def get_login_credentials(self, resource=None, subscription_id=None): account = self.get_subscription(subscription_id) user_type = account[_USER_ENTITY][_USER_TYPE] username_or_sp_id = account[_USER_ENTITY][_USER_NAME] resource = resource or self.cli_ctx.cloud.endpoints.active_directory_resource_id identity_type, identity_id = Profile._try_parse_msi_account_name( account) if identity_type is None: def _retrieve_token(): if in_cloud_console() and account[_USER_ENTITY].get( _CLOUD_SHELL_ID): return self._get_token_from_cloud_shell(resource) if user_type == _USER: return self._creds_cache.retrieve_token_for_user( username_or_sp_id, account[_TENANT_ID], resource) return self._creds_cache.retrieve_token_for_service_principal( username_or_sp_id, resource) from azure.cli.core.adal_authentication import AdalAuthentication auth_object = AdalAuthentication(_retrieve_token) else: if self._msi_creds is None: self._msi_creds = MsiAccountTypes.msi_auth_factory( identity_type, identity_id, resource) auth_object = self._msi_creds return (auth_object, str(account[_SUBSCRIPTION_ID]), str(account[_TENANT_ID]))
def get_login_credentials( self, resource=CLOUD.endpoints.active_directory_resource_id, subscription_id=None): account = self.get_subscription(subscription_id) user_type = account[_USER_ENTITY][_USER_TYPE] username_or_sp_id = account[_USER_ENTITY][_USER_NAME] def _retrieve_token(): if account[_SUBSCRIPTION_NAME] == _MSI_ACCOUNT_NAME: port, _ = Profile.split_msi_user_info(username_or_sp_id) return Profile.get_msi_token(resource, CLOUD.endpoints.active_directory, account[_TENANT_ID], port) elif user_type == _USER: return self._creds_cache.retrieve_token_for_user( username_or_sp_id, account[_TENANT_ID], resource) return self._creds_cache.retrieve_token_for_service_principal( username_or_sp_id, resource) from azure.cli.core.adal_authentication import AdalAuthentication auth_object = AdalAuthentication(_retrieve_token) return (auth_object, str(account[_SUBSCRIPTION_ID]), str(account[_TENANT_ID]))
def get_login_credentials(self, resource=CLOUD.endpoints.management, subscription_id=None): account = self.get_subscription(subscription_id) user_type = account[_USER_ENTITY][_USER_TYPE] username_or_sp_id = account[_USER_ENTITY][_USER_NAME] if user_type == _USER: token_retriever = lambda: self._creds_cache.retrieve_token_for_user( username_or_sp_id, account[_TENANT_ID], resource) auth_object = AdalAuthentication(token_retriever) else: token_retriever = lambda: self._creds_cache.retrieve_token_for_service_principal( username_or_sp_id, resource) auth_object = AdalAuthentication(token_retriever) return (auth_object, str(account[_SUBSCRIPTION_ID]), str(account[_TENANT_ID]))
def get_login_credentials(self, resource=None, subscription_id=None, aux_subscriptions=None): account = self.get_subscription(subscription_id) user_type = account[_USER_ENTITY][_USER_TYPE] username_or_sp_id = account[_USER_ENTITY][_USER_NAME] resource = resource or self.cli_ctx.cloud.endpoints.active_directory_resource_id identity_type, identity_id = Profile._try_parse_msi_account_name( account) external_tenants_info = [] ext_subs = [ aux_sub for aux_sub in (aux_subscriptions or []) if aux_sub != subscription_id ] for ext_sub in ext_subs: sub = self.get_subscription(ext_sub) if sub[_TENANT_ID] != account[_TENANT_ID]: external_tenants_info.append( (sub[_USER_ENTITY][_USER_NAME], sub[_TENANT_ID])) if identity_type is None: def _retrieve_token(): if in_cloud_console() and account[_USER_ENTITY].get( _CLOUD_SHELL_ID): return self._get_token_from_cloud_shell(resource) if user_type == _USER: return self._creds_cache.retrieve_token_for_user( username_or_sp_id, account[_TENANT_ID], resource) return self._creds_cache.retrieve_token_for_service_principal( username_or_sp_id, resource) def _retrieve_tokens_from_external_tenants(): external_tokens = [] for u, t in external_tenants_info: external_tokens.append( self._creds_cache.retrieve_token_for_user( u, t, resource)) return external_tokens from azure.cli.core.adal_authentication import AdalAuthentication auth_object = AdalAuthentication( _retrieve_token, _retrieve_tokens_from_external_tenants if external_tenants_info else None) else: if self._msi_creds is None: self._msi_creds = MsiAccountTypes.msi_auth_factory( identity_type, identity_id, resource) auth_object = self._msi_creds return (auth_object, str(account[_SUBSCRIPTION_ID]), str(account[_TENANT_ID]))
def get_login_credentials(self, resource=None, subscription_id=None): account = self.get_subscription(subscription_id) user_type = account[_USER_ENTITY][_USER_TYPE] username_or_sp_id = account[_USER_ENTITY][_USER_NAME] resource = resource or self.cli_ctx.cloud.endpoints.active_directory_resource_id def _retrieve_token(): identity_id, msi_port = Profile._try_parse_for_msi_port( account[_SUBSCRIPTION_NAME]) if msi_port is not None: return Profile.get_msi_token(resource, msi_port, identity_id) elif user_type == _USER: return self._creds_cache.retrieve_token_for_user( username_or_sp_id, account[_TENANT_ID], resource) return self._creds_cache.retrieve_token_for_service_principal( username_or_sp_id, resource) from azure.cli.core.adal_authentication import AdalAuthentication auth_object = AdalAuthentication(_retrieve_token) return (auth_object, str(account[_SUBSCRIPTION_ID]), str(account[_TENANT_ID]))
def setUp(self): self.client = WebSiteManagementClient( AdalAuthentication(lambda: ('bearer', 'secretToken')), '123455678')
def setUp(self): self.mock_logger = mock.MagicMock() self.mock_cmd = mock.MagicMock() self.mock_cmd.cli_ctx = mock.MagicMock() self.client = WebSiteManagementClient( AdalAuthentication(lambda: ('bearer', 'secretToken')), '123455678')
def test_get_token(self): user_full_token = ( 'Bearer', 'access_token_user_mock', { 'tokenType': 'Bearer', 'expiresIn': 3599, 'expiresOn': '2020-11-18 15:35:17.512862', # Local time 'resource': 'https://management.core.windows.net/', 'accessToken': 'access_token_user_mock', 'refreshToken': 'refresh_token_user_mock', 'oid': '6d97229a-391f-473a-893f-f0608b592d7b', 'userId': '*****@*****.**', 'isMRRT': True, '_clientId': '04b07795-8ddb-461a-bbee-02f9e1bf7b46', '_authority': 'https://login.microsoftonline.com/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a' }) cloud_shell_full_token = ('Bearer', 'access_token_cloud_shell_mock', { 'access_token': 'access_token_cloud_shell_mock', 'refresh_token': '', 'expires_in': '2732', 'expires_on': '1605683384', 'not_before': '1605679484', 'resource': 'https://management.core.windows.net/', 'token_type': 'Bearer' }) token_retriever = MagicMock() cred = AdalAuthentication(token_retriever) def utc_to_timestamp(dt): # Obtain the POSIX timestamp from a naive datetime instance representing UTC time # https://docs.python.org/3/library/datetime.html#datetime.datetime.timestamp return dt.replace(tzinfo=datetime.timezone.utc).timestamp() # Test expiresOn is used and converted to epoch time # Force expiresOn to be treated as UTC to make the test pass on both local machine (such as UTC+8) # and CI (UTC). with mock.patch("azure.cli.core.adal_authentication._timestamp", utc_to_timestamp): token_retriever.return_value = user_full_token access_token = cred.get_token( "https://management.core.windows.net//.default") self.assertEqual(access_token.token, "access_token_user_mock") self.assertEqual(access_token.expires_on, 1605713717) # Test expires_on is used as epoch directly token_retriever.return_value = cloud_shell_full_token access_token = cred.get_token( "https://management.core.windows.net//.default") self.assertEqual(access_token.token, "access_token_cloud_shell_mock") self.assertEqual(access_token.expires_on, 1605683384)