def __init__(self,
endpoint,
client_cls,
config=None,
client_id=None,
**kwargs):
# type: (str, Type, Optional[Configuration], Optional[str], **Any) -> None
self._identity_config = kwargs.pop("identity_config", None) or {}
if client_id:
if os.environ.get(
EnvironmentVariables.MSI_ENDPOINT) and os.environ.get(
EnvironmentVariables.MSI_SECRET):
# App Service: version 2017-09-1 accepts client ID as parameter "clientid"
if "clientid" not in self._identity_config:
self._identity_config["clientid"] = client_id
elif "client_id" not in self._identity_config:
self._identity_config["client_id"] = client_id
config = config or self._create_config(**kwargs)
policies = [
ContentDecodePolicy(),
config.headers_policy,
config.user_agent_policy,
config.retry_policy,
config.logging_policy,
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
]
self._client = client_cls(endpoint=endpoint,
config=config,
policies=policies,
**kwargs)
def _create_pipeline(self, credential, **kwargs):
# type: (Any, **Any) -> Tuple[Configuration, Pipeline]
self._credential_policy = None
if hasattr(credential, "get_token"):
self._credential_policy = BearerTokenCredentialPolicy(
credential, STORAGE_OAUTH_SCOPE)
elif isinstance(credential, SharedKeyCredentialPolicy):
self._credential_policy = credential
elif credential is not None:
raise TypeError("Unsupported credential: {}".format(credential))
config = kwargs.get("_configuration") or create_configuration(**kwargs)
if kwargs.get("_pipeline"):
return config, kwargs["_pipeline"]
config.transport = kwargs.get("transport") # type: ignore
kwargs.setdefault("connection_timeout", CONNECTION_TIMEOUT)
kwargs.setdefault("read_timeout", READ_TIMEOUT)
if not config.transport:
config.transport = RequestsTransport(**kwargs)
policies = [
QueueMessagePolicy(), config.headers_policy, config.proxy_policy,
config.user_agent_policy,
StorageContentValidation(),
StorageRequestHook(**kwargs), self._credential_policy,
ContentDecodePolicy(response_encoding="utf-8"),
RedirectPolicy(**kwargs),
StorageHosts(hosts=self._hosts,
**kwargs), config.retry_policy, config.logging_policy,
StorageResponseHook(**kwargs),
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs)
]
if kwargs.get("_additional_pipeline_policies"):
policies = policies + kwargs.get("_additional_pipeline_policies")
return config, Pipeline(config.transport, policies=policies)
def create_pipeline(credential, **kwargs):
# type: (Any, **Any) -> Tuple[Configuration, Pipeline]
credential_policy = None
if hasattr(credential, 'get_token'):
credential_policy = BearerTokenCredentialPolicy(
credential, STORAGE_OAUTH_SCOPE)
elif isinstance(credential, SharedKeyCredentialPolicy):
credential_policy = credential
elif credential is not None:
raise TypeError("Unsupported credential: {}".format(credential))
config = kwargs.get('_configuration') or create_configuration(**kwargs)
if kwargs.get('_pipeline'):
return config, kwargs['_pipeline']
if 'connection_timeout' not in kwargs:
kwargs['connection_timeout'] = DEFAULT_SOCKET_TIMEOUT
transport = kwargs.get('transport') # type: HttpTransport
if not transport:
transport = RequestsTransport(**kwargs)
policies = [
QueueMessagePolicy(),
config.headers_policy,
config.user_agent_policy,
StorageContentValidation(),
StorageRequestHook(**kwargs),
credential_policy,
ContentDecodePolicy(),
config.redirect_policy,
StorageHosts(**kwargs),
config.retry_policy,
config.logging_policy,
StorageResponseHook(**kwargs),
]
return config, Pipeline(transport, policies=policies)
def _build_pipeline(self, **kwargs): # pylint: disable=no-self-use
transport = kwargs.get('transport')
policies = kwargs.get('policies')
credential_policy = \
AsyncServiceBusSharedKeyCredentialPolicy(self._endpoint, self._credential, "Authorization") \
if isinstance(self._credential, ServiceBusSharedKeyCredential) \
else AsyncBearerTokenCredentialPolicy(self._credential, JWT_TOKEN_SCOPE)
if policies is None: # [] is a valid policy list
policies = [
RequestIdPolicy(**kwargs),
self._config.headers_policy,
self._config.user_agent_policy,
self._config.proxy_policy,
ContentDecodePolicy(**kwargs),
ServiceBusXMLWorkaroundPolicy(),
self._config.redirect_policy,
self._config.retry_policy,
credential_policy,
self._config.logging_policy,
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
]
if not transport:
transport = AioHttpTransport(**kwargs)
return AsyncPipeline(transport, policies)
def _create_pipeline(self, credential, **kwargs):
# type: (Any, **Any) -> Tuple[Configuration, Pipeline]
self._credential_policy = None
if hasattr(credential, "get_token"):
self._credential_policy = BearerTokenCredentialPolicy(credential, STORAGE_OAUTH_SCOPE)
elif isinstance(credential, SharedKeyCredentialPolicy):
self._credential_policy = credential
elif credential is not None:
raise TypeError("Unsupported credential: {}".format(credential))
config = kwargs.get("_configuration") or create_configuration(**kwargs)
if kwargs.get("_pipeline"):
return config, kwargs["_pipeline"]
config.transport = kwargs.get("transport") # type: ignore
if "connection_timeout" not in kwargs:
kwargs["connection_timeout"] = DEFAULT_SOCKET_TIMEOUT
if not config.transport:
config.transport = RequestsTransport(**kwargs)
policies = [
QueueMessagePolicy(),
config.headers_policy,
config.user_agent_policy,
StorageContentValidation(),
StorageRequestHook(**kwargs),
self._credential_policy,
ContentDecodePolicy(),
RedirectPolicy(**kwargs),
StorageHosts(hosts=self._hosts, **kwargs),
config.retry_policy,
config.logging_policy,
StorageResponseHook(**kwargs),
DistributedTracingPolicy(),
]
return config, Pipeline(config.transport, policies=policies)
def _create_appconfig_pipeline(
self, credential, base_url=None, aad_mode=False, **kwargs
):
transport = kwargs.get("transport")
policies = kwargs.get("policies")
if policies is None: # [] is a valid policy list
if aad_mode:
scope = base_url.strip("/") + "/.default"
if hasattr(credential, "get_token"):
credential_policy = BearerTokenCredentialPolicy(credential, scope)
else:
raise TypeError(
"Please provide an instance from azure-identity "
"or a class that implement the 'get_token protocol"
)
else:
credential_policy = AppConfigRequestsCredentialsPolicy(credential)
policies = [
self._config.headers_policy,
self._config.user_agent_policy,
self._config.retry_policy,
self._sync_token_policy,
credential_policy,
self._config.logging_policy, # HTTP request/response log
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
ContentDecodePolicy(**kwargs),
]
if not transport:
transport = RequestsTransport(**kwargs)
return Pipeline(transport, policies)
def _configure_policies(self, **kwargs):
# type: (**Any) -> None
try:
from azure.core.pipeline.transport import AioHttpTransport
if not kwargs.get("transport"):
kwargs.setdefault("transport", AioHttpTransport(**kwargs))
except ImportError:
raise ImportError(
"Unable to create async transport. Please check aiohttp is installed."
)
kwargs.setdefault("connection_timeout", CONNECTION_TIMEOUT)
kwargs.setdefault("read_timeout", READ_TIMEOUT)
self._policies = [
StorageHeadersPolicy(**kwargs),
ProxyPolicy(**kwargs),
UserAgentPolicy(sdk_moniker=SDK_MONIKER, **kwargs),
StorageContentValidation(),
StorageRequestHook(**kwargs),
self._credential_policy,
ContentDecodePolicy(response_encoding="utf-8"),
AsyncRedirectPolicy(**kwargs),
StorageHosts(hosts=self._hosts, **kwargs),
AsyncTablesRetryPolicy(**kwargs),
StorageLoggingPolicy(**kwargs),
AsyncStorageResponseHook(**kwargs),
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
]
def __init__(self, config=None, **kwargs):
# type: (Optional[Configuration], Dict[str, Any]) -> None
config = config or self.create_config(**kwargs)
policies = [
config.header_policy,
ContentDecodePolicy(), config.logging_policy, config.retry_policy
]
self._client = AuthnClient(Endpoints.IMDS, config, policies, **kwargs)
def _create_pipeline(account, credential, **kwargs):
# type: (Any, **Any) -> Tuple[Configuration, Pipeline]
credential_policy = SharedKeyCredentialPolicy(account_name=account.name, account_key=credential)
transport = RequestsTransport(**kwargs)
policies = [
HeadersPolicy(),
credential_policy,
ContentDecodePolicy(response_encoding="utf-8")]
return Pipeline(transport, policies=policies)
def _build_pipeline(self, config=None, policies=None, transport=None, **kwargs):
config = config or self._create_config(**kwargs)
policies = policies or [
ContentDecodePolicy(),
config.retry_policy,
config.logging_policy,
DistributedTracingPolicy(),
]
if not transport:
transport = RequestsTransport(**kwargs)
return Pipeline(transport=transport, policies=policies)
def __init__(self, config=None, **kwargs):
# type: (Optional[Configuration], Dict[str, Any]) -> None
config = config or self.create_config(**kwargs)
policies = [
ContentDecodePolicy(), config.retry_policy, config.logging_policy
]
endpoint = os.environ.get(MSI_ENDPOINT)
if not endpoint:
raise ValueError(
"expected environment variable {} has no value".format(
MSI_ENDPOINT))
self._client = AuthnClient(endpoint, config, policies, **kwargs)
def __init__(self, configuration=None, **kwargs):
config = configuration or FooServiceClient.create_config(**kwargs)
transport = kwargs.get('transport', RequestsTransport(**kwargs))
policies = [
config.user_agent_policy,
config.headers_policy,
config.authentication_policy,
ContentDecodePolicy(),
config.redirect_policy,
config.retry_policy,
config.logging_policy,
]
self._pipeline = Pipeline(transport, policies=policies)
def __init__(self, auth_url, config=None, policies=None, transport=None, **kwargs):
# type: (str, Optional[Configuration], Optional[Iterable[HTTPPolicy]], Optional[HttpTransport], Mapping[str, Any]) -> None
config = config or self._create_config(**kwargs)
policies = policies or [
ContentDecodePolicy(),
config.retry_policy,
config.logging_policy,
DistributedTracingPolicy(),
]
if not transport:
transport = RequestsTransport(**kwargs)
self._pipeline = Pipeline(transport=transport, policies=policies)
super(AuthnClient, self).__init__(auth_url, **kwargs)
async def test_policies_configurable():
policy = Mock(spec_set=SansIOHTTPPolicy, on_request=Mock())
async def send(*_, **__):
return mock_response(json_payload=build_aad_response(access_token="**"))
credential = CertificateCredential(
"tenant-id", "client-id", PEM_CERT_PATH, policies=[ContentDecodePolicy(), policy], transport=Mock(send=send)
)
await credential.get_token("scope")
assert policy.on_request.called
def __init__(self,
endpoint,
client_cls,
config=None,
client_id=None,
**kwargs):
# type: (str, Type, Optional[Configuration], Optional[str], Any) -> None
self._client_id = client_id
config = config or self._create_config(**kwargs)
policies = [
ContentDecodePolicy(), config.headers_policy, config.retry_policy,
config.logging_policy
]
self._client = client_cls(endpoint, config, policies, **kwargs)
def __init__(self,
auth_url: str,
config: Optional[Configuration] = None,
policies: Optional[Iterable[HTTPPolicy]] = None,
transport: Optional[AsyncHttpTransport] = None,
**kwargs: Mapping[str, Any]) -> None:
config = config or self.create_config(**kwargs)
policies = policies or [
ContentDecodePolicy(), config.logging_policy, config.retry_policy
]
if not transport:
transport = AsyncioRequestsTransport(configuration=config)
self._pipeline = AsyncPipeline(transport=transport, policies=policies)
super(AsyncAuthnClient, self).__init__(auth_url, **kwargs)
def test_policies_configurable():
policy = Mock(spec_set=SansIOHTTPPolicy, on_request=Mock())
transport = msal_validating_transport(
requests=[Request()], responses=[mock_response(json_payload=build_aad_response(access_token="**"))]
)
credential = CertificateCredential(
"tenant-id", "client-id", CERT_PATH, policies=[ContentDecodePolicy(), policy], transport=transport
)
credential.get_token("scope")
assert policy.on_request.called
def _configure_policies(self, **kwargs):
return [
RequestIdPolicy(**kwargs),
StorageHeadersPolicy(**kwargs),
UserAgentPolicy(sdk_moniker=SDK_MONIKER, **kwargs),
ProxyPolicy(**kwargs),
self._credential_policy,
ContentDecodePolicy(response_encoding="utf-8"),
RedirectPolicy(**kwargs),
StorageHosts(**kwargs),
TablesRetryPolicy(**kwargs),
CustomHookPolicy(**kwargs),
NetworkTraceLoggingPolicy(**kwargs),
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
]
def _get_policies(config, **kwargs):
logging_policy = HttpLoggingPolicy(**kwargs)
logging_policy.allowed_header_names.add("x-ms-keyvault-network-info")
return [
config.headers_policy,
UserAgentPolicy(base_user_agent=USER_AGENT, **kwargs),
config.proxy_policy,
ContentDecodePolicy(),
config.redirect_policy,
config.retry_policy,
config.authentication_policy,
config.logging_policy,
DistributedTracingPolicy(**kwargs),
logging_policy,
]
def __init__(self,
config: "Optional[Configuration]" = None,
policies: "Optional[Iterable[HTTPPolicy]]" = None,
transport: "Optional[AsyncHttpTransport]" = None,
**kwargs: "Any") -> None:
config = config or self._create_config(**kwargs)
policies = policies or [
ContentDecodePolicy(),
config.retry_policy,
config.logging_policy,
DistributedTracingPolicy(),
]
if not transport:
transport = AsyncioRequestsTransport(**kwargs)
self._pipeline = AsyncPipeline(transport=transport, policies=policies)
super().__init__(**kwargs)
def _default_policies(config, **kwargs):
return [
RequestIdPolicy(**kwargs),
ARMAutoResourceProviderRegistrationPolicy(),
config.headers_policy,
config.user_agent_policy,
config.proxy_policy,
ContentDecodePolicy(**kwargs),
config.redirect_policy,
config.retry_policy,
config.authentication_policy,
config.custom_hook_policy,
config.logging_policy,
DistributedTracingPolicy(**kwargs),
ARMHttpLoggingPolicy(**kwargs),
]
def _create_pipeline(self, credential, **kwargs):
# type: (Any, **Any) -> Tuple[Configuration, Pipeline]
self._credential_policy = None
if hasattr(credential, 'get_token'):
self._credential_policy = AsyncBearerTokenCredentialPolicy(
credential, STORAGE_OAUTH_SCOPE)
elif isinstance(credential, SharedKeyCredentialPolicy):
self._credential_policy = credential
elif isinstance(credential, AzureSasCredential):
self._credential_policy = AzureSasCredentialPolicy(credential)
elif credential is not None:
raise TypeError("Unsupported credential: {}".format(credential))
config = kwargs.get('_configuration') or create_configuration(**kwargs)
if kwargs.get('_pipeline'):
return config, kwargs['_pipeline']
config.transport = kwargs.get('transport') # type: ignore
kwargs.setdefault("connection_timeout", CONNECTION_TIMEOUT)
kwargs.setdefault("read_timeout", READ_TIMEOUT)
if not config.transport:
try:
from azure.core.pipeline.transport import AioHttpTransport
except ImportError:
raise ImportError(
"Unable to create async transport. Please check aiohttp is installed."
)
config.transport = AioHttpTransport(**kwargs)
policies = [
QueueMessagePolicy(),
config.headers_policy,
config.proxy_policy,
config.user_agent_policy,
StorageContentValidation(),
StorageRequestHook(**kwargs),
self._credential_policy,
ContentDecodePolicy(response_encoding="utf-8"),
AsyncRedirectPolicy(**kwargs),
StorageHosts(hosts=self._hosts, **kwargs), # type: ignore
config.retry_policy,
config.logging_policy,
AsyncStorageResponseHook(**kwargs),
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
]
if kwargs.get("_additional_pipeline_policies"):
policies = policies + kwargs.get("_additional_pipeline_policies")
return config, AsyncPipeline(config.transport, policies=policies)
def __init__(self, **kwargs: Any) -> None:
"""Azure Monitor base exporter for OpenTelemetry.
:keyword str api_version: The service API version used. Defaults to latest.
:rtype: None
"""
parsed_connection_string = ConnectionStringParser(
kwargs.get('connection_string'))
self._instrumentation_key = parsed_connection_string.instrumentation_key
self._timeout = 10.0 # networking timeout in seconds
self._api_version = kwargs.get('api_version') or _SERVICE_API_LATEST
self._consecutive_redirects = 0 # To prevent circular redirects
temp_suffix = self._instrumentation_key or ""
default_storage_path = os.path.join(tempfile.gettempdir(),
_TEMPDIR_PREFIX + temp_suffix)
config = AzureMonitorClientConfiguration(
parsed_connection_string.endpoint, **kwargs)
policies = [
RequestIdPolicy(**kwargs),
config.headers_policy,
config.user_agent_policy,
config.proxy_policy,
ContentDecodePolicy(**kwargs),
# Handle redirects in exporter, set new endpoint if redirected
RedirectPolicy(permit_redirects=False),
config.retry_policy,
config.authentication_policy,
config.custom_hook_policy,
config.logging_policy,
# Explicitly disabling to avoid infinite loop of Span creation when data is exported
# DistributedTracingPolicy(**kwargs),
config.http_logging_policy or HttpLoggingPolicy(**kwargs)
]
self.client = AzureMonitorClient(
host=parsed_connection_string.endpoint,
connection_timeout=self._timeout,
policies=policies,
**kwargs)
self.storage = LocalFileStorage(
path=default_storage_path,
max_size=50 * 1024 * 1024, # Maximum size in bytes.
maintenance_period=60, # Maintenance interval in seconds.
retention_period=7 * 24 * 60 * 60, # Retention period in seconds
)
def __init__(self, **kwargs: Any) -> None:
"""Azure Monitor base exporter for OpenTelemetry.
:param options: Exporter configuration options.
:type options: ~azure.opentelemetry.exporter.azuremonitor.options.ExporterOptions
:keyword str connection_string: The connection string to be used for authentication
:rtype: None
"""
options = ExporterOptions(**kwargs)
parsed_connection_string = ConnectionStringParser(
options.connection_string)
self._instrumentation_key = parsed_connection_string.instrumentation_key
self._timeout = 10.0 # networking timeout in seconds
temp_suffix = self._instrumentation_key or ""
default_storage_path = os.path.join(tempfile.gettempdir(),
TEMPDIR_PREFIX + temp_suffix)
config = AzureMonitorClientConfiguration(
parsed_connection_string.endpoint, **kwargs)
policies = [
RequestIdPolicy(**kwargs),
config.headers_policy,
config.user_agent_policy,
config.proxy_policy,
ContentDecodePolicy(**kwargs),
config.redirect_policy,
config.retry_policy,
config.authentication_policy,
config.custom_hook_policy,
config.logging_policy,
# Explicitly disabling to avoid infinite loop of Span creation when data is exported
# DistributedTracingPolicy(**kwargs),
config.http_logging_policy or HttpLoggingPolicy(**kwargs)
]
self.client = AzureMonitorClient(
host=parsed_connection_string.endpoint,
connection_timeout=self._timeout,
policies=policies,
**kwargs)
self.storage = LocalFileStorage(
path=default_storage_path,
max_size=50 * 1024 * 1024, # Maximum size in bytes.
maintenance_period=60, # Maintenance interval in seconds.
retention_period=7 * 24 * 60 * 60, # Retention period in seconds
)
def _build_pipeline(config=None, policies=None, transport=None, **kwargs):
# type: (Optional[Configuration], Optional[PolicyList], Optional[HttpTransport], **Any) -> Pipeline
config = config or _create_config(**kwargs)
if policies is None: # [] is a valid policy list
policies = [
ContentDecodePolicy(),
config.user_agent_policy,
config.proxy_policy,
config.retry_policy,
config.logging_policy,
DistributedTracingPolicy(**kwargs),
HttpLoggingPolicy(**kwargs),
]
if not transport:
transport = RequestsTransport(**kwargs)
return Pipeline(transport=transport, policies=policies)
def _policies(credential, **kwargs):
# type: (Union[AzureKeyCredential, EventGridSharedAccessSignatureCredential], Any) -> List[Any]
auth_policy = _get_authentication_policy(credential)
sdk_moniker = 'eventgrid/{}'.format(VERSION)
policies = [
RequestIdPolicy(**kwargs),
HeadersPolicy(**kwargs),
UserAgentPolicy(sdk_moniker=sdk_moniker, **kwargs),
ProxyPolicy(**kwargs),
ContentDecodePolicy(**kwargs),
RedirectPolicy(**kwargs),
RetryPolicy(**kwargs), auth_policy,
CustomHookPolicy(**kwargs),
NetworkTraceLoggingPolicy(**kwargs),
DistributedTracingPolicy(**kwargs),
CloudEventDistributedTracingPolicy(),
HttpLoggingPolicy(**kwargs)
]
return policies
def __init__(
self,
config=None, # type: Optional[Configuration]
policies=None, # type: Optional[Iterable[HTTPPolicy]]
transport=None, # type: Optional[HttpTransport]
**kwargs # type: Any
):
# type: (...) -> None
config = config or self._create_config(**kwargs)
policies = policies or [
ContentDecodePolicy(),
config.retry_policy,
config.logging_policy,
DistributedTracingPolicy(),
]
if not transport:
transport = RequestsTransport(**kwargs)
self._pipeline = Pipeline(transport=transport, policies=policies)
super(AuthnClient, self).__init__(**kwargs)
def _policies(credential: Union[AzureKeyCredential, AzureSasCredential],
**kwargs: Any) -> List[Any]:
auth_policy = _get_authentication_policy(credential)
sdk_moniker = 'eventgridpublisherclient/{}'.format(VERSION)
policies = [
RequestIdPolicy(**kwargs),
HeadersPolicy(**kwargs),
UserAgentPolicy(sdk_moniker=sdk_moniker, **kwargs),
ProxyPolicy(**kwargs),
ContentDecodePolicy(**kwargs),
AsyncRedirectPolicy(**kwargs),
AsyncRetryPolicy(**kwargs), auth_policy,
CustomHookPolicy(**kwargs),
NetworkTraceLoggingPolicy(**kwargs),
DistributedTracingPolicy(**kwargs),
CloudEventDistributedTracingPolicy(),
HttpLoggingPolicy(**kwargs)
]
return policies
async def test_cloud_shell_live(cloud_shell):
credential = ManagedIdentityCredential()
token = credential.get_token("https://vault.azure.net")
# Validate the token by sending a request to the Key Vault. The request is manual because azure-keyvault-secrets
# can't authenticate in Cloud Shell; the MSI endpoint there doesn't support AADv2 scopes.
policies = [
ContentDecodePolicy(),
AsyncRedirectPolicy(),
AsyncRetryPolicy(),
HttpLoggingPolicy()
]
client = AsyncPipelineClient(cloud_shell["vault_url"], policies=policies)
list_secrets = client.get(
"secrets",
headers={"Authorization": "Bearer " + token.token},
params={"api-version": "7.0"})
async with client:
await client._pipeline.run(list_secrets)
