def get_login_credentials(self, resource=None, subscription_id=None):
account = self.get_subscription(subscription_id)
user_type = account[_USER_ENTITY][_USER_TYPE]
username_or_sp_id = account[_USER_ENTITY][_USER_NAME]
resource = resource or self.cli_ctx.cloud.endpoints.active_directory_resource_id
identity_type, identity_id = Profile._try_parse_msi_account_name(
account)
if identity_type is None:
def _retrieve_token():
if in_cloud_console() and account[_USER_ENTITY].get(
_CLOUD_SHELL_ID):
return self._get_token_from_cloud_shell(resource)
if user_type == _USER:
return self._creds_cache.retrieve_token_for_user(
username_or_sp_id, account[_TENANT_ID], resource)
return self._creds_cache.retrieve_token_for_service_principal(
username_or_sp_id, resource)
from azure.cli.core.adal_authentication import AdalAuthentication
auth_object = AdalAuthentication(_retrieve_token)
else:
if self._msi_creds is None:
self._msi_creds = MsiAccountTypes.msi_auth_factory(
identity_type, identity_id, resource)
auth_object = self._msi_creds
return (auth_object, str(account[_SUBSCRIPTION_ID]),
str(account[_TENANT_ID]))
def get_login_credentials(
self,
resource=CLOUD.endpoints.active_directory_resource_id,
subscription_id=None):
account = self.get_subscription(subscription_id)
user_type = account[_USER_ENTITY][_USER_TYPE]
username_or_sp_id = account[_USER_ENTITY][_USER_NAME]
def _retrieve_token():
if account[_SUBSCRIPTION_NAME] == _MSI_ACCOUNT_NAME:
port, _ = Profile.split_msi_user_info(username_or_sp_id)
return Profile.get_msi_token(resource,
CLOUD.endpoints.active_directory,
account[_TENANT_ID], port)
elif user_type == _USER:
return self._creds_cache.retrieve_token_for_user(
username_or_sp_id, account[_TENANT_ID], resource)
return self._creds_cache.retrieve_token_for_service_principal(
username_or_sp_id, resource)
from azure.cli.core.adal_authentication import AdalAuthentication
auth_object = AdalAuthentication(_retrieve_token)
return (auth_object, str(account[_SUBSCRIPTION_ID]),
str(account[_TENANT_ID]))
def get_login_credentials(self,
resource=CLOUD.endpoints.management,
subscription_id=None):
account = self.get_subscription(subscription_id)
user_type = account[_USER_ENTITY][_USER_TYPE]
username_or_sp_id = account[_USER_ENTITY][_USER_NAME]
if user_type == _USER:
token_retriever = lambda: self._creds_cache.retrieve_token_for_user(
username_or_sp_id, account[_TENANT_ID], resource)
auth_object = AdalAuthentication(token_retriever)
else:
token_retriever = lambda: self._creds_cache.retrieve_token_for_service_principal(
username_or_sp_id, resource)
auth_object = AdalAuthentication(token_retriever)
return (auth_object, str(account[_SUBSCRIPTION_ID]),
str(account[_TENANT_ID]))
def get_login_credentials(self,
resource=None,
subscription_id=None,
aux_subscriptions=None):
account = self.get_subscription(subscription_id)
user_type = account[_USER_ENTITY][_USER_TYPE]
username_or_sp_id = account[_USER_ENTITY][_USER_NAME]
resource = resource or self.cli_ctx.cloud.endpoints.active_directory_resource_id
identity_type, identity_id = Profile._try_parse_msi_account_name(
account)
external_tenants_info = []
ext_subs = [
aux_sub for aux_sub in (aux_subscriptions or [])
if aux_sub != subscription_id
]
for ext_sub in ext_subs:
sub = self.get_subscription(ext_sub)
if sub[_TENANT_ID] != account[_TENANT_ID]:
external_tenants_info.append(
(sub[_USER_ENTITY][_USER_NAME], sub[_TENANT_ID]))
if identity_type is None:
def _retrieve_token():
if in_cloud_console() and account[_USER_ENTITY].get(
_CLOUD_SHELL_ID):
return self._get_token_from_cloud_shell(resource)
if user_type == _USER:
return self._creds_cache.retrieve_token_for_user(
username_or_sp_id, account[_TENANT_ID], resource)
return self._creds_cache.retrieve_token_for_service_principal(
username_or_sp_id, resource)
def _retrieve_tokens_from_external_tenants():
external_tokens = []
for u, t in external_tenants_info:
external_tokens.append(
self._creds_cache.retrieve_token_for_user(
u, t, resource))
return external_tokens
from azure.cli.core.adal_authentication import AdalAuthentication
auth_object = AdalAuthentication(
_retrieve_token, _retrieve_tokens_from_external_tenants
if external_tenants_info else None)
else:
if self._msi_creds is None:
self._msi_creds = MsiAccountTypes.msi_auth_factory(
identity_type, identity_id, resource)
auth_object = self._msi_creds
return (auth_object, str(account[_SUBSCRIPTION_ID]),
str(account[_TENANT_ID]))
def get_login_credentials(self, resource=None, subscription_id=None):
account = self.get_subscription(subscription_id)
user_type = account[_USER_ENTITY][_USER_TYPE]
username_or_sp_id = account[_USER_ENTITY][_USER_NAME]
resource = resource or self.cli_ctx.cloud.endpoints.active_directory_resource_id
def _retrieve_token():
identity_id, msi_port = Profile._try_parse_for_msi_port(
account[_SUBSCRIPTION_NAME])
if msi_port is not None:
return Profile.get_msi_token(resource, msi_port, identity_id)
elif user_type == _USER:
return self._creds_cache.retrieve_token_for_user(
username_or_sp_id, account[_TENANT_ID], resource)
return self._creds_cache.retrieve_token_for_service_principal(
username_or_sp_id, resource)
from azure.cli.core.adal_authentication import AdalAuthentication
auth_object = AdalAuthentication(_retrieve_token)
return (auth_object, str(account[_SUBSCRIPTION_ID]),
str(account[_TENANT_ID]))
def setUp(self):
self.client = WebSiteManagementClient(
AdalAuthentication(lambda: ('bearer', 'secretToken')), '123455678')
def setUp(self):
self.mock_logger = mock.MagicMock()
self.mock_cmd = mock.MagicMock()
self.mock_cmd.cli_ctx = mock.MagicMock()
self.client = WebSiteManagementClient(
AdalAuthentication(lambda: ('bearer', 'secretToken')), '123455678')
def test_get_token(self):
user_full_token = (
'Bearer',
'access_token_user_mock',
{
'tokenType':
'Bearer',
'expiresIn':
3599,
'expiresOn':
'2020-11-18 15:35:17.512862', # Local time
'resource':
'https://management.core.windows.net/',
'accessToken':
'access_token_user_mock',
'refreshToken':
'refresh_token_user_mock',
'oid':
'6d97229a-391f-473a-893f-f0608b592d7b',
'userId':
'*****@*****.**',
'isMRRT':
True,
'_clientId':
'04b07795-8ddb-461a-bbee-02f9e1bf7b46',
'_authority':
'https://login.microsoftonline.com/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a'
})
cloud_shell_full_token = ('Bearer', 'access_token_cloud_shell_mock', {
'access_token': 'access_token_cloud_shell_mock',
'refresh_token': '',
'expires_in': '2732',
'expires_on': '1605683384',
'not_before': '1605679484',
'resource': 'https://management.core.windows.net/',
'token_type': 'Bearer'
})
token_retriever = MagicMock()
cred = AdalAuthentication(token_retriever)
def utc_to_timestamp(dt):
# Obtain the POSIX timestamp from a naive datetime instance representing UTC time
# https://docs.python.org/3/library/datetime.html#datetime.datetime.timestamp
return dt.replace(tzinfo=datetime.timezone.utc).timestamp()
# Test expiresOn is used and converted to epoch time
# Force expiresOn to be treated as UTC to make the test pass on both local machine (such as UTC+8)
# and CI (UTC).
with mock.patch("azure.cli.core.adal_authentication._timestamp",
utc_to_timestamp):
token_retriever.return_value = user_full_token
access_token = cred.get_token(
"https://management.core.windows.net//.default")
self.assertEqual(access_token.token, "access_token_user_mock")
self.assertEqual(access_token.expires_on, 1605713717)
# Test expires_on is used as epoch directly
token_retriever.return_value = cloud_shell_full_token
access_token = cred.get_token(
"https://management.core.windows.net//.default")
self.assertEqual(access_token.token, "access_token_cloud_shell_mock")
self.assertEqual(access_token.expires_on, 1605683384)
