Exemplo n.º 1
0
def get_account_details(creds):
    subscription_client = SubscriptionClient(creds)

    model = AccountDetails()
    model.subscriptions = list(subscription_client.subscriptions.list())
    model.tenants = list(subscription_client.tenants.list())
    return model
Exemplo n.º 2
0
    def __init__(self, *args, **kwargs):
        super(Azure, self).__init__(*args, **kwargs)

        self._subscription_id = CONFIG.AZURE_SUBSCRIPTION_ID
        self._credentials = ServicePrincipalCredentials(
            client_id=CONFIG.AZURE_CLIENT_ID,
            secret=CONFIG.AZURE_SECRET,
            tenant=CONFIG.AZURE_TENANT)
        self._subscription_client = SubscriptionClient(self._credentials)
        self._compute_client = ComputeManagementClient(self._credentials,
                                                       self._subscription_id)
        self._resource_client = ResourceManagementClient(
            self._credentials, self._subscription_id)
        self._network_client = NetworkManagementClient(self._credentials,
                                                       self._subscription_id)
        self._monitor_client = MonitorClient(self._credentials,
                                             self._subscription_id)

        self._resource_groups = []
        for resource_group in self._resource_client.resource_groups.list():
            self._resource_groups.append(resource_group.name)

        for location in self._subscription_client.subscriptions.list_locations(
                self._subscription_id):
            self._regions.append(location.name)

        self._check_region()
Exemplo n.º 3
0
    def cae_test(self, credential):
        client = SubscriptionClient(credential,
                                    base_url=self.cae_settings["arm_url"])

        # get an access token for ARM
        list(client.subscriptions.list())
        first_token = credential.get_token(self.cae_settings["arm_scope"])

        if self.is_live:
            validate_ssm_token(first_token.token)

            # revoking sessions revokes access and refresh tokens
            self.disable_recording = True
            graph_token = credential.get_token("User.ReadWrite")
            response = credential._client.post(
                self.cae_settings["graph_url"].rstrip("/") +
                "/v1.0/me/revokeSignInSessions",
                headers={"Authorization": "Bearer " + graph_token.token},
            )
            self.disable_recording = False
            assert 200 <= response.status_code < 300, "session revocation failed: " + response.text(
            )

            # wait for the resource provider to observe the revocation event
            time.sleep(400)

        # The client should authorize this request with a revoked token, and receive a challenge.
        # Silent authentication will fail because the refresh token has been revoked.
        list(client.subscriptions.list())

        # the credential should have reauthenticated the user and acquired a new access token
        second_token = credential.get_token(self.cae_settings["arm_scope"])
        assert second_token.token != first_token.token
Exemplo n.º 4
0
 def create_arm_client_factory(config):
     if arm_client_factory:
         return arm_client_factory(config)
     else:
         return allow_debug_connection(
             SubscriptionClient(
                 config, base_url=CLOUD.endpoints.resource_manager))
Exemplo n.º 5
0
    def __init__(self, auth_context_factory, adal_token_cache, arm_client_factory=None):
        from azure.mgmt.resource.subscriptions import SubscriptionClient

        self._adal_token_cache = adal_token_cache
        self._auth_context_factory = auth_context_factory
        self.user_id = None # will figure out after log user in
        self._arm_client_factory = arm_client_factory or \
             (lambda config: SubscriptionClient(config, base_url=CLOUD.endpoints.resource_manager)) #pylint: disable=unnecessary-lambda
Exemplo n.º 6
0
def get_subscriptions(credentials):
    subscriptions_client = SubscriptionClient(credentials)
    subscriptions = subscriptions_client.subscriptions.list()
    subscription_list = []
    for subscription in subscriptions:
        subscription_list.append(subscription)

    return subscription_list
Exemplo n.º 7
0
def get_sub_list(context, sub_list=None):
    sub_client = SubscriptionClient(
        context.auth.resource_cred,
        base_url=context.cloudContext.cloud.endpoints.resource_manager)
    tens = [ten for ten in sub_client.tenants.list()]
    ten_asset = {
        "tenantId": tens[0].tenant_id,
        "category": tens[0].tenant_category,
        "country": tens[0].country,
        "countryCode": tens[0].country_code,
        "name": tens[0].display_name,
        "domains": tens[0].domains,
        "subscriptions": []
    }
    subs = [sub for sub in sub_client.subscriptions.list()]
    if sub_list:
        subs = filter(lambda s: s.subscription_id in sub_list_filter, subs)
    sub_ids = [sub.subscription_id for sub in subs]
    for sub in subs:
        client = ResourceManagementClient(
            context.auth.resource_cred,
            sub.subscription_id,
            base_url=context.cloudContext.cloud.endpoints.resource_manager)
        resource_groups = [rg for rg in client.resource_groups.list()]
        sub_asset = {
            "name":
            sub.display_name,
            "state":
            sub.state.value,
            "id":
            sub.id,
            "subscriptionId":
            sub.subscription_id,
            "managedBy":
            [tenant.tenant_id for tenant in sub.managed_by_tenants] or "",
            "tags": [[k, v] for k, v in sub.tags.items()] if isinstance(
                sub.tags, dict) else [],
            "resourceGroups": [{
                "id":
                rg.id,
                "name":
                rg.name,
                "location":
                rg.location,
                "type":
                rg.type,
                "managedBy":
                rg.managed_by or "",
                "tags": [[k, v] for k, v in sub.tags.items()] if isinstance(
                    sub.tags, dict) else None
            } for rg in resource_groups]
        }
        if sub.subscription_policies.spending_limit:
            sub_asset[
                "spendingLimit"] = sub.subscription_policies.spending_limit.value
        ten_asset["subscriptions"].append(sub_asset)
    Recorder.writestr("subdata.json", json.dumps([ten_asset], sort_keys=True))
    return sub_ids
Exemplo n.º 8
0
 def __init__(self,
              auth_context_factory,
              adal_token_cache,
              arm_client_factory=None):
     self._adal_token_cache = adal_token_cache
     self._auth_context_factory = auth_context_factory
     self.user_id = None  # will figure out after log user in
     self._arm_client_factory = arm_client_factory or \
          (lambda config: SubscriptionClient(config)) #pylint: disable=unnecessary-lambda
Exemplo n.º 9
0
    def _get_client(self):
        """
        :return: Azure SubscriptionClient object
        """

        if self._client is None:
            self._client = SubscriptionClient(self._config.service_principal)

        return self._client
Exemplo n.º 10
0
 def get_subscriptions(cls, credentials, email_client):
     """
     Gets the list of subscriptions that app has access to.         
     """
     subscription_client = SubscriptionClient(credentials)
     subscriptions = subscription_client.subscriptions.list()
     return [
         cls(credentials, sub["subscription_id"], email_client)
         for sub in [sub_itr.__dict__ for sub_itr in subscriptions]
     ]
Exemplo n.º 11
0
    def retrieve_accounts(self):
        if not self.__token_service.logged_in_user:
            raise UserNotLoggedInError()

        accounts = []

        sub_client = SubscriptionClient(self.__token_service.credentials)
        for sub in sub_client.subscriptions.list():
            dla_client = DataLakeAnalyticsAccountManagementClient(self.__token_service.credentials, sub.subscription_id)
            accounts.extend([AdlaAccount(account.name) for account in dla_client.accounts.list()])

        return accounts
Exemplo n.º 12
0
def _subscription_id(subscription_name: str = None) -> str:
    subscription_list = SubscriptionClient(_credential()).subscriptions.list()

    if subscription_name is None:
        return next(subscription_list).subscription_id

    for sub in subscription_list:
        if sub.display_name == subscription_name:
            return sub.subscription_id

    raise ValueError(
        f"Could not find a subscription with name {subscription_name}")
Exemplo n.º 13
0
 def _get_msi_credentials(self, subscription_id_param=None):
     credentials = MSIAuthentication()
     try:
         # try to get the subscription in MSI to test whether MSI is enabled
         subscription_client = SubscriptionClient(credentials)
         subscription = next(subscription_client.subscriptions.list())
         subscription_id = str(subscription.subscription_id)
         return {
             'credentials': credentials,
             'subscription_id': subscription_id_param or subscription_id
         }
     except Exception as exc:
         return None
Exemplo n.º 14
0
 def _get_msi_credentials(self, subscription_id_param=None):
     credentials = MSIAuthentication()
     subscription_id_param = subscription_id_param or os.environ.get(AZURE_CREDENTIAL_ENV_MAPPING['subscription_id'], None)
     try:
         # try to get the subscription in MSI to test whether MSI is enabled
         subscription_client = SubscriptionClient(credentials)
         subscription = next(subscription_client.subscriptions.list())
         subscription_id = str(subscription.subscription_id)
         return {
             'credentials': credentials,
             'subscription_id': subscription_id_param or subscription_id
         }
     except Exception as exc:
         return None
Exemplo n.º 15
0
def make_azure_items(all_credentials):
    """Make simplestreams Items for existing Azure images.

    All versions of all images matching IMAGE_SPEC will be returned.

    all_credentials is a dict of credentials in the credentials.yaml
    structure, used to create Azure credentials.
    """
    subscription_id, credentials = get_azure_credentials(all_credentials)
    sub_client = SubscriptionClient(credentials)
    client = ComputeManagementClient(credentials, subscription_id)
    locations = sub_client.subscriptions.list_locations(subscription_id)
    items = find_ubuntu_items(client, locations)
    items.extend(find_spec_items(client, locations))
    return items
Exemplo n.º 16
0
 def _get_msi_credentials(self, subscription_id_param=None):
     credentials = MSIAuthentication()
     subscription_id = subscription_id_param or os.environ.get(
         AZURE_CREDENTIAL_ENV_MAPPING['subscription_id'], None)
     if not subscription_id:
         try:
             # use the first subscription of the MSI
             subscription_client = SubscriptionClient(credentials)
             subscription = next(subscription_client.subscriptions.list())
             subscription_id = str(subscription.subscription_id)
         except Exception as exc:
             self.fail(
                 "Failed to get MSI token: {0}. "
                 "Please check whether your machine enabled MSI or grant access to any subscription."
                 .format(str(exc)))
     return {'credentials': credentials, 'subscription_id': subscription_id}
Exemplo n.º 17
0
 def available_subscriptions(self):
     """Retrieve the currently available subscriptions to populate
     the subscription selection drop down.
     """
     if not self.subscription_client:
         self.subscription_client = SubscriptionClient(
             self.mgmtCredentials,
             base_url=self.aad_environment_provider.getResourceManager(
                 self.aad_environment_id))
     all_subscriptions = self._call(
         self.subscription_client.subscriptions.list)
     self.subscriptions = []
     for subscription in all_subscriptions:
         self.subscriptions.append(subscription)
     self.count = len(self.subscriptions)
     return self.subscriptions
Exemplo n.º 18
0
def main(output):
    """
    Generate a c7n-org subscriptions config file
    """

    client = SubscriptionClient(Session().get_credentials())
    subs = [sub.serialize(True) for sub in client.subscriptions.list()]
    results = []
    for sub in subs:
        sub_info = {
            'subscription_id': sub['subscriptionId'],
            'name': sub['displayName']
        }
        results.append(sub_info)

    print(yaml_dump({'subscriptions': results}), file=output)
Exemplo n.º 19
0
def get_tenant_id(subscription_id):
    # Get the default ARM App Only Access Token
    tenant_id = 'common'
    credentials = get_app_credentials(g.resource_arm, tenant_id)
    subscriptions_client = SubscriptionClient(credentials)

    # Try to get information about the subscription, expect an error
    try:
        subscriptions_client.subscriptions.get(subscription_id)
    except Exception as e:
        # If Error says the token is from the wrong tenant, parse the correct tenant, and return it
        if 'InvalidAuthenticationTokenTenant' in str(e):
            tenant_id = re.findall(
                "Please use the authority \(URL\) 'https\:\/\/login\.windows\.net\/(.*)'",
                str(e))[0]

    return tenant_id
Exemplo n.º 20
0
def test_cae(credential):
    print("testing CAE with " + credential.__class__.__name__)
    # Enable NetworkTraceLoggingPolicy by setting logging_enable
    client = SubscriptionClient(credential,
                                base_url=ARM_URL,
                                logging_enable=True)

    # verify the credential can get a valid access token
    list(client.subscriptions.list())
    first_token = credential.get_token(ARM_SCOPE)
    print("acquired access token for ARM:")
    print(first_token.token)

    # verify it's a CAE token, i.e. that it can be revoked
    _, payload, _ = first_token.token.split(".")
    decoded_payload = base64.urlsafe_b64decode(payload + "==").decode()
    parsed_payload = json.loads(decoded_payload)
    assert (  # ssm == Smart Session Management
        parsed_payload.get("xms_ssm") == "1"
    ), "CAE isn't enabled for the tenant or user, or MSAL didn't claim client capability CP1"

    # revoking the user's sessions will revoke access and refresh tokens
    graph_token = credential.get_token("User.ReadWrite")
    response = requests.post(
        "https://graph.microsoft.com/v1.0/me/revokeSignInSessions",
        headers={"Authorization": "Bearer " + graph_token.token},
    )
    response.raise_for_status()
    print("revoked user's sessions")

    print("waiting for ARM to revoke tokens...")  # usually takes <5 minutes
    retry_delay = 10
    for i in range(600 // retry_delay):
        list(client.subscriptions.list())
        current_token = credential.get_token(ARM_SCOPE)
        if current_token.token != first_token.token:
            print("silently completed a claims challenge")
            return
        time.sleep(retry_delay)
        print("...%i seconds" % ((i + 1) * retry_delay))

    print("inconclusive test -- the first ARM token hasn't been revoked")
Exemplo n.º 21
0
    def retrieve_accounts(self, page_index, page_account_number):
        if (not self.__token_service.logged_in_user):
            raise UserNotLoggedInError()

        accounts = []

        sub_client = SubscriptionClient(self.__token_service.credentials)
        for sub in sub_client.subscriptions.list():
            dla_client = DataLakeAnalyticsAccountManagementClient(
                self.__token_service.credentials, sub.subscription_id)
            accounts.extend([
                AdlaAccount(account.name)
                for account in dla_client.account.list()
            ])

        accounts.sort(key=lambda account: getattr(account, "name"))

        skipped_account_number = page_index * page_account_number
        return accounts[skipped_account_number:skipped_account_number +
                        page_account_number]
Exemplo n.º 22
0
    def _configure_post_auth(self):
        self.mgmtCredentials = AADTokenCredentials(
            self.mgmt_auth_token,
            cloud_environment=self.aad_environment_provider.
            getEnvironmentForId(self.aad_environment_id),
            tenant=self.aad_tenant_name)
        self.batchCredentials = AADTokenCredentials(
            self.batch_auth_token,
            cloud_environment=self.aad_environment_provider.
            getEnvironmentForId(self.aad_environment_id),
            tenant=self.aad_tenant_name)

        if self.can_init_from_config:
            self.init_from_config()
            self.ui.init_from_config()

        else:
            self.subscription_client = SubscriptionClient(
                self.mgmtCredentials,
                base_url=self.aad_environment_provider.getResourceManager(
                    self.aad_environment_id))
            self.ui.init_post_auth()
Exemplo n.º 23
0
from azure.mgmt.resource.resources import ResourceManagementClient

from azure_identity_credential_adapter import AzureIdentityCredentialAdapter

credentials = AzureIdentityCredentialAdapter()

LOCATION = 'westus'

print('Retrieving AppMetadata')

r = requests.get("http://localhost:5000/appmetadata")
app_metadata = r.json()

print('Retrieving Subscriptions')

subscription_client = SubscriptionClient(credentials)
subscriptions = subscription_client.subscriptions.list()

for subscription in subscriptions:
    resource_client = ResourceManagementClient(credentials,
                                               subscription.subscription_id)

    resources_with_appid_tag = resource_client.resource_groups.list(
        filter="tagName eq 'appid'")

    for resource in resources_with_appid_tag:
        print(f'Syncing {resource.name}')

        app_metadatum = next(
            (x for x in app_metadata if x['id'] == resource.tags['appid']),
            None)
Exemplo n.º 24
0
 def __init__(self, config: AzureCredentialConfig):
     self._client = SubscriptionClient(config.credentials)
Exemplo n.º 25
0
 def subscription_client(self):
     if not self._subscription_client:
         self._subscription_client = SubscriptionClient(self._credentials)
     return self._subscription_client
Exemplo n.º 26
0
    # Credentials may be kept in a separate file outside of source control.
    from _deploy.deploy_credentials import CREDENTIALS, SUBSCRIPTION_ID
except ImportError:
    pass

if not CREDENTIALS:
    print("The provided credentials were invalid.", file=sys.stderr)
    print("Review deploy.py and update deployment settings as necessary.",
          file=sys.stderr)
    sys.exit(1)

if not SUBSCRIPTION_ID:
    # Display a list of available subscriptions if SUBSCRIPTION_ID was not given

    from azure.mgmt.resource.subscriptions import SubscriptionClient
    sc = SubscriptionClient(CREDENTIALS)
    print(
        'SUBSCRIPTION_ID was not provided. Select an id from the following list.'
    )
    for sub in sc.subscriptions.list():
        print('    {}: {}'.format(sub.subscription_id, sub.display_name))
    sys.exit(1)

#endregion
#################################################

from azure.mgmt.resource.resources import ResourceManagementClient
from azure.mgmt.resource.resources.models import ResourceGroup, DeploymentProperties, DeploymentMode

from _deploy.deploy_helpers import get_package, print_operation_results, Site
Exemplo n.º 27
0
def subscriptions() -> List[str]:
    """Returns list of all Azure subscriptions logged in user has read access to."""
    return [
        sub.display_name
        for sub in SubscriptionClient(_credential()).subscriptions.list()
    ]