def get_automation_runas_credential(runas_connection, resource_url, authority_url ): """ Returns credentials to authenticate against Azure resoruce manager """ from OpenSSL import crypto from msrestazure import azure_active_directory import adal # Get the Azure Automation RunAs service principal certificate cert = automationassets.get_automation_certificate("AzureRunAsCertificate") pks12_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pks12_cert.get_privatekey()) # Get run as connection information for the Azure Automation service principal application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] # Authenticate with service principal certificate authority_full_url = (authority_url + '/' + tenant_id) context = adal.AuthenticationContext(authority_full_url) return azure_active_directory.AdalAuthentication( lambda: context.acquire_token_with_client_certificate( resource_url, application_id, pem_pkey, thumbprint) )
def get_automation_runas_token(runas_connection): """ Returs a token that can be used to authenticate against Azure resources """ from OpenSSL import crypto import adal # Get the Azure Automation RunAs service principal certificate cert = automationassets.get_automation_certificate("AzureRunAsCertificate") sp_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, sp_cert.get_privatekey()) # Get run as connection information for the Azure Automation service principal application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] # Authenticate with service principal certificate resource = "https://management.core.windows.net/" authority_url = ("https://login.microsoftonline.com/" + tenant_id) context = adal.AuthenticationContext(authority_url) azure_credential = context.acquire_token_with_client_certificate( resource, application_id, pem_pkey, thumbprint) # Return the token return azure_credential.get('accessToken')
def get_automation_runas_credential(runas_connection): from OpenSSL import crypto import binascii from msrestazure import azure_active_directory import adal # Get the Azure Automation RunAs service principal certificate cert = automationassets.get_automation_certificate("AzureRunAsCertificate") pks12_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,pks12_cert.get_privatekey()) # Get run as connection information for the Azure Automation service principal application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] # Authenticate with service principal certificate resource ="https://management.core.windows.net/" authority_url = ("https://login.microsoftonline.com/"+tenant_id) context = adal.AuthenticationContext(authority_url) return azure_active_directory.AdalAuthentication( lambda: context.acquire_token_with_client_certificate( resource, application_id, pem_pkey, thumbprint) )
def get_automation_runas_credential(): """ Returs a credential that can be used to authenticate against Azure resources """ from OpenSSL import crypto from msrestazure import azure_active_directory import adal import automationassets # Get the Azure Automation RunAs service principal certificate runas_connection = automationassets.get_automation_connection( "AzureRunAsConnection") cert = automationassets.get_automation_certificate("AzureRunAsCertificate") sp_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, sp_cert.get_privatekey()) # Get run as connection information for the Azure Automation service principal application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] # Authenticate with service principal certificate resource = "https://management.core.chinacloudapi.cn/" authority_url = ("https://login.partner.microsoftonline.cn/" + tenant_id) context = adal.AuthenticationContext(authority_url) return azure_active_directory.AdalAuthentication( lambda: context.acquire_token_with_client_certificate( resource, application_id, pem_pkey, thumbprint))
def adal_vault_callback(server, resource, scope): """ Returns a token that can be used to authenticate against Azure resources """ from OpenSSL import crypto import adal import automationassets # Get the Azure Automation RunAs service principal certificate cert = automationassets.get_automation_certificate("AzureRunAsCertificate") sp_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, sp_cert.get_privatekey()) # Get run as connection information for the Azure Automation service principal runas_connection = automationassets.get_automation_connection( "AzureRunAsConnection") application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] # Authenticate with service principal certificate if not resource: resource = "https://vault.azure.net" if not server: server = ("https://login.windows.net/" + tenant_id) context = adal.AuthenticationContext(server) azure_credential = context.acquire_token_with_client_certificate( resource, application_id, pem_pkey, thumbprint) # Return the token return azure_credential.get('tokenType'), azure_credential.get( 'accessToken')
def get_certificate_file(classic_run_as_connection): """ Returns a certificate file to authenticate against Azure service management resources """ cert = automationassets.get_automation_certificate( classic_run_as_connection["CertificateAssetName"]) sp_cert = OpenSSL.crypto.load_pkcs12(cert) temp_pem_file = tempfile.NamedTemporaryFile(suffix='.pem', delete=False) temp_pem_file.write( OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, sp_cert.get_privatekey())) temp_pem_file.write( OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, sp_cert.get_certificate())) temp_pem_file.close() return temp_pem_file
def get_automation_runas_credential(): from OpenSSL import crypto from msrestazure import azure_active_directory import adal import automationassets runas_connection = automationassets.get_automation_connection( "AzureRunAsConnection") cert = automationassets.get_automation_certificate("AzureRunAsCertificate") sp_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, sp_cert.get_privatekey()) application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] resource = "https://management.core.windows.net/" authority_url = ("https://login.microsoftonline.com/" + tenant_id) context = adal.AuthenticationContext(authority_url) return azure_active_directory.AdalAuthentication( lambda: context.acquire_token_with_client_certificate( resource, application_id, pem_pkey, thumbprint))
newCompartment = identity.create_compartment( oci.identity.models.CreateCompartmentDetails( compartment_id=newCompartmentParent.id, name=newCompartmentName, description=newCompartmentName)).data logging.info("New compartment: %s" % newCompartment) logging.info("Creating compartment Admins group") newCompartmentGroup = identity.create_group( oci.identity.models.CreateGroupDetails( compartment_id=tenant_compartment_id, name=newCompartmentName + "-Admins", description=newCompartmentName + "-Admins")).data pks12_cert = crypto.load_pkcs12( automationassets.get_automation_certificate("AzureRunAsCertificate")) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pks12_cert.get_privatekey()) thumbprint = automationConnection["CertificateThumbprint"] context = adal.AuthenticationContext( AZURE_PUBLIC_CLOUD.endpoints.active_directory + '/' + AZTenantId) credentials = AdalAuthentication( lambda: context.acquire_token_with_client_certificate( "https://graph.windows.net", automationConnection["ApplicationId"], pem_pkey, thumbprint)) graphrbac_client = GraphRbacManagementClient(credentials, AZTenantId) AZgrp_name = "cloud-" + newCompartmentName + "-Admins" AZgrp = next( graphrbac_client.groups.list(filter="startswith(displayName,'" + AZgrp_name + "')"), None)