmt.resource import ResourceManagementClient
    from azure.cli.core._profile import Profile
    # Determine if user logged in
    try:
        list(
            get_mgmt_service_client(ResourceManagementClient).resources.list())
    except CLIError:
        # Not logged in
        login_successful = False
        while not login_successful:
            method_index = prompt_choice_list(MSG_PROMPT_LOGIN,
                                              LOGIN_METHOD_LIST)
            answers['login_index'] = method_index
            answers['login_options'] = str(LOGIN_METHOD_LIST)
            profile = Profile()
            interactive = False
            username = None
            password = None
            service_principal = None
            tenant = None
            if method_index == 0:  # device auth
                interactive = True
            elif method_index == 1:  # username and password
                username = prompt('Username: '******'Password: '******'Service principal: ')
                tenant = prompt('Tenant: ')
                password = prompt_pass(msg='Client secret: ')
            elif method_index == 3:  # skip
                return
            try:
                profile.find_subscriptions_on_login(interactive, username,
                                                    password,
                                                    service_principal, tenant)
                login_successful = True
                logger.warning('Login successful!')
            except AdalError as err:
                logger.error('Login error!')
                logger.error(err)
Ejemplo n.º 18
0
def _load_key(key_filename):
    pkey = None
    try:
        pkey = paramiko.RSAKey.from_private_key_file(key_filename, None)
    except paramiko.PasswordRequiredException:
        key_pass = prompt_pass('Password for private key:')
        pkey = paramiko.RSAKey.from_private_key_file(key_filename, key_pass)
    if pkey is None:
        raise CLIError('failed to load key: {}'.format(key_filename))
    return pkey
Ejemplo n.º 19
0
def _load_key(key_filename):
    pkey = None
    try:
        pkey = paramiko.RSAKey.from_private_key_file(key_filename, None)
    except paramiko.PasswordRequiredException:
        key_pass = prompt_pass('Password:'******'failed to load key: {}'.format(key_filename))
    return pkey
Ejemplo n.º 20
0
def login(username=None, password=None, service_principal=None, tenant=None,
          allow_no_subscriptions=False):
    """Log in to access Azure subscriptions"""
    import os
    import re
    from adal.adal_error import AdalError
    import requests
    interactive = False

    profile = Profile()

    if username:
        if not password:
            # in a VM with managed service identity?
            result = profile.init_if_in_msi_env(username)
            if result:
                return result
            try:
                password = prompt_pass('Password: '******'Please specify both username and password in non-interactive mode.')
    else:
        # in a cloud console?
        console_tokens = os.environ.get('AZURE_CONSOLE_TOKENS', None)
        if console_tokens:
            return profile.find_subscriptions_in_cloud_console(re.split(';|,', console_tokens))

        interactive = True

    try:
        subscriptions = profile.find_subscriptions_on_login(
            interactive,
            username,
            password,
            service_principal,
            tenant,
            allow_no_subscriptions=allow_no_subscriptions)
    except AdalError as err:
        # try polish unfriendly server errors
        if username:
            msg = str(err)
            suggestion = "For cross-check, try 'az login' to authenticate through browser."
            if ('ID3242:' in msg) or ('Server returned an unknown AccountType' in msg):
                raise CLIError("The user name might be invalid. " + suggestion)
            if 'Server returned error in RSTR - ErrorCode' in msg:
                raise CLIError("Logging in through command line is not supported. " + suggestion)
        raise CLIError(err)
    except requests.exceptions.ConnectionError as err:
        raise CLIError('Please ensure you have network connection. Error detail: ' + str(err))
    all_subscriptions = list(subscriptions)
    for sub in all_subscriptions:
        sub['cloudName'] = sub.pop('environmentName', None)
    return all_subscriptions
Ejemplo n.º 21
0
def add_reference(service_name, target_group, target_name, reference_name,
                  env_variables, namespace_name, reference_type):
    """
    Adds a references to an Azure resource
    """
    instance_type = None
    created_variables = []

    # If target_group and target_name are not set
    # it means we are dealing with a generic reference
    if reference_type == 'custom' and not target_group and not target_name:
        instance_type = 'Generic'
        if not env_variables:
            raise CLIError('Environment variables were not provided')
        dict_vars = _get_dictionary(env_variables)
        created_variables = _create_custom_reference(service_name,
                                                     reference_name, dict_vars,
                                                     namespace_name)
    else:
        instance, client = get_reference_type(target_group, target_name,
                                              reference_type)
        instance_type = instance.type
        if instance_type == 'Microsoft.DocumentDB/databaseAccounts':
            results = client.list_connection_strings(target_group, target_name)
            if len(results.connection_strings) <= 0:
                raise CLIError('No connection strings found')
            connection_string = results.connection_strings[0].connection_string
            created_variables = create_connection_string_reference(
                service_name, reference_name, connection_string,
                namespace_name)
        elif instance_type == 'Microsoft.Sql/servers':
            sql_admin_login = instance.administrator_login
            if not sql_admin_login:
                sql_admin_login = prompt('Administrator login:'******'Password:'******'Microsoft.ServiceBus':
            connection_string = instance.list_keys(
                target_group, target_name,
                'RootManageSharedAccessKey').primary_connection_string
            created_variables = create_connection_string_reference(
                service_name, reference_name, connection_string)
        else:
            raise CLIError('Could not determine the reference type')

    project_settings = settings.Project()
    project_settings.add_reference(service_name, reference_name, instance_type)
    return created_variables, instance_type
Ejemplo n.º 22
0
def _validate_vm_vmss_create_auth(namespace):
    if namespace.storage_profile in [
            StorageProfile.ManagedSpecializedOSDisk,
            StorageProfile.SASpecializedOSDisk
    ]:
        return

    namespace.admin_username = _validate_admin_username(
        namespace.admin_username, namespace.os_type)

    if not namespace.os_type:
        raise CLIError(
            "Unable to resolve OS type. Specify '--os-type' argument.")

    if not namespace.authentication_type:
        # apply default auth type (password for Windows, ssh for Linux) by examining the OS type
        namespace.authentication_type = 'password' \
            if (namespace.os_type.lower() == 'windows' or namespace.admin_password) else 'ssh'

    if namespace.os_type.lower(
    ) == 'windows' and namespace.authentication_type == 'ssh':
        raise CLIError('SSH not supported for Windows VMs.')

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        if namespace.ssh_key_value or namespace.ssh_dest_key_path:
            raise ValueError(
                "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD")

        from azure.cli.core.prompting import prompt_pass, NoTTYException
        try:
            if not namespace.admin_password:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify password in non-interactive mode.')

        # validate password
        _validate_admin_password(namespace.admin_password, namespace.os_type)

    elif namespace.authentication_type == 'ssh':

        if namespace.admin_password:
            raise ValueError(
                'Admin password cannot be used with SSH authentication type')

        validate_ssh_key(namespace)

        if not namespace.ssh_dest_key_path:
            namespace.ssh_dest_key_path = \
                '/home/{}/.ssh/authorized_keys'.format(namespace.admin_username)
Ejemplo n.º 23
0
def validate_authentication_type(namespace, formula=None):
    if formula and formula.formula_content:
        if formula.formula_content.is_authentication_with_ssh_key is True:
            namespace.authentication_type = 'ssh'
            namespace.ssh_key = formula.formula_content.ssh_key
        elif formula.formula_content.is_authentication_with_ssh_key is False:
            namespace.admin_username = formula.formula_content.user_name
            namespace.admin_password = formula.formula_content.password
            namespace.authentication_type = 'password'

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        password_usage_error = "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD | " \
                               "[--admin-username USERNAME] --saved-secret SECRETNAME"
        if namespace.ssh_key or namespace.generate_ssh_keys or (namespace.saved_secret and namespace.admin_password):
            raise ValueError(password_usage_error)

        # Respect user's provided saved secret name for password authentication
        if namespace.saved_secret:
            namespace.admin_password = "******".format(namespace.saved_secret)

        if not namespace.admin_password:
            # prompt for admin password if not supplied
            from azure.cli.core.prompting import prompt_pass, NoTTYException
            try:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify both username and password in non-interactive mode.')

    elif namespace.authentication_type == 'ssh':
        if namespace.os_type != 'Linux':
            raise CLIError("incorrect authentication-type '{}' for os type '{}'".format(
                namespace.authentication_type, namespace.os_type))

        ssh_usage_error = "incorrect usage for authentication-type 'ssh': " \
                          "[--admin-username USERNAME] | " \
                          "[--admin-username USERNAME] --ssh-key KEY | " \
                          "[--admin-username USERNAME] --generate-ssh-keys | " \
                          "[--admin-username USERNAME] --saved-secret SECRETNAME"
        if namespace.admin_password or (namespace.saved_secret and (namespace.ssh_key or namespace.generate_ssh_keys)):
            raise ValueError(ssh_usage_error)

        # Respect user's provided saved secret name for ssh authentication
        if namespace.saved_secret:
            namespace.ssh_key = "[[{}]]".format(namespace.saved_secret)
        else:
            validate_ssh_key(namespace)
    else:
        raise CLIError("incorrect value for authentication-type: {}".format(namespace.authentication_type))
Ejemplo n.º 24
0
def _validate_vm_create_auth(namespace):
    if namespace.storage_profile == StorageProfile.ManagedSpecializedOSDisk:
        return

    if len(namespace.admin_username) < 6 or namespace.admin_username.lower() == 'root':
        # prompt for admin username if inadequate
        from azure.cli.core.prompting import prompt, NoTTYException
        try:
            logger.warning("Cannot use admin username: %s. Admin username should be at "
                           "least 6 characters and cannot be 'root'", namespace.admin_username)
            namespace.admin_username = prompt('Admin Username: '******'Please specify a valid admin username in non-interactive mode.')

    if not namespace.os_type:
        raise CLIError("Unable to resolve OS type. Specify '--os-type' argument.")

    if not namespace.authentication_type:
        # apply default auth type (password for Windows, ssh for Linux) by examining the OS type
        namespace.authentication_type = 'password' if namespace.os_type == 'windows' else 'ssh'

    if namespace.os_type == 'windows' and namespace.authentication_type == 'ssh':
        raise CLIError('SSH not supported for Windows VMs.')

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        if namespace.ssh_key_value or namespace.ssh_dest_key_path:
            raise ValueError(
                "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD")

        if not namespace.admin_password:
            # prompt for admin password if not supplied
            from azure.cli.core.prompting import prompt_pass, NoTTYException
            try:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify both username and password in non-interactive mode.')

    elif namespace.authentication_type == 'ssh':

        if namespace.admin_password:
            raise ValueError('Admin password cannot be used with SSH authentication type')

        validate_ssh_key(namespace)

        if not namespace.ssh_dest_key_path:
            namespace.ssh_dest_key_path = \
                '/home/{}/.ssh/authorized_keys'.format(namespace.admin_username)
Ejemplo n.º 25
0
def set_deployment_user(user_name, password=None):
    '''
    Update deployment credentials.(Note, all webapps in your subscription will be impacted)
    '''
    client = web_client_factory()
    user = User(location='not-really-needed') #TODO: open bug for this one is not needed
    user.publishing_user_name = user_name
    if password is None:
        try:
            password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')

    user.publishing_password = password
    result = client.update_publishing_user(user)
    return result
Ejemplo n.º 26
0
def set_deployment_user(user_name, password=None):
    '''
    Update deployment credentials.(Note, all webapps in your subscription will be impacted)
    '''
    client = web_client_factory()
    user = User(location='not-really-needed')
    user.publishing_user_name = user_name
    if password is None:
        try:
            password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.')

    user.publishing_password = password
    result = client.update_publishing_user(user)
    return result
Ejemplo n.º 27
0
def _validate_vm_vmss_create_auth(namespace):
    if namespace.storage_profile in [StorageProfile.ManagedSpecializedOSDisk,
                                     StorageProfile.SASpecializedOSDisk]:
        return

    namespace.admin_username = _validate_admin_username(namespace.admin_username, namespace.os_type)

    if not namespace.os_type:
        raise CLIError("Unable to resolve OS type. Specify '--os-type' argument.")

    if not namespace.authentication_type:
        # apply default auth type (password for Windows, ssh for Linux) by examining the OS type
        namespace.authentication_type = 'password' \
            if (namespace.os_type.lower() == 'windows' or namespace.admin_password) else 'ssh'

    if namespace.os_type.lower() == 'windows' and namespace.authentication_type == 'ssh':
        raise CLIError('SSH not supported for Windows VMs.')

    # validate proper arguments supplied based on the authentication type
    if namespace.authentication_type == 'password':
        if namespace.ssh_key_value or namespace.ssh_dest_key_path:
            raise ValueError(
                "incorrect usage for authentication-type 'password': "******"[--admin-username USERNAME] --admin-password PASSWORD")

        from azure.cli.core.prompting import prompt_pass, NoTTYException
        try:
            if not namespace.admin_password:
                namespace.admin_password = prompt_pass('Admin Password: '******'Please specify password in non-interactive mode.')

        # validate password
        _validate_admin_password(namespace.admin_password,
                                 namespace.os_type)

    elif namespace.authentication_type == 'ssh':

        if namespace.admin_password:
            raise ValueError('Admin password cannot be used with SSH authentication type')

        validate_ssh_key(namespace)

        if not namespace.ssh_dest_key_path:
            namespace.ssh_dest_key_path = \
                '/home/{}/.ssh/authorized_keys'.format(namespace.admin_username)
Ejemplo n.º 28
0
def create_azure_file_volume(azure_file_volume_share_name, azure_file_volume_account_name, azure_file_volume_account_key):
    """Create Azure File volume. """
    azure_file_volume = None
    if azure_file_volume_share_name:
        if not azure_file_volume_account_name:
            raise CLIError('Please specify --azure-file-volume-account-name in order to use Azure File volume.')
        if not azure_file_volume_account_key:
            try:
                azure_file_volume_account_key = prompt_pass(msg='Azure File storage account key: ')
            except NoTTYException:
                raise CLIError('Please specify --azure-file-volume-account-key in order to use Azure File volume.')

        azure_file_volume = AzureFileVolume(share_name=azure_file_volume_share_name,
                                            storage_account_name=azure_file_volume_account_name,
                                            storage_account_key=azure_file_volume_account_key)

    return [Volume(name=AZURE_FILE_VOLUME_NAME, azure_file=azure_file_volume)] if azure_file_volume else None
Ejemplo n.º 29
0
def create_adla_catalog_credential(client,
                                   account_name,
                                   database_name,
                                   credential_name,
                                   credential_user_name,
                                   uri,
                                   credential_user_password=None):

    if not credential_user_password:
        try:
            credential_user_password = prompt_pass('Password:'******'Please specify both --user-name and --password in non-interactive mode.')

    create_params = DataLakeAnalyticsCatalogCredentialCreateParameters(credential_user_password,
                                                                       uri,
                                                                       credential_user_name)
    client.create_credential(account_name, database_name, credential_name, create_params)
Ejemplo n.º 30
0
def create_adla_catalog_credential(client,
                                   account_name,
                                   database_name,
                                   credential_name,
                                   credential_user_name,
                                   uri,
                                   credential_user_password=None):

    if not credential_user_password:
        try:
            credential_user_password = prompt_pass('Password:'******'Please specify both --user-name and --password in non-interactive mode.')

    create_params = DataLakeAnalyticsCatalogCredentialCreateParameters(credential_user_password,
                                                                       uri,
                                                                       credential_user_name)
    client.create_credential(account_name, database_name, credential_name, create_params)
Ejemplo n.º 31
0
def login(username=None, password=None, service_principal=None, tenant=None):
    """Log in to access Azure subscriptions"""
    from adal.adal_error import AdalError
    import requests
    interactive = False

    if username:
        if not password:
            try:
                password = prompt_pass('Password: '******'Please specify both username and password in non-interactive mode.'
                )
    else:
        interactive = True

    profile = Profile()
    try:
        subscriptions = profile.find_subscriptions_on_login(
            interactive, username, password, service_principal, tenant)
    except AdalError as err:
        # try polish unfriendly server errors
        if username:
            msg = str(err)
            suggestion = "For cross-check, try 'az login' to authenticate through browser."
            if ('ID3242:' in msg) or ('Server returned an unknown AccountType'
                                      in msg):
                raise CLIError("The user name might be invalid. " + suggestion)
            if 'Server returned error in RSTR - ErrorCode' in msg:
                raise CLIError(
                    "Logging in through command line is not supported. " +
                    suggestion)
        raise CLIError(err)
    except requests.exceptions.ConnectionError as err:
        raise CLIError(
            'Please ensure you have network connection. Error detail: ' +
            str(err))
    all_subscriptions = list(subscriptions)
    for sub in all_subscriptions:
        sub['cloudName'] = sub.pop('environmentName', None)
    return all_subscriptions
Ejemplo n.º 32
0
def login(username=None, password=None, service_principal=None, tenant=None,
          allow_no_subscriptions=False):
    """Log in to access Azure subscriptions"""
    from adal.adal_error import AdalError
    import requests
    interactive = False

    if username:
        if not password:
            try:
                password = prompt_pass('Password: '******'Please specify both username and password in non-interactive mode.')
    else:
        interactive = True

    profile = Profile()
    try:
        subscriptions = profile.find_subscriptions_on_login(
            interactive,
            username,
            password,
            service_principal,
            tenant,
            allow_no_subscriptions=allow_no_subscriptions)
    except AdalError as err:
        # try polish unfriendly server errors
        if username:
            msg = str(err)
            suggestion = "For cross-check, try 'az login' to authenticate through browser."
            if ('ID3242:' in msg) or ('Server returned an unknown AccountType' in msg):
                raise CLIError("The user name might be invalid. " + suggestion)
            if 'Server returned error in RSTR - ErrorCode' in msg:
                raise CLIError("Logging in through command line is not supported. " + suggestion)
        raise CLIError(err)
    except requests.exceptions.ConnectionError as err:
        raise CLIError('Please ensure you have network connection. Error detail: ' + str(err))
    all_subscriptions = list(subscriptions)
    for sub in all_subscriptions:
        sub['cloudName'] = sub.pop('environmentName', None)
    return all_subscriptions
Ejemplo n.º 33
0
def create_container(client,
                     resource_group_name,
                     name,
                     image,
                     location=None,
                     cpu=1,
                     memory=1.5,
                     port=80,
                     os_type='Linux',
                     ip_address=None,
                     command_line=None,
                     environment_variables=None,
                     registry_login_server=None,
                     registry_username=None,
                     registry_password=None):
    """"Create a container group. """

    container_resource_requirements = None
    if cpu is not None or memory is not None:
        container_resource_requests = ResourceRequests(memory_in_gb=memory, cpu=cpu)
        container_resource_requirements = ResourceRequirements(requests=container_resource_requests)

    image_registry_credentials = None
    if registry_login_server is not None:
        if registry_username is None:
            try:
                registry_username = prompt_pass(msg='Image registry username: '******'Please specify --username in non-interactive mode.')
        if registry_password is None:
            try:
                registry_password = prompt_pass(msg='Image registry password: '******'Please specify --registry-password in non-interactive mode.')
        image_registry_credentials = [ImageRegistryCredential(server=registry_login_server,
                                                              username=registry_username,
                                                              password=registry_password)]
    elif ACR_SERVER_SUFFIX in image:
        if registry_password is None:
            try:
                registry_password = prompt_pass(msg='Image registry password: '******'Please specify --registry-password in non-interactive mode.')

        acr_server = image.split("/")[0] if image.split("/") else None
        acr_username = image.split(ACR_SERVER_SUFFIX)[0] if image.split(ACR_SERVER_SUFFIX) else None
        if acr_server is not None and acr_username is not None:
            image_registry_credentials = [ImageRegistryCredential(server=acr_server,
                                                                  username=acr_username,
                                                                  password=registry_password)]
        else:
            raise CLIError('Failed to parse ACR server or username from image name; please explicitly specify --registry-server and --registry-username.')

    command = None
    if command_line is not None:
        command = shlex.split(command_line)

    container = Container(name=name,
                          image=image,
                          resources=container_resource_requirements,
                          command=command,
                          ports=[ContainerPort(port=port)],
                          environment_variables=environment_variables)

    cgroup_ip_address = None
    if ip_address is not None and ip_address.lower() == 'public':
        cgroup_ip_address = IpAddress(ports=[Port(protocol=ContainerGroupNetworkProtocol.tcp, port=port)])

    cgroup_os_type = OperatingSystemTypes.linux if os_type.lower() == "linux" else OperatingSystemTypes.windows

    cgroup = ContainerGroup(location=location,
                            containers=[container],
                            os_type=cgroup_os_type,
                            ip_address=cgroup_ip_address,
                            image_registry_credentials=image_registry_credentials)

    return client.container_groups.create_or_update(resource_group_name, name, cgroup)
def password_validator(ns):
    if not ns.administrator_login_password:
        try:
            ns.administrator_login_password = prompt_pass(msg='Admin Password: '******'Please specify password in non-interactive mode.')
Ejemplo n.º 35
0
def _get_credentials(registry_name,
                     resource_group_name,
                     username,
                     password,
                     only_refresh_token,
                     repository=None,
                     permission='*'):
    """Try to get AAD authorization tokens or admin user credentials.
    :param str registry_name: The name of container registry
    :param str resource_group_name: The name of resource group
    :param str username: The username used to log into the container registry
    :param str password: The password used to log into the container registry
    :param bool only_refresh_token: Whether to ask for only refresh token, or for both refresh and access tokens
    :param str repository: Repository for which the access token is requested
    :param str permission: The requested permission on the repository, '*' or 'pull'
    """
    registry, _ = get_registry_by_name(registry_name, resource_group_name)
    login_server = registry.login_server

    # 1. if username was specified, verify that password was also specified
    if username:
        if not password:
            try:
                password = prompt_pass(msg='Password: '******'Please specify both username and password in non-interactive mode.'
                )

        return login_server, username, password

    # 2. if we don't yet have credentials, attempt to get a refresh token
    if not password and registry.sku.name in MANAGED_REGISTRY_SKU:
        try:
            username = "******" if only_refresh_token else None
            password = _get_aad_token(login_server, only_refresh_token,
                                      repository, permission)
            return login_server, username, password
        except CLIError as e:
            logger.warning(
                "Unable to get AAD authorization tokens with message: %s",
                str(e))

    # 3. if we still don't have credentials, attempt to get the admin credentials (if enabled)
    if not password:
        try:
            cred = acr_credential_show(registry_name)
            username = cred.username
            password = cred.passwords[0].value
            return login_server, username, password
        except CLIError as e:
            logger.warning(
                "Unable to get admin user credentials with message: %s",
                str(e))

    # 4. if we still don't have credentials, prompt the user
    if not password:
        try:
            username = prompt('Username: '******'Password: '******'Unable to authenticate using AAD or admin login credentials. '
                +
                'Please specify both username and password in non-interactive mode.'
            )