コード例 #1
0
    def __init__(self, batchToken: str, armToken: str, account: BatchAccount):
        self.batchCreds = AdalAuthentication(
            lambda: {'accessToken': batchToken})
        self.armCreds = AdalAuthentication(lambda: {
            'accessToken': armToken,
            'tokenType': 'Bearer'
        })
        self.account = account

        self.client = batch.BatchExtensionsClient(
            credentials=self.batchCreds,
            batch_account=self.account.name,
            base_url='https://{0}'.format(account.account_endpoint),
            subscription_id=account.subscription_id,
            mgmt_credentials=self.armCreds)
コード例 #2
0
 def _get_client(self):
     if os.getenv("USE_MSI", "false").lower() == "true":
         _logger.info('Using MSI')
         if "MSI_CLIENT_ID" in os.environ:
             msi_client_id = os.environ["MSI_CLIENT_ID"]
             _logger.info('Using client_id: %s', msi_client_id)
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, client_id=msi_client_id)
         elif "MSI_OBJECT_ID" in os.environ:
             msi_object_id = os.environ["MSI_OBJECT_ID"]
             _logger.info('Using object_id: %s', msi_object_id)
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, object_id=msi_object_id)
         elif "MSI_RESOURCE_ID" in os.environ:
             msi_resource_id = os.environ["MSI_RESOURCE_ID"]
             _logger.info('Using resource_id: %s', msi_resource_id)
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, msi_res_id=msi_resource_id)
         else:
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME)
     else:
         self._parse_sp_file()
         authority = '/'.join([AZURE_AUTHORITY_SERVER.rstrip('/'), self.tenant_id])
         _logger.info('Using authority: %s', authority)
         context = AuthenticationContext(authority)
         _logger.info('Using vault resource name: %s and client id: %s', VAULT_RESOURCE_NAME, self.client_id)
         credentials = AdalAuthentication(context.acquire_token_with_client_credentials, VAULT_RESOURCE_NAME,
                                          self.client_id, self.client_secret)
     return KeyVaultClient(credentials)
コード例 #3
0
async def async_setup(hass, config):
    """Initialize the Azure DNS component."""

    # Acquire the Azure AD token.
    try:
        context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/' +
                                             config[DOMAIN][CONF_TENANT])

        credentials = AdalAuthentication(
            context.acquire_token_with_client_credentials, RESOURCE,
            config[DOMAIN][CONF_CLIENTID], config[DOMAIN][CONF_CLIENTSECRET])

    except adal.AdalError as error:
        _LOGGER.error("Failed to acquire Azure AD Credential: %s", error)
        return False

    result = await _update_azuredns(config, credentials)

    if not result:
        _LOGGER.error("Failed to update Azure DNS record")
        return False

    async def update_domain_interval():
        """Update the Azure DNS entry."""
        await _update_azuredns(config, credentials)

    async_track_time_interval(hass, update_domain_interval, INTERVAL)
    return result
コード例 #4
0
 def getAADTokenCredentials(cloudType, resource, appId, tenantId, secret):
     LOGIN_ENDPOINT = cloudType.endpoints.active_directory
     context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/' + tenantId)
     credentials = AdalAuthentication(
         context.acquire_token_with_client_credentials, resource, appId,
         secret)
     return credentials
コード例 #5
0
    def __init__(self):
        # Read the settings from config
        self.config = configparser.ConfigParser()
        self.config.read('./settings.ini')
        self.account_name = self.config['DEFAULT']['ACCOUNT_NAME']
        self.resource_group_name = self.config['DEFAULT'][
            'RESOURCE_GROUP_NAME']
        self.transform_name = self.config['DEFAULT']['TRANSFORM_NAME']

        # Read the transform name for audio analyzer
        # self.audio_analyzer_transform_name = self.config['DEFAULT']['AUDIO_ANALYZER_TRANSFORM_NAME']

        client_id = self.config['DEFAULT']['CLIENT']
        key = self.config['DEFAULT']['KEY']
        subscription_id = self.config['DEFAULT']['SUBSCRIPTION_ID']
        tenant_id = self.config['DEFAULT']['TENANT_ID']

        login_endpoint = AZURE_PUBLIC_CLOUD.endpoints.active_directory
        resource = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id
        context = adal.AuthenticationContext(login_endpoint + '/' + tenant_id)
        credentials = AdalAuthentication(
            context.acquire_token_with_client_credentials, resource, client_id,
            key)

        # The AMS Client
        # You can now use this object to perform different operations to your AMS account.
        self.client = AzureMediaServices(credentials, subscription_id)
コード例 #6
0
ファイル: client_factory.py プロジェクト: norton120/dbt_gen
def get_client_from_json_dict(client_class, config_dict, **kwargs):
    """Return a SDK client initialized with a JSON auth dict.

    The easiest way to obtain this content is to call the following CLI commands:

    .. code:: bash

        az ad sp create-for-rbac --sdk-auth

    This method will fill automatically the following client parameters:
    - credentials
    - subscription_id
    - base_url

    Parameters provided in kwargs will override parameters and be passed directly to the client.

    :Example:

    .. code:: python

        from azure.common.client_factory import get_client_from_auth_file
        from azure.mgmt.compute import ComputeManagementClient
        config_dict = {
            "clientId": "ad735158-65ca-11e7-ba4d-ecb1d756380e",
            "clientSecret": "b70bb224-65ca-11e7-810c-ecb1d756380e",
            "subscriptionId": "bfc42d3a-65ca-11e7-95cf-ecb1d756380e",
            "tenantId": "c81da1d8-65ca-11e7-b1d1-ecb1d756380e",
            "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
            "resourceManagerEndpointUrl": "https://management.azure.com/",
            "activeDirectoryGraphResourceId": "https://graph.windows.net/",
            "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
            "galleryEndpointUrl": "https://gallery.azure.com/",
            "managementEndpointUrl": "https://management.core.windows.net/"
        }
        client = get_client_from_json_dict(ComputeManagementClient, config_dict)

    .. versionadded:: 1.1.7

    :param client_class: A SDK client class
    :param dict config_dict: A config dict.
    :return: An instanciated client
    """
    parameters = {
        'subscription_id': config_dict.get('subscriptionId'),
        'base_url': config_dict.get('resourceManagerEndpointUrl'),
    }

    if 'credentials' not in kwargs:
        authority_url = (config_dict['activeDirectoryEndpointUrl'] + '/' + 
                         config_dict['tenantId'])
        context = adal.AuthenticationContext(authority_url, api_version=None)
        parameters['credentials'] = AdalAuthentication(
            context.acquire_token_with_client_credentials,
            config_dict['resourceManagerEndpointUrl'],
            config_dict['clientId'],
            config_dict['clientSecret']
        )

    parameters.update(kwargs)
    return _instantiate_client(client_class, **parameters)
コード例 #7
0
    def __init__(self):
        # Read the settings from config
        self.config = configparser.ConfigParser()
        self.config.read('./settings.ini')
        self.account_name = self.config['DEFAULT']['ACCOUNT_NAME']
        self.resource_group_name = self.config['DEFAULT'][
            'RESOURCE_GROUP_NAME']
        self.transform_name = self.config['DEFAULT']['TRANSFORM_NAME']
        self.content_key_policy_name = self.config['DEFAULT'][
            'CONTENT_KEY_POLICY_NAME']
        self.content_key_identifier_claim_type = self.config['DEFAULT'][
            'CONTENT_KEY_IDENTIFIER_CLAIM_TYPE']
        self.issuer = self.config['DEFAULT']['ISSUER']
        self.audience = self.config['DEFAULT']['AUDIENCE']

        self.token_sign_key = b64decode(
            self.config['DEFAULT']['SYMMETRIC_KEY'])

        client_id = self.config['DEFAULT']['CLIENT']
        key = self.config['DEFAULT']['KEY']
        subscription_id = self.config['DEFAULT']['SUBSCRIPTION_ID']
        tenant_id = self.config['DEFAULT']['TENANT_ID']

        login_endpoint = AZURE_PUBLIC_CLOUD.endpoints.active_directory
        resource = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id
        context = adal.AuthenticationContext(login_endpoint + '/' + tenant_id)
        credentials = AdalAuthentication(
            context.acquire_token_with_client_credentials, resource, client_id,
            key)

        # The AMS Client
        # You can now use this object to perform different operations to your AMS account.
        self.client = AzureMediaServices(credentials, subscription_id)
コード例 #8
0
def get_credentials():
    LOGIN_ENDPOINT = AZURE_PUBLIC_CLOUD.endpoints.active_directory
    RESOURCE = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id

    context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/' + TENANT_ID)
    credentials = AdalAuthentication(
        context.acquire_token_with_client_credentials, RESOURCE, CLIENT, KEY)
    return credentials
コード例 #9
0
 def _get_client(self):
     authority = '/'.join([AZURE_AUTHORITY_SERVER.rstrip('/'), self.tenant_id])
     _logger.info('Using authority: %s', authority)
     context = AuthenticationContext(authority)
     _logger.info('Using vault resource name: %s and client id: %s', VAULT_RESOURCE_NAME, self.client_id)
     credentials = AdalAuthentication(context.acquire_token_with_client_credentials, VAULT_RESOURCE_NAME,
                                      self.client_id, self.client_secret)
     return KeyVaultClient(credentials)
コード例 #10
0
ファイル: auth.py プロジェクト: akrause2014/saje
 def GetCredentialsForResource(self, resource):
     try:
         return self._resource_credentials[resource]
     except KeyError:
         ans = AdalAuthentication(
             self.context.acquire_token_with_client_credentials, resource,
             self.client_id, self.secret)
         self._resource_credentials[resource] = ans
         return ans
コード例 #11
0
def auth():

    # Intialize the user-specific variables that will be used during run-time
    global CREDENTIALS
    global USERNAME
    global GRAPH_DATA
    global TOKEN
    global AUTH_TOKEN

    code = flask.request.args['code']
    state = flask.request.args['state']

    client_id = 'fb20d6fe-ce09-449a-b096-90f229943863'
    client_secret = '9bPMwvy7HztrwVkkCR08BOPMbPUb5Ze8MqMVZOwGTMQ='

    # GET THE MICROSOFT GRAPH ACCESS TOKEN
    resource = 'https://graph.microsoft.com'
    context = adal.AuthenticationContext(AUTHORITY_URL)
    auth_token = context.acquire_token_with_authorization_code(
        code, REDIRECT_URI, resource, client_id, client_secret)
    flask.session['auth_access_token'] = auth_token['accessToken']
    AUTH_TOKEN = auth_token['accessToken']

    # GET THE AZURE RESOURCE MANAGEMENT ACCESS TOKEN (USED TO MAKE REST CALLS MANUALLY)
    resource = 'https://management.azure.com'
    context = adal.AuthenticationContext(AUTHORITY_URL)
    manage_token = context.acquire_token_with_authorization_code(
        code, REDIRECT_URI, resource, client_id, client_secret)
    flask.session['access_token'] = manage_token['accessToken']
    TOKEN = manage_token['accessToken']

    # GET THE AZURE RESOURCE MANAGEMENT CREDENTIALS (USED WITH SDK FOR PYTHON)
    CREDENTIALS = AdalAuthentication(
        context.acquire_token_with_client_credentials, config.MANAGE_RESOURCE,
        config.CLIENT_ID, config.CLIENT_SECRET)

    # MAKE A MANUAL REST CALL CALL TO THE GRAPH API TO GET USER INFO WHICH WILL ALWAYS BE USED!
    endpoint = config.AUTH_RESOURCE + '/' + config.API_VERSION + '/me/'  # The specific endpoint for the 'Read User Info' rest call, look in Microsoft documentation for this
    http_headers = {
        'Authorization': flask.session.get(
            'auth_access_token'
        ),  # Headers to be injected, include the authorization token
        'User-Agent': 'duolca_app',
        'Accept': 'application/json',
        'Content-Type': 'application/json',
        'client-request-id': str(uuid.uuid4())
    }
    GRAPH_DATA = requests.get(endpoint, headers=http_headers,
                              stream=False).json()

    flask.session['username'] = GRAPH_DATA['givenName']
    USERNAME = GRAPH_DATA['givenName']

    return flask.redirect('/home')
コード例 #12
0
ファイル: __init__.py プロジェクト: yodobrin/Function-Flow
def main(event: func.EventGridEvent):
    result = json.dumps({
        'id': event.id,
        'data': event.get_json(),
        'topic': event.topic,
        'subject': event.subject,
        'event_type': event.event_type,
    })

    context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/' + TENANT_ID)
    credentials = AdalAuthentication(
        context.acquire_token_with_client_credentials, RESOURCE, CLIENT, KEY)
    # You can now use this object to perform different operations to your AMS account.
    client = AzureMediaServices(credentials, SUBSCRIPTION_ID)
    logging.info("signed in to ams")
    logging.info('assest list %s',
                 client.assets.list(RESOUCE_GROUP_NAME, ACCOUNT_NAME).get(0))
    logging.info('Python EventGrid trigger processed an event: %s', result)
コード例 #13
0
    def __create_media_service_client(self):
        LOGIN_ENDPOINT = AZURE_PUBLIC_CLOUD.endpoints.active_directory
        RESOURCE = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id

        context = adal.AuthenticationContext(
            LOGIN_ENDPOINT + '/' + Config.AAD_TENANT_ID
        )
        credentials = AdalAuthentication(
            context.acquire_token_with_client_credentials,
            RESOURCE,
            Config.AAD_CLIENT_ID,
            Config.AAD_SECRET
        )

        self.media_service_client = AzureMediaServices(
            credentials,
            Config.SUBSCRIPTION_ID
        )
コード例 #14
0
def get_access_tokens(tenant_id, client_id, client_secret):
    context = adal.AuthenticationContext(f'https://login.microsoftonline.com/{tenant_id}', validate_authority=True)
    cred1 = AdalAuthentication(
        context.acquire_token_with_client_credentials,
        'https://management.core.windows.net/',
        client_id,
        client_secret)
    cred2 = AdalAuthentication(
        context.acquire_token_with_client_credentials,
        '2ff814a6-3304-4ab8-85cb-cd0e6f879c1d',
        client_id,
        client_secret)
    return \
        cred1.signed_session(None).headers.get(cred1.header).replace('Bearer ', ''), \
        cred2.signed_session(None).headers.get(cred2.header).replace('Bearer ', '')
コード例 #15
0
 def _get_client(self):
     if os.getenv("USE_MSI", "false").lower() == "true":
         _logger.info('Using MSI')
         if "MSI_CLIENT_ID" in os.environ:
             msi_client_id = os.environ["MSI_CLIENT_ID"]
             _logger.info('Using client_id: %s', msi_client_id)
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, client_id=msi_client_id)
         elif "MSI_OBJECT_ID" in os.environ:
             msi_object_id = os.environ["MSI_OBJECT_ID"]
             _logger.info('Using object_id: %s', msi_object_id)
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, object_id=msi_object_id)
         elif "MSI_RESOURCE_ID" in os.environ:
             msi_resource_id = os.environ["MSI_RESOURCE_ID"]
             _logger.info('Using resource_id: %s', msi_resource_id)
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, msi_res_id=msi_resource_id)
         else:
             credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME)
     else:
         if os.getenv("USE_ENV", "false").lower() == "true":
             self._parse_sp_env()
         else:
             self._parse_sp_file()
         # azure.json file will have "msi" as the client_id and client_secret
         # if the node is running managed identity
         if self.client_id == "msi" and self.client_secret == "msi":
             _logger.info('Using MSI')
             # refer _parse_sp_file, potentially we could have mi client id from sp
             if self.user_assigned_identity_id != "":
                 _logger.info('Using client_id: %s', self.user_assigned_identity_id)
                 credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME, client_id=self.user_assigned_identity_id)
             else:
                 credentials = MSIAuthentication(resource=VAULT_RESOURCE_NAME)
         else:
             authority = '/'.join([AZURE_AUTHORITY_SERVER.rstrip('/'), self.tenant_id])
             _logger.info('Using authority: %s', authority)
             context = AuthenticationContext(authority)
             _logger.info('Using vault resource name: %s and client id: %s', VAULT_RESOURCE_NAME, self.client_id)
             credentials = AdalAuthentication(context.acquire_token_with_client_credentials, VAULT_RESOURCE_NAME,
                                              self.client_id, self.client_secret)
     return KeyVaultClient(credentials)
コード例 #16
0
def get_local_credentials(resource=None):
    from msrestazure.azure_active_directory import AdalAuthentication
    logger = logging.getLogger(__name__)
    data = json.load(open("./sp.json"))
    if not ('clientId' in data or 'clientSecret' in data
            or 'subscriptionId' in data or 'tenantId' in data):
        logger.error(
            "did not find either clientId, clientSecret, subscriptionId of tenantId in file"
        )
        return None, None
    else:
        logger.debug(
            f"found clientId={data['clientId']} in sub={data['subscriptionId']}"
        )

    if not resource:
        resource = "https://management.core.windows.net"
    server = resource + '/' + data['tenantId']
    context = adal.AuthenticationContext(server)
    credentials = AdalAuthentication(
        context.acquire_token_with_client_credentials,
        AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id,
        data['clientId'], data['clientSecret'])
    return credentials, data['subscriptionId']
#region Key Vault Parameters
#--------------------------------------------------------
# Setup Azure Key Vault Authentication Parameters
#--------------------------------------------------------
LOGIN_ENDPOINT = AZURE_PUBLIC_CLOUD.endpoints.active_directory
RESOURCE_URI = 'https://vault.azure.net'
VAULT_URI = 'https://<KeyVaultName>.vault.azure.net/'  #Replace with Azure Key Vault URI, Should be input argument
#--------------------------------------------------------
#endregion

#region Key Vault Connection
#--------------------------------------------------------
# Connect to Azure Key Vault as a Client
#--------------------------------------------------------
context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/' + TENANT_ID)
credentials = AdalAuthentication(context.acquire_token_with_client_credentials,
                                 RESOURCE_URI, CLIENT_ID, KEY)
kvClient = KeyVaultClient(credentials)
#---------------------------------------------------------
#endregion

#region Get Key Vault Secret
#---------------------------------------------------------
# Retrieve Key Vault Secrets
#---------------------------------------------------------
keyValue = (
    kvClient.get_secret(VAULT_URI, '<Key_Name>', '')
).value  #Replace with correct Key Vault Secret Key Name, Should be input argument
#---------------------------------------------------------
#endregion
コード例 #18
0
    def test_adal_authentication(self):
        def success_auth():
            return {'tokenType': 'https', 'accessToken': 'cryptictoken'}

        credentials = AdalAuthentication(success_auth)
        session = credentials.signed_session()
        self.assertEqual(session.headers['Authorization'],
                         'https cryptictoken')

        def error():
            raise adal.AdalError("You hacker", {})

        credentials = AdalAuthentication(error)
        with self.assertRaises(AuthenticationError) as cm:
            session = credentials.signed_session()

        def expired():
            raise adal.AdalError("Too late",
                                 {'error_description': "AADSTS70008: Expired"})

        credentials = AdalAuthentication(expired)
        with self.assertRaises(TokenExpiredError) as cm:
            session = credentials.signed_session()

        def connection_error():
            raise ConnectionError("Plug the network")

        credentials = AdalAuthentication(connection_error)
        with self.assertRaises(AuthenticationError) as cm:
            session = credentials.signed_session()
コード例 #19
0
def get_client_from_auth_file(clientclass, auth_path=None, **kwargs):
    """Return a SDK client initialized with auth information in azureauth.properties.

    The path will be given using the environment variable AZURE_AUTH_LOCATION.
    File must be UTF-8 compliant.

    This method will fill automatically the following client parameters:
    - credentials
    - subscription_id
    - base_url

    Parameters provided in kwargs will override CLI parameters and be passed directly to the client.

    :Example:

    .. code:: python

        from azure.common.client_factory import get_client_from_auth_file
        from azure.mgmt.compute import ComputeManagementClient
        client = get_client_from_auth_file(ComputeManagementClient)

    Example of file:

    .. code:: text

        # sample management library properties file
        subscription=15dbcfa8-4b93-4c9a-881c-6189d39f04d4
        client=a2ab11af-01aa-4759-8345-7803287dbd39
        key=password
        tenant=43413cc1-5886-4711-9804-8cfea3d1c3ee
        managementURI=https://management.core.windows.net/
        baseURL=https://management.azure.com/
        authURL=https://login.windows.net/
        graphURL=https://graph.windows.net/

    .. versionadded:: 1.1.7

    :param clientclass: A SDK client class
    :param str auth_path: Path to azureauth.properties
    :return: An instanciated client
    :raises: KeyError if AZURE_AUTH_LOCATION is not an environment variable and no path is provided
    :raises: FileNotFoundError if provided file path does not exists
    """
    auth_path = auth_path or os.environ['AZURE_AUTH_LOCATION']

    with io.open(auth_path, 'r', encoding='utf-8') as auth_fd:
        content_list = [
            line.strip() for line in auth_fd.readlines()
            if line[0] != '#' and '=' in line
        ]
    config_dict = dict([tuple(line.split('=', 1)) for line in content_list])

    parameters = {
        'subscription_id': config_dict.get('subscription'),
        'base_url': config_dict.get('baseURL'),
    }

    if 'credentials' not in kwargs:
        authority_url = (config_dict['authURL'] + '/' + config_dict['tenant'])
        context = adal.AuthenticationContext(authority_url, api_version=None)
        parameters['credentials'] = AdalAuthentication(
            context.acquire_token_with_client_credentials,
            config_dict['managementURI'], config_dict['client'],
            config_dict['key'])

    parameters.update(kwargs)
    return clientclass(**parameters)
コード例 #20
0
#### STORAGE ####
# Values from .env and the blob url
# For this sample you will use the storage account key to create and access assets
# The SAS URL is not used here
storage_account_name = os.getenv('STORAGEACCOUNTNAME', 'default_val')
storage_account_key = os.getenv('STORAGEACCOUNTKEY', 'default_val')
storage_blob_url = 'https://' + storage_account_name + '.blob.core.windows.net/'

# Active Directory
LOGIN_ENDPOINT = AZURE_PUBLIC_CLOUD.endpoints.active_directory
RESOURCE = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id

# Establish credentials
context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/' + tenant_id)
credentials = AdalAuthentication(context.acquire_token_with_client_credentials,
                                 RESOURCE, client_id, key)

# The file you want to upload.  For this example, put the file in the same folder as this script.
# The file ignite.mp4 has been provided for you.
source_file = "ignite.mp4"

# Generate a random number that will be added to the naming of things so that you don't have to keep doing this during testing.
thisRandom = random.randint(0, 9999)

# Set the attributes of the input Asset using the random number
in_asset_name = 'inputassetName' + str(thisRandom)
in_alternate_id = 'inputALTid' + str(thisRandom)
in_description = 'inputdescription' + str(thisRandom)
# Create an Asset object
# From the SDK
# Asset(*, alternate_id: str = None, description: str = None, container: str = None, storage_account_name: str = None, **kwargs) -> None
コード例 #21
0
def get_app_credentials(resource, tenant_id='common'):
    context = adal.AuthenticationContext(g.aad_endpoint + tenant_id)
    credentials = AdalAuthentication(
        context.acquire_token_with_client_credentials, resource, g.clientId,
        g.clientSecret)
    return credentials
コード例 #22
0
def get_user_credentials(code, redirect_uri, resource, tenant_id='common'):
    context = adal.AuthenticationContext(g.aad_endpoint + tenant_id)
    credentials = AdalAuthentication(
        context.acquire_token_with_authorization_code, code, redirect_uri,
        resource, g.clientId, g.clientSecret)
    return credentials
コード例 #23
0
import adal
import os
from msrestazure.azure_active_directory import AdalAuthentication
from azure.mgmt.resource import ResourceManagementClient

# Service Principal
tenant = os.environ['AZURE_TENANT_ID']
client_id = os.environ['AZURE_CLIENT_ID']
password = os.environ['AZURE_CLIENT_SECRET']

# Public Azure - default values
authentication_endpoint = 'https://login.microsoftonline.com/'
azure_endpoint = 'https://management.azure.com/'

context = adal.AuthenticationContext(authentication_endpoint + tenant)
credentials = AdalAuthentication(context.acquire_token_with_client_credentials,
                                 azure_endpoint, client_id, password)
subscription_id = os.environ['AZURE_SUBSCRIPTION_ID']

resource_client = ResourceManagementClient(credentials,
                                           subscription_id,
                                           base_url=azure_endpoint)

client = ResourceManagementClient(credentials, subscription_id)

resource_group_params = {'location': 'Southindia'}

# Creating resource group

client.resource_groups.create_or_update('azure-sample-group',
                                        resource_group_params)
コード例 #24
0
ファイル: custom.py プロジェクト: aido123/aksauth
def aksauth_connect(cmd, resource_group, cluster_name, tenant, username, password):

    subscription = get_subscription_id(cmd.cli_ctx)
    
    authority_url = ('https://login.microsoftonline.com/' + tenant)
    context = adal.AuthenticationContext(
        authority_url, api_version=1.0,
        )

    LOGGER.info("Authenticating to AAD using ARM Resource and Default Client ID")

    #Create credentials object from our adal username and password flow. 
    credentials = AdalAuthentication(
        context.acquire_token_with_username_password,
        'https://management.azure.com/',
        username,
        password,
        '04b07795-8ddb-461a-bbee-02f9e1bf7b46'
    )

    LOGGER.info("Getting Kubeconfig Skeleton")
    #Get the skeleton kubeconfig
    client = ContainerServiceClient(credentials, subscription)

    credentialResults = client.managed_clusters.list_cluster_user_credentials(resource_group, cluster_name)

    LOGGER.info("Write Kubeconfig Skeleton to temp file")
    #Write skeleton kubeconfig to temp file
    fd, temp_path = tempfile.mkstemp()
    additional_file = os.fdopen(fd, 'w+t')
    try:
        additional_file.write(credentialResults.kubeconfigs[0].value.decode(encoding='UTF-8'))
        additional_file.flush()
    finally:
        additional_file.close()

    LOGGER.info("Load Kubeconfig Skeleton to dict")
    #Open skeleton kubeconfig into a dict and extract server, client and context name
    with open(temp_path) as file:
        kconfig = yaml.load(file, Loader=yaml.FullLoader)
        apiServer = kconfig.get('users')[0].get('user').get('auth-provider').get('config').get('apiserver-id')
        clientId = kconfig.get('users')[0].get('user').get('auth-provider').get('config').get('client-id')
        contextName = kconfig.get('contexts')[0].get('name')

    os.remove(temp_path)

    LOGGER.info("Authenticate with client on behalf of user to API Server App")
    #Generate access token, refresh token, expiry details using client and server
    token = context.acquire_token_with_username_password(
        resource=apiServer,
        username=username,
        password=password,
        client_id=clientId)

    LOGGER.info("Subbing in User Identity details into Kubeconfig dict")
    #Sub in above into kubeconfig dict
    kconfig['users'][0]['user']['auth-provider']['config']['access-token']=token['accessToken']
    kconfig['users'][0]['user']['auth-provider']['config']['refresh-token']=token['refreshToken']
    kconfig['users'][0]['user']['auth-provider']['config']['expires-in']=str(token['expiresIn'])
    kconfig['users'][0]['user']['auth-provider']['config']['expires-on']=token['expiresOn']

    LOGGER.info("Write Kubeconfig dict to temp file")
    #Write kubeconfig dict to temp file
    fd1, temp_path1 = tempfile.mkstemp()
    with open(temp_path1, 'w') as file:
        documents = yaml.dump(kconfig, file)

    #Get default kubeconfig location
    kconfigPath = str(Path.home()) + os.sep + '.kube' + os.sep + 'config'

    LOGGER.info("Check if ddefault Kubeconfig exists")
    #Create empty kubeconfig and path if it doesn't exist
    if os.path.exists(kconfigPath) != True:
        os.makedirs(os.path.dirname(kconfigPath), exist_ok=True)
        with open(kconfigPath, "w") as f:
            f.write("")

    LOGGER.info("merge_kubernetes_configurations temp kubeconfig with default kuebconfig")
    #Reuse Azure's method to merge our new kubeconfig with the existing one
    merge_kubernetes_configurations(kconfigPath, temp_path1, True, contextName)
コード例 #25
0
def video_analyze():
    """VideoAnalyze.

    This will analyze a video and download insights for video analysis
    """
    # Your configurations for your AMS account
    account_name = 'ams account'
    resource_group_name = 'ResourceGroup'
    subscription_id = '00000000-0000-0000-0000-000000000000'
    aad_client_id = '00000000-0000-0000-0000-000000000000'
    aad_secret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
    tenant_id = 'tenant domain or tenant id'

    # Your input file name and output folder name for encoding
    input_mp4_file_name = 'ignite.mp4'
    input_mp4_files_baseurl = 'https://shigeyfampdemo.azurewebsites.net/videos/'
    input_mp4_files = ['ignite.mp4']
    output_folder_name = 'output'
    transform_name = 'MyVideoAnalyzerTransformName'

    # The Azure Media Services (AMS) Client
    # You can now use this object to perform different operations to your AMS account.
    login_endpoint = AZURE_PUBLIC_CLOUD.endpoints.active_directory
    resource = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id
    context = adal.AuthenticationContext(login_endpoint + '/' + tenant_id)
    credentials = AdalAuthentication(
        context.acquire_token_with_client_credentials, resource, aad_client_id,
        aad_secret)
    client = AzureMediaServices(credentials, subscription_id)

    # Creating a unique suffix so that we don't have name collisions if you run the sample
    # multiple times without cleaning up.
    uniqueness = str(uuid.uuid1())
    job_name = 'job-{}'.format(uniqueness)
    output_asset_name = 'output-{}'.format(uniqueness)
    input_asset_name = 'input-{}'.format(uniqueness)

    # Ensure that you have the desired video analyzer Transform. This is really a one time setup operation.
    get_or_create_transform(client, resource_group_name, account_name,
                            transform_name,
                            VideoAnalyzerPreset(audio_language='en-US'))

    # Create a new job input
    # Option 1) Create a new job input with Asset and upload the specified local video file into it.
    #create_input_asset(client, resource_group_name, account_name, input_asset_name, input_mp4_file_name)
    #job_input = JobInputAsset(asset_name = inputasset_name)
    # Option 2) Create a new job input with HTTP
    job_input = JobInputHttp(base_uri=input_mp4_files_baseurl,
                             files=input_mp4_files)

    # Output from the encoding Job must be written to an Asset, so let's create one
    output_asset = create_output_asset(client, resource_group_name,
                                       account_name, output_asset_name)

    job = submit_job(client, resource_group_name, account_name, transform_name,
                     job_name, job_input, output_asset.name)

    # In this demo code, we will poll for Job status
    # Polling is not a recommended best practice for production applications because of the latency it introduces.
    # Overuse of this API may trigger throttling. Developers should instead use Event Grid.
    job = wait_for_job_to_finish(client, resource_group_name, account_name,
                                 transform_name, job_name)

    if job.state == JobState.finished:
        print('Job finished.')
        download_output_asset(client, resource_group_name, account_name,
                              output_asset.name, output_folder_name)
        print('Done.')
コード例 #26
0
ファイル: client_factory.py プロジェクト: ab-80/VisulaSite
def get_client_from_json_dict(client_class, config_dict, **kwargs):
    """Return a SDK client initialized with a JSON auth dict.

    The easiest way to obtain this content is to call the following CLI commands:

    .. code:: bash

        az ad sp create-for-rbac --sdk-auth

    This method will fill automatically the following client parameters:
    - credentials
    - subscription_id
    - base_url
    - tenant_id

    Parameters provided in kwargs will override parameters and be passed directly to the client.

    :Example:

    .. code:: python

        from azure.common.client_factory import get_client_from_auth_file
        from azure.mgmt.compute import ComputeManagementClient
        config_dict = {
            "clientId": "ad735158-65ca-11e7-ba4d-ecb1d756380e",
            "clientSecret": "b70bb224-65ca-11e7-810c-ecb1d756380e",
            "subscriptionId": "bfc42d3a-65ca-11e7-95cf-ecb1d756380e",
            "tenantId": "c81da1d8-65ca-11e7-b1d1-ecb1d756380e",
            "activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
            "resourceManagerEndpointUrl": "https://management.azure.com/",
            "activeDirectoryGraphResourceId": "https://graph.windows.net/",
            "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
            "galleryEndpointUrl": "https://gallery.azure.com/",
            "managementEndpointUrl": "https://management.core.windows.net/"
        }
        client = get_client_from_json_dict(ComputeManagementClient, config_dict)

    .. versionadded:: 1.1.7

    :param client_class: A SDK client class
    :param dict config_dict: A config dict.
    :return: An instantiated client
    """
    import adal
    from msrestazure.azure_active_directory import AdalAuthentication

    is_graphrbac = client_class.__name__ == 'GraphRbacManagementClient'
    is_keyvault = client_class.__name__ == 'KeyVaultClient'
    parameters = {
        'subscription_id': config_dict.get('subscriptionId'),
        'base_url': config_dict.get('resourceManagerEndpointUrl'),
        'tenant_id': config_dict.get('tenantId')  # GraphRbac
    }
    if is_graphrbac:
        parameters['base_url'] = config_dict['activeDirectoryGraphResourceId']

    if 'credentials' not in kwargs:
        # Get the right resource for Credentials
        if is_graphrbac:
            resource = config_dict['activeDirectoryGraphResourceId']
        elif is_keyvault:
            resource = "https://vault.azure.net"
        else:
            if "activeDirectoryResourceId" not in config_dict and 'resourceManagerEndpointUrl' not in config_dict:
                raise ValueError(
                    "Need activeDirectoryResourceId or resourceManagerEndpointUrl key"
                )
            resource = config_dict.get(
                'activeDirectoryResourceId',
                config_dict['resourceManagerEndpointUrl'])

        authority_url = config_dict['activeDirectoryEndpointUrl']
        is_adfs = bool(re.match('.+(/adfs|/adfs/)$', authority_url, re.I))
        if is_adfs:
            authority_url = authority_url.rstrip(
                '/'
            )  # workaround: ADAL is known to reject auth urls with trailing /
        else:
            authority_url = authority_url + '/' + config_dict['tenantId']

        context = adal.AuthenticationContext(authority_url,
                                             api_version=None,
                                             validate_authority=not is_adfs)
        parameters['credentials'] = AdalAuthentication(
            context.acquire_token_with_client_credentials, resource,
            config_dict['clientId'], config_dict['clientSecret'])

    parameters.update(kwargs)
    return _instantiate_client(client_class, **parameters)
コード例 #27
0
def main(event: func.EventGridEvent):
    result = json.dumps({
        'id': event.id,
        'data': event.get_json(),
        'topic': event.topic,
        'subject': event.subject,
        'event_type': event.event_type,
    })

    logging.info('Python EventGrid trigger processed an event: %s', result)

    blob_url = event.get_json().get('url')
    logging.info('blob URL: %s', blob_url)
    blob_name = blob_url.split("/")[-1].split("?")[0]
    logging.info('blob name: %s', blob_name)
    origin_container_name = blob_url.split("/")[-2].split("?")[0]
    logging.info('container name: %s', origin_container_name)
    storage_account_name = blob_url.split("//")[1].split(".")[0]
    logging.info('storage account name: %s', storage_account_name)

    ams_account_name = os.getenv('ACCOUNTNAME')
    resource_group_name = os.getenv('RESOURCEGROUP')
    subscription_id = os.getenv('SUBSCRIPTIONID')
    client_id = os.getenv('AZURE_CLIENT_ID')
    client_secret = os.getenv('AZURE_CLIENT_SECRET')
    TENANT_ID = os.getenv('AZURE_TENANT_ID')
    storage_blob_url = 'https://' + storage_account_name + '.blob.core.windows.net/'
    transform_name = 'faceredact'
    LOGIN_ENDPOINT = AZURE_PUBLIC_CLOUD.endpoints.active_directory
    RESOURCE = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id

    logging.info('login_endpoint: %s', LOGIN_ENDPOINT)
    logging.info('tenant_id: %s', TENANT_ID)

    out_asset_name = 'faceblurringOutput_' + datetime.utcnow().strftime(
        "%m-%d-%Y_%H:%M:%S")
    out_alternate_id = 'faceblurringOutput_' + datetime.utcnow().strftime(
        "%m-%d-%Y_%H:%M:%S")
    out_description = 'Redacted video with blurred faces'

    context = adal.AuthenticationContext(LOGIN_ENDPOINT + "/" + TENANT_ID)
    credentials = AdalAuthentication(
        context.acquire_token_with_client_credentials, RESOURCE, client_id,
        client_secret)
    client = AzureMediaServices(credentials, subscription_id)

    output_asset = Asset(alternate_id=out_alternate_id,
                         description=out_description)
    client.assets.create_or_update(resource_group_name, ams_account_name,
                                   out_asset_name, output_asset)

    token_credential = DefaultAzureCredential()
    datalake_service_client = DataLakeServiceClient(
        account_url=storage_blob_url, credential=token_credential)

    delegation_key = datalake_service_client.get_user_delegation_key(
        key_start_time=datetime.utcnow(),
        key_expiry_time=datetime.utcnow() + timedelta(hours=1))

    sas_token = generate_file_sas(account_name=storage_account_name,
                                  file_system_name=origin_container_name,
                                  directory_name="",
                                  file_name=blob_name,
                                  credential=delegation_key,
                                  permission=FileSasPermissions(read=True),
                                  expiry=datetime.utcnow() +
                                  timedelta(hours=1),
                                  protocol="https")

    sas_url = "{}?{}".format(blob_url, sas_token)
    logging.info(sas_url)

    job_name = 'Faceblurring-job_' + datetime.utcnow().strftime(
        "%m-%d-%Y_%H:%M:%S")
    job_input = JobInputHttp(label="Video_asset", files=[sas_url])
    job_output = JobOutputAsset(asset_name=out_asset_name)
    job_parameters = Job(input=job_input, outputs=[job_output])

    client.jobs.create(resource_group_name,
                       ams_account_name,
                       transform_name,
                       job_name,
                       parameters=job_parameters)
コード例 #28
0
logging.info("Creating compartment Admins group")
newCompartmentGroup = identity.create_group(
    oci.identity.models.CreateGroupDetails(
        compartment_id=tenant_compartment_id,
        name=newCompartmentName + "-Admins",
        description=newCompartmentName + "-Admins")).data

pks12_cert = crypto.load_pkcs12(
    automationassets.get_automation_certificate("AzureRunAsCertificate"))
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
                                  pks12_cert.get_privatekey())
thumbprint = automationConnection["CertificateThumbprint"]
context = adal.AuthenticationContext(
    AZURE_PUBLIC_CLOUD.endpoints.active_directory + '/' + AZTenantId)
credentials = AdalAuthentication(
    lambda: context.acquire_token_with_client_certificate(
        "https://graph.windows.net", automationConnection["ApplicationId"],
        pem_pkey, thumbprint))

graphrbac_client = GraphRbacManagementClient(credentials, AZTenantId)
AZgrp_name = "cloud-" + newCompartmentName + "-Admins"
AZgrp = next(
    graphrbac_client.groups.list(filter="startswith(displayName,'" +
                                 AZgrp_name + "')"), None)

if AZgrp is None:
    graphrbac_client.groups.create(
        GroupCreateParameters(display_name=AZgrp_name,
                              mail_nickname=AZgrp_name))
    logging.info("Creating azure AD group for admins")
else:
    logging.warning("Azure AD group for admins already exists")
コード例 #29
0
        compartment_id=newCompartmentParent.id,
        name=newCompartmentName,
        description=newCompartmentName)).data
logging.info("New compartment: %s" % newCompartment)

logging.info("Creating compartment Admins group")
newCompartmentGroup = identity.create_group(
    oci.identity.models.CreateGroupDetails(
        compartment_id=tenant_compartment_id,
        name=newCompartmentName + "-Admins",
        description=newCompartmentName + "-Admins")).data

context = adal.AuthenticationContext(
    AZURE_PUBLIC_CLOUD.endpoints.active_directory + '/' + AZTenantId)
credentials = AdalAuthentication(
    context.acquire_token_with_client_credentials, "https://graph.windows.net",
    automationassets.get_automation_variable('AzutomationAccountSPId'),
    automationassets.get_automation_variable('AutomationAccountSP_Key'))
graphrbac_client = GraphRbacManagementClient(credentials, AZTenantId)
AZgrp_name = "cloud-" + newCompartmentName + "-Admins"
AZgrp = next(
    graphrbac_client.groups.list(filter="startswith(displayName,'" +
                                 AZgrp_name + "')"), None)

if AZgrp is None:
    graphrbac_client.groups.create(
        GroupCreateParameters(display_name=AZgrp_name,
                              mail_nickname=AZgrp_name))
    logging.info("Creating azure AD group for admins")
else:
    logging.warning("Azure AD group for admins already exists")