def test_service_principal(self): creds = mock.create_autospec(ServicePrincipalCredentials) session = mock.create_autospec(OAuth2Session) creds._setup_session.return_value = session session.fetch_token.return_value = { 'expires_at':'1', 'expires_in':'2'} creds.token_uri = "token_uri" creds.verify = True creds.id = 123 creds.secret = 'secret' creds.resource = 'resource' ServicePrincipalCredentials.set_token(creds) self.assertEqual(creds.token, session.fetch_token.return_value) session.fetch_token.assert_called_with( "token_uri", client_id=123, client_secret='secret', resource='resource', response_type="client_credentials", verify=True) session.fetch_token.side_effect = oauthlib.oauth2.OAuth2Error with self.assertRaises(AuthenticationError): ServicePrincipalCredentials.set_token(creds) session = mock.create_autospec(OAuth2Session) with mock.patch.object( ServicePrincipalCredentials, '_setup_session', return_value=session): creds = ServicePrincipalCredentials("client_id", "secret", verify=False, tenant="private") session.fetch_token.assert_called_with( "https://login.microsoftonline.com/private/oauth2/token", client_id="client_id", client_secret='secret', resource='https://management.core.windows.net/', response_type="client_credentials", verify=False) with mock.patch.object( ServicePrincipalCredentials, '_setup_session', return_value=session): creds = ServicePrincipalCredentials("client_id", "secret", china=True, verify=False, tenant="private") session.fetch_token.assert_called_with( "https://login.chinacloudapi.cn/private/oauth2/token", client_id="client_id", client_secret='secret', resource='https://management.core.chinacloudapi.cn/', response_type="client_credentials", verify=False)
def get_credential(self, client_class, **kwargs): tenant_id = os.environ.get("AZURE_TENANT_ID", getattr(os.environ, "TENANT_ID", None)) client_id = os.environ.get("AZURE_CLIENT_ID", getattr(os.environ, "CLIENT_ID", None)) secret = os.environ.get("AZURE_CLIENT_SECRET", getattr(os.environ, "CLIENT_SECRET", None)) is_async = kwargs.pop("is_async", False) if tenant_id and client_id and secret and self.is_live: if _is_autorest_v3(client_class): # Create azure-identity class from azure.identity import ClientSecretCredential if is_async: from azure.identity.aio import ClientSecretCredential return ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=secret) else: # Create msrestazure class from msrestazure.azure_active_directory import ( ServicePrincipalCredentials, ) return ServicePrincipalCredentials(tenant=tenant_id, client_id=client_id, secret=secret) else: if _is_autorest_v3(client_class): if is_async: if self.is_live: raise ValueError( "Async live doesn't support mgmt_setting_real, please set AZURE_TENANT_ID, " "AZURE_CLIENT_ID, AZURE_CLIENT_SECRET" ) return AsyncFakeCredential() else: return self.settings.get_azure_core_credentials() else: return self.settings.get_credentials()
def setup_sample(self): """ Provides common setup for Key Vault samples such as creating the authentication context, sample resource group if needed, and ensuring proper access for the service principal. :return: None """ if not KeyVaultSampleBase._setup_complete: self.config.auth_context = adal.AuthenticationContext( 'https://login.microsoftonline.com/%s' % self.config.tenant_id) creds = ServicePrincipalCredentials( client_id=self.config.client_id, secret=self.config.client_secret, tenant=self.config.tenant_id) resource_mgmt_client = ResourceManagementClient( creds, self.config.subscription_id) # ensure the service principle has key vault and storage as valid providers resource_mgmt_client.providers.register('Microsoft.KeyVault') resource_mgmt_client.providers.register('Microsoft.Storage') # ensure the intended resource group exists resource_mgmt_client.resource_groups.create_or_update( resource_group_name=self.config.group_name, parameters={'location': self.config.location}) KeyVaultSampleBase._setup_complete = True
def create_clients(): config = { "tenant_id": os.environ.get("AZURE_TENANT"), "client_id": os.environ.get("AZURE_CLIENT_ID"), "client_secret": os.environ.get("AZURE_SECRET"), "subscription_id": os.environ.get("AZURE_SUBSCRIPTION_ID"), } for k, v in config.items(): if not v: raise ValueError("'{}' config value not set".format(k)) credentials = ServicePrincipalCredentials( config["client_id"], config["client_secret"], tenant=config["tenant_id"], verify=True, resource="https://management.azure.com/") alert_client = LogAnalyticsAlertClient(credentials, config["subscription_id"]) mgmt_client = LogAnalyticsManagementClient(credentials, config["subscription_id"]) return mgmt_client, alert_client
def create(self, secrets: Dict) -> ServicePrincipalCredentials: result = ServicePrincipalCredentials( client_id=secrets.get('client_id'), secret=secrets.get('client_secret'), tenant=secrets.get('tenant_id'), cloud_environment=secrets.get('cloud')) return result
def configure_advisor_threshold(): creds = ServicePrincipalCredentials(client_id=client_id, secret=secret, tenant=tenant) creds.set_token() client = AdvisorManagementClient(credentials=creds, subscription_id=subscription_id) # create a new configuration to update low CPU threshold to 20 cfg = ConfigData() cfg.properties = ConfigDataProperties(low_cpu_threshold=20, exclude=False) # update the configuration client.configurations.create_in_subscription(cfg)
def __get_credentials(creds: dict) -> ServicePrincipalCredentials: credentials = ServicePrincipalCredentials( client_id=creds['azure_client_id'], secret=creds['azure_client_secret'], tenant=creds['azure_tenant_id'], cloud_environment=__get_cloud_env_by_name(creds['azure_cloud']) ) return credentials
def create_basic_client(self, client_class, **kwargs): tenant_id = os.environ.get("AZURE_TENANT_ID", None) client_id = os.environ.get("AZURE_CLIENT_ID", None) secret = os.environ.get("AZURE_CLIENT_SECRET", None) if tenant_id and client_id and secret and self.is_live: if _is_autorest_v3(client_class): # Create azure-identity class from azure.identity import ClientSecretCredential credentials = ClientSecretCredential( tenant=tenant_id, client_id=client_id, client_secret=secret ) else: # Create msrestazure class from msrestazure.azure_active_directory import ServicePrincipalCredentials credentials = ServicePrincipalCredentials( tenant=tenant_id, client_id=client_id, secret=secret ) else: if _is_autorest_v3(client_class): credentials = self.settings.get_azure_core_credentials() else: credentials = self.settings.get_credentials() # Real client creation # FIXME decide what is the final argument for that # if self.is_playback(): # kwargs.setdefault("polling_interval", 0) if _is_autorest_v3(client_class): kwargs.setdefault("logging_enable", True) client = client_class( credential=credentials, **kwargs ) else: client = client_class( credentials=credentials, **kwargs ) if self.is_playback(): try: client._config.polling_interval = 0 # FIXME in azure-mgmt-core, make this a kwargs except AttributeError: pass if hasattr(client, "config"): # Autorest v2 if self.is_playback(): client.config.long_running_operation_timeout = 0 client.config.enable_http_logger = True return client
def __init__(self, config=None): from azure.keyvault import KeyVaultClient, KeyVaultAuthentication, AccessToken from msrestazure.azure_active_directory import ServicePrincipalCredentials super(SasDefinitionSample, self).__init__(config=config) self.keyvault_client = KeyVaultClient( ServicePrincipalCredentials(client_id=self.config.client_id, secret=self.config.client_secret, tenant=self.config.tenant_id))
def __init__(self, config=None): super(NetworkAclSample, self).__init__(config=config) creds = ServicePrincipalCredentials(client_id=self.config.client_id, secret=self.config.client_secret, tenant=self.config.tenant_id) self.mgmt_client = KeyVaultManagementClient( credentials=creds, subscription_id=self.config.subscription_id) self.vault = None
def __get_credentials(creds: dict) -> ServicePrincipalCredentials: if creds['azure_client_secret'] is not None: credentials = ServicePrincipalCredentials( client_id=creds['azure_client_id'], secret=creds['azure_client_secret'], tenant=creds['azure_tenant_id'], cloud_environment=__get_cloud_env_by_name(creds['azure_cloud'])) elif creds['access_token'] is not None: token = dict(accessToken=creds['access_token']) credentials = AADTokenCredentials(token, creds['azure_client_id']) else: raise InterruptExecution("Authentication to Azure requires a" " client secret or an access token") return credentials
def setUp(self): tenant_id = os.environ.get("AZURE_TENANT") client_id = os.environ.get("AZURE_CLIENT_ID") client_secret = os.environ.get("AZURE_SECRET") subscription_id = os.environ.get("AZURE_SUBSCRIPTION_ID") if not tenant_id or not client_id or not client_secret or not subscription_id: raise ValueError("one or more environment variables are missing") credentials = ServicePrincipalCredentials(client_id, client_secret, tenant=tenant_id, verify=True, resource="https://management.azure.com/") self.laa_client = LogAnalyticsAlertClient(credentials, subscription_id) self.lam_client = LogAnalyticsManagementClient(credentials, subscription_id) self.clean_up()
def __init__( self, azure_subscription_id, azure_tenant_id, azure_application_id, azure_application_key, logger, ): """Init command. :param str azure_subscription_id: :param str azure_tenant_id: :param str azure_application_id: :param str azure_application_key: :param str azure_application_key: :param logging.Logger logger: """ self._azure_subscription_id = azure_subscription_id self._azure_tenant_id = azure_tenant_id self._azure_application_id = azure_application_id self._azure_application_key = azure_application_key self._logger = logger self._cached_storage_account_keys = {} self._credentials = ServicePrincipalCredentials( client_id=azure_application_id, secret=azure_application_key, tenant=azure_tenant_id, ) self._subscription_client = SubscriptionClient( credentials=self._credentials) self._resource_client = ResourceManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._compute_client = ComputeManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._storage_client = StorageManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id) self._network_client = NetworkManagementClient( credentials=self._credentials, subscription_id=self._azure_subscription_id)