def create(self, secrets: Secrets) -> AADTokenCredentials:
        _cloud = cloud.get_or_raise(secrets['azure_cloud'])
        result = AADTokenCredentials(
            {"accessToken": secrets['access_token']},
            secrets['client_id'],
            cloud_environment=_cloud)

        return result
 def create(self, secrets: Secrets) -> ServicePrincipalCredentials:
     _cloud = cloud.get_or_raise(secrets.get('azure_cloud'))
     result = ServicePrincipalCredentials(
         client_id=secrets.get('client_id'),
         secret=secrets.get('client_secret'),
         tenant=secrets.get('tenant_id'),
         cloud_environment=_cloud
     )
     return result
Example #3
0
def test_get_env_by_name_bad():
    with pytest.raises(InterruptExecution):
        data = secrets_provider.provide_secrets_invalid_cloud()
        cloud.get_or_raise(data.get("azure_cloud")) \
            .endpoints.resource_manager
Example #4
0
def test_get_env_by_name_usgov():
    data = secrets_provider.provide_secrets_us_gov()
    result = cloud.get_or_raise(data.get("azure_cloud")) \
        .endpoints.resource_manager

    assert result == AZURE_US_GOV_CLOUD.endpoints.resource_manager
Example #5
0
def test_get_env_by_name_public():
    data = secrets_provider.provide_secrets_public()
    result = cloud.get_or_raise(data.get("azure_cloud")) \
        .endpoints.resource_manager

    assert result == AZURE_PUBLIC_CLOUD.endpoints.resource_manager
Example #6
0
def test_resolve_cloud_env_by_name_default():
    data = secrets_provider.provide_secrets_via_service_principal()
    result = cloud.get_or_raise(data.get("azure_cloud")) \
        .endpoints.resource_manager

    assert result == AZURE_PUBLIC_CLOUD.endpoints.resource_manager
Example #7
0
def load_secrets(experiment_secrets: Secrets):
    """Load secrets from experiments or azure credential file.

    :param experiment_secrets: Secrets provided in experiment file
    :returns: a secret object

    Load secrets from multiple sources that can contain different format
    such as azure credential file or experiment secrets section.
    The latter takes precedence over azure credential file.

    Function returns following dictionary object:
    ```python
    {
        # always available
        "cloud": "variable contains msrest cloud object"

        # optional - available if user authenticate with service principal
        "client_id": "variable contains client id",
        "client_secret": "variable contains client secret",
        "tenant_id": "variable contains tenant id",

        # optional - available if user authenticate with existing token
        "access_token": "variable contains access token",
    }
    ```

    :Loading secrets from experiment file:

    Function will try to load following secrets from the experiment file:
    ```json
    {
        "azure": {
            "client_id": "AZURE_CLIENT_ID",
            "client_secret": "AZURE_CLIENT_SECRET",
            "tenant_id": "AZURE_TENANT_ID",
            "access_token": "AZURE_ACCESS_TOKEN"
        }
    }
    ```

    :Loading secrets from azure credential file:

    If experiment file contains no secrets, function will try to load secrets
    from the azure credential file. Path to the file should be set under
    AZURE_AUTH_LOCATION environment variable.

    Function will try to load following secrets from azure credential file:
    ```json
    {
        "clientId": "AZURE_CLIENT_ID",
        "clientSecret": "AZURE_CLIENT_SECRET",
        "tenantId": "AZURE_TENANT_ID",
        "resourceManagerEndpointUrl": "AZURE_RESOURCE_MANAGER_ENDPOINT",
        ...
    }
    ```
    More info about azure credential file may be found:
    https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate

    """

    # 1: lookup for secrets in experiment  file
    if experiment_secrets:
        return {
            'client_id': experiment_secrets.get('client_id'),
            'client_secret': experiment_secrets.get('client_secret'),
            'tenant_id': experiment_secrets.get('tenant_id'),
            # load cloud object
            'cloud': cloud.get_or_raise(experiment_secrets.get('azure_cloud')),
            'access_token': experiment_secrets.get('access_token'),
        }

    # 2: lookup for credentials in azure auth file
    az_auth_file = _load_azure_auth_file()
    if az_auth_file:
        rm_endpoint = az_auth_file.get('resourceManagerEndpointUrl')
        return {
            'client_id': az_auth_file.get('clientId'),
            'client_secret': az_auth_file.get('clientSecret'),
            'tenant_id': az_auth_file.get('tenantId'),
            # load cloud object
            'cloud': azure_cloud.get_cloud_from_metadata_endpoint(rm_endpoint),
            # access token is not supported for credential files
            'access_token': None,
        }

    # no secretes
    logger.warn("Unable to load Azure credentials.")
    return {}