def create_authentication(client): # pylint: disable=protected-access try: # ignore mypy's warning because token_type is Optional token_type = client._credential.token_type # type: ignore except AttributeError: token_type = TOKEN_TYPE_JWT if token_type == TOKEN_TYPE_SASTOKEN: auth = authentication.JWTTokenAuth( client._auth_uri, client._auth_uri, functools.partial(client._credential.get_token, client._auth_uri), token_type=token_type, timeout=client._config.auth_timeout, http_proxy=client._config.http_proxy, transport_type=client._config.transport_type, ) auth.update_token() return auth return authentication.JWTTokenAuth( client._auth_uri, client._auth_uri, functools.partial(client._credential.get_token, JWT_TOKEN_SCOPE), token_type=token_type, timeout=client._config.auth_timeout, http_proxy=client._config.http_proxy, transport_type=client._config.transport_type, )
def _create_auth(self): # type: () -> authentication.JWTTokenAuth """ Create an ~uamqp.authentication.SASTokenAuth instance to authenticate the session. """ try: token_type = self._credential.token_type except AttributeError: token_type = b'jwt' if token_type == b"servicebus.windows.net:sastoken": auth = authentication.JWTTokenAuth( self._auth_uri, self._auth_uri, functools.partial(self._credential.get_token, self._auth_uri), token_type=token_type, timeout=self._config.auth_timeout, http_proxy=self._config.http_proxy, transport_type=self._config.transport_type) auth.update_token() return auth return authentication.JWTTokenAuth( self._auth_uri, self._auth_uri, functools.partial(self._credential.get_token, JWT_TOKEN_SCOPE), token_type=token_type, timeout=self._config.auth_timeout, http_proxy=self._config.http_proxy, transport_type=self._config.transport_type)
def test_event_hubs_custom_end_point(): sas_token = authentication.SASTokenAuth( "fake_audience", "fake_uri", "fake_token", expires_in=timedelta(10), custom_endpoint_hostname="123.45.67.89") assert sas_token.hostname == b"123.45.67.89" sas_token = authentication.SASTokenAuth.from_shared_access_key( "fake_uri", "fake_key_name", "fake_key", custom_endpoint_hostname="123.45.67.89") assert sas_token.hostname == b"123.45.67.89" def fake_get_token(): return "fake get token" jwt_token = authentication.JWTTokenAuth( "fake_audience", "fake_uri", fake_get_token, custom_endpoint_hostname="123.45.67.89") assert jwt_token.hostname == b"123.45.67.89"
def _create_auth(self, username=None, password=None): """ Create an ~uamqp.authentication.SASTokenAuth instance to authenticate the session. :param username: The name of the shared access policy. :type username: str :param password: The shared access key. :type password: str """ http_proxy = self._config.http_proxy transport_type = self._config.transport_type auth_timeout = self._config.auth_timeout # TODO: the following code can be refactored to create auth from classes directly instead of using if-else if isinstance(self._credential, EventHubSharedKeyCredential): # pylint:disable=no-else-return username = username or self._auth_config['username'] password = password or self._auth_config['password'] if "@sas.root" in username: return authentication.SASLPlain(self._host, username, password, http_proxy=http_proxy, transport_type=transport_type) return authentication.SASTokenAuth.from_shared_access_key( self._auth_uri, username, password, timeout=auth_timeout, http_proxy=http_proxy, transport_type=transport_type) elif isinstance(self._credential, EventHubSASTokenCredential): token = self._credential.get_sas_token() try: expiry = int(parse_sas_token(token)['se']) except (KeyError, TypeError, IndexError): raise ValueError( "Supplied SAS token has no valid expiry value.") return authentication.SASTokenAuth(self._auth_uri, self._auth_uri, token, expires_at=expiry, timeout=auth_timeout, http_proxy=http_proxy, transport_type=transport_type) else: # Azure credential get_jwt_token = functools.partial( self._credential.get_token, 'https://eventhubs.azure.net//.default') return authentication.JWTTokenAuth(self._auth_uri, self._auth_uri, get_jwt_token, http_proxy=http_proxy, transport_type=transport_type)
def _create_auth(self): # type: () -> authentication.JWTTokenAuth """ Create an ~uamqp.authentication.SASTokenAuth instance to authenticate the session. """ try: # ignore mypy's warning because token_type is Optional token_type = self._credential.token_type # type: ignore except AttributeError: token_type = b"jwt" if token_type == b"servicebus.windows.net:sastoken": auth = authentication.JWTTokenAuth( self._auth_uri, self._auth_uri, functools.partial(self._credential.get_token, self._auth_uri), token_type=token_type, timeout=self._config.auth_timeout, http_proxy=self._config.http_proxy, transport_type=self._config.transport_type, custom_endpoint_hostname=self._config.custom_endpoint_hostname, port=self._config.connection_port, verify=self._config.connection_verify, ) auth.update_token() return auth return authentication.JWTTokenAuth( self._auth_uri, self._auth_uri, functools.partial(self._credential.get_token, JWT_TOKEN_SCOPE), token_type=token_type, timeout=self._config.auth_timeout, http_proxy=self._config.http_proxy, transport_type=self._config.transport_type, custom_endpoint_hostname=self._config.custom_endpoint_hostname, port=self._config.connection_port, verify=self._config.connection_verify, refresh_window=300, )
def _create_auth(self): """ Create an ~uamqp.authentication.SASTokenAuth instance to authenticate the session. """ http_proxy = self._config.http_proxy transport_type = self._config.transport_type auth_timeout = self._config.auth_timeout # TODO: the following code can be refactored to create auth from classes directly instead of using if-else if isinstance(self._credential, EventHubSharedKeyCredential): # pylint:disable=no-else-return username = self._credential.policy password = self._credential.key if "@sas.root" in username: return authentication.SASLPlain(self._address.hostname, username, password, http_proxy=http_proxy, transport_type=transport_type) return authentication.SASTokenAuth.from_shared_access_key( self._auth_uri, username, password, timeout=auth_timeout, http_proxy=http_proxy, transport_type=transport_type) elif isinstance(self._credential, EventHubSASTokenCredential): token = self._credential.get_sas_token() try: expiry = int(parse_sas_token(token)['se']) except (KeyError, TypeError, IndexError): raise ValueError( "Supplied SAS token has no valid expiry value.") return authentication.SASTokenAuth(self._auth_uri, self._auth_uri, token, expires_at=expiry, timeout=auth_timeout, http_proxy=http_proxy, transport_type=transport_type) else: # Azure credential get_jwt_token = functools.partial(self._credential.get_token, JWT_TOKEN_SCOPE) return authentication.JWTTokenAuth(self._auth_uri, self._auth_uri, get_jwt_token, http_proxy=http_proxy, transport_type=transport_type)
def test_event_hubs_send_override_token_refresh_window(live_eventhub_config): uri = "sb://{}/{}".format(live_eventhub_config['hostname'], live_eventhub_config['event_hub']) target = "amqps://{}/{}/Partitions/0".format( live_eventhub_config['hostname'], live_eventhub_config['event_hub']) token = [None] def get_token(): return _AccessToken(token[0], expiry) jwt_auth = authentication.JWTTokenAuth( uri, uri, get_token, refresh_window=300 # set refresh window to be 5 mins ) send_client = uamqp.SendClient(target, auth=jwt_auth, debug=False) # use token of which the valid remaining time < refresh window expiry = int(time.time()) + (60 * 4 + 30) # 4.5 minutes token[0] = utils.create_sas_token( live_eventhub_config['key_name'].encode(), live_eventhub_config['access_key'].encode(), uri.encode(), expiry=timedelta(minutes=4, seconds=30)) for _ in range(3): message = uamqp.message.Message(body='Hello World') send_client.send_message(message) auth_status = constants.CBSAuthStatus(jwt_auth._cbs_auth.get_status()) assert auth_status == constants.CBSAuthStatus.RefreshRequired # update token, the valid remaining time > refresh window expiry = int(time.time()) + (60 * 5 + 30) # 5.5 minutes token[0] = utils.create_sas_token( live_eventhub_config['key_name'].encode(), live_eventhub_config['access_key'].encode(), uri.encode(), expiry=timedelta(minutes=5, seconds=30)) for _ in range(3): message = uamqp.message.Message(body='Hello World') send_client.send_message(message) auth_status = constants.CBSAuthStatus(jwt_auth._cbs_auth.get_status()) assert auth_status == constants.CBSAuthStatus.Ok send_client.close()
def authenticate_client_by_jwt(): # Create the JWTTokenAuth object auth_uri = "<amqp endpoint uri for authentication>" # The AMQP endpoint URI for authentication. token_audience = "<token audience>" # The token audience field. auth = authentication.JWTTokenAuth(audience=token_audience, uri=auth_uri, get_token=get_token) # Instantiate the SendClient with the JWTTokenAuth object target = "<target amqp service endpoint>" # The target AMQP service endpoint. send_client = SendClient(target=target, auth=auth) # Send a message message = Message(b'data') send_client.send_message(message) send_client.close()