def test_add_msi(self):
client_guid = "kjhjk"
object_guid = "87687687"
res_guid = "kajsdghdijewhag"
kcsb = [
KustoConnectionStringBuilder.
with_aad_managed_service_identity_authentication("localhost0",
timeout=1),
KustoConnectionStringBuilder.
with_aad_managed_service_identity_authentication(
"localhost1", client_id=client_guid, timeout=2),
KustoConnectionStringBuilder.
with_aad_managed_service_identity_authentication(
"localhost2", object_id=object_guid, timeout=3),
KustoConnectionStringBuilder.
with_aad_managed_service_identity_authentication(
"localhost3", msi_res_id=res_guid),
]
assert kcsb[0].msi_authentication
assert kcsb[0].msi_parameters["resource"] == "localhost0"
assert kcsb[0].msi_parameters["timeout"] == 1
assert "client_id" not in kcsb[0].msi_parameters
assert "object_id" not in kcsb[0].msi_parameters
assert "msi_res_id" not in kcsb[0].msi_parameters
assert kcsb[1].msi_authentication
assert kcsb[1].msi_parameters["resource"] == "localhost1"
assert kcsb[1].msi_parameters["timeout"] == 2
assert kcsb[1].msi_parameters["client_id"] == client_guid
assert "object_id" not in kcsb[1].msi_parameters
assert "msi_res_id" not in kcsb[1].msi_parameters
assert kcsb[2].msi_authentication
assert kcsb[2].msi_parameters["resource"] == "localhost2"
assert kcsb[2].msi_parameters["timeout"] == 3
assert "client_id" not in kcsb[2].msi_parameters
assert kcsb[2].msi_parameters["object_id"] == object_guid
assert "msi_res_id" not in kcsb[2].msi_parameters
assert kcsb[3].msi_authentication
assert kcsb[3].msi_parameters["resource"] == "localhost3"
assert "timeout" not in kcsb[3].msi_parameters
assert "client_id" not in kcsb[3].msi_parameters
assert "object_id" not in kcsb[3].msi_parameters
assert kcsb[3].msi_parameters["msi_res_id"] == res_guid
exception_occurred = False
try:
fault = KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(
"localhost", client_id=client_guid, object_id=object_guid)
except ValueError as e:
exception_occurred = True
finally:
assert exception_occurred
def test_msi_auth():
"""
* * * Note * * *
Each connection test takes about 15-20 seconds which is the time it takes TCP to fail connecting to the nonexistent MSI endpoint
The timeout option does not seem to affect this behavior. Could be it only affects the waiting time fora response in successful connections.
Please be prudent in adding any future tests!
"""
client_guid = "kjhjk"
object_guid = "87687687"
res_guid = "kajsdghdijewhag"
kcsb = [
KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication("localhost", timeout=1),
KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication("localhost", client_id=client_guid, timeout=1),
KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication("localhost", object_id=object_guid, timeout=1),
KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication("localhost", msi_res_id=res_guid, timeout=1),
]
helpers = [_AadHelper(i) for i in kcsb]
try:
helpers[0].acquire_authorization_header()
except KustoAuthenticationError as e:
assert e.authentication_method == AuthenticationMethod.aad_msi.value
assert "client_id" not in e.kwargs
assert "object_id" not in e.kwargs
assert "msi_res_id" not in e.kwargs
try:
helpers[1].acquire_authorization_header()
except KustoAuthenticationError as e:
assert e.authentication_method == AuthenticationMethod.aad_msi.value
assert e.kwargs["client_id"] == client_guid
assert "object_id" not in e.kwargs
assert "msi_res_id" not in e.kwargs
assert str(e.exception).index("client_id") > -1
assert str(e.exception).index(client_guid) > -1
def test_add_msi(self):
client_guid = "kjhjk"
object_guid = "87687687"
res_guid = "kajsdghdijewhag"
"""
Use of object_id and msi_res_id is disabled pending support of azure-identity
When version 1.4.1 is released and these parameters are supported enable the functionality and tests back
"""
exception_occurred = False
try:
KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(
"localhost2", object_id=object_guid, timeout=3)
except ValueError:
exception_occurred = True
assert exception_occurred is True
exception_occurred = False
try:
KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(
"localhost3", msi_res_id=res_guid)
except ValueError:
exception_occurred = True
assert exception_occurred is True
kcsb = [
KustoConnectionStringBuilder.
with_aad_managed_service_identity_authentication("localhost0",
timeout=1),
KustoConnectionStringBuilder.
with_aad_managed_service_identity_authentication(
"localhost1", client_id=client_guid, timeout=2),
# KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication("localhost2", object_id=object_guid, timeout=3),
# KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication("localhost3", msi_res_id=res_guid),
]
assert kcsb[0].msi_authentication
assert kcsb[0].msi_parameters["connection_timeout"] == 1
assert "client_id" not in kcsb[0].msi_parameters
assert "object_id" not in kcsb[0].msi_parameters
assert "msi_res_id" not in kcsb[0].msi_parameters
assert kcsb[1].msi_authentication
assert kcsb[1].msi_parameters["connection_timeout"] == 2
assert kcsb[1].msi_parameters["client_id"] == client_guid
assert "object_id" not in kcsb[1].msi_parameters
assert "msi_res_id" not in kcsb[1].msi_parameters
"""
assert kcsb[2].msi_authentication
assert kcsb[2].msi_parameters["connection_timeout"] == 3
assert "client_id" not in kcsb[2].msi_parameters
assert kcsb[2].msi_parameters["object_id"] == object_guid
assert "msi_res_id" not in kcsb[2].msi_parameters
assert kcsb[3].msi_authentication
assert "timeout" not in kcsb[3].msi_parameters
assert "client_id" not in kcsb[3].msi_parameters
assert "object_id" not in kcsb[3].msi_parameters
assert kcsb[3].msi_parameters["msi_res_id"] == res_guid
"""
exception_occurred = False
try:
fault = KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(
"localhost", client_id=client_guid, object_id=object_guid)
except ValueError as e:
exception_occurred = True
finally:
assert exception_occurred
with open(filename, "r") as cert_file:
public_certificate = cert_file.read()
thumbprint = "certificate's thumbprint"
kcsb = KustoConnectionStringBuilder.with_aad_application_certificate_sni_authentication(cluster, client_id, PEM, public_certificate, thumbprint, authority_id)
# No authentication - for rare cases where the cluster is defined to work without any need for auth. usually reserved for internal use.
kcsb = KustoConnectionStringBuilder()
# Managed Identity - automatically injected into your machine by azure when running on an azure service.
# It's the best way for any code that does such - it's automatic, and requires no saving of secrets.
# In case you want to authenticate with a System Assigned Managed Service Identity (MSI)
kcsb = KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(cluster)
# In case you want to authenticate with a User Assigned Managed Service Identity (MSI)
user_assigned_client_id = "the AAD identity client id"
kcsb = KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(cluster, client_id=user_assigned_client_id)
# In case you want to authenticate with Azure CLI.
# Users are required to be in a logged in state in az-cli, for this authentication method to succeed. Run `az login` to login to azure cli.
kcsb = KustoConnectionStringBuilder.with_az_cli_authentication(cluster)
# In case you want to authenticate with AAD username and password
username = "******"
password = "******"
kcsb = KustoConnectionStringBuilder.with_aad_user_password_authentication(cluster, username, password, authority_id)
.set-or-append {TABLE_BASE} <| IngestTo{TABLE_BASE}() | limit 0
.alter-merge table {TABLE_BASE}Ingest policy retention softdelete = timespan(0) recoverability = disabled
.alter table {TABLE_BASE} policy update
@'[{"IsEnabled": true, "Source": "{TABLE_BASE}Ingest", "Query": "IngestTo{TABLE_BASE}()", "IsTransactional": true, "PropagateIngestionProperties": true}]'
"""
cluster_url = sys.argv[1]
db_name = sys.argv[2]
logging.info('Cluster: %s', cluster_url)
logging.info('Database: %s', db_name)
logging.info('Creating connection string.')
kcsb = KustoConnectionStringBuilder.with_aad_managed_service_identity_authentication(
cluster_url)
logging.info('Creating client.')
client = KustoClient(kcsb)
@retry(
stop=stop_after_attempt(5),
wait=wait_exponential(multiplier=1, min=4, max=32),
retry=retry_if_exception(lambda x: not isinstance(x, KustoServiceError)),
after=after_log(logging, logging.DEBUG))
def execute_command(command: str) -> None:
client.execute_mgmt(db_name, command)
def create_table_set(base_name: str) -> None: