def get_kubernetes_namespace(organization, project, cluster, subscription_id,
subscription_name, tenant_id, azure_env):
choice_list = []
existing_namespace_list = []
choice_list.append("Create new")
se_request_obj = get_se_kubernetes_namespace_request_obj(
subscription_id, subscription_name, cluster['id'], cluster['name'],
cluster['fqdn'], azure_env, tenant_id)
se_client = get_service_endpoint_client(organization=organization)
se_result = se_client.execute_service_endpoint_request(
service_endpoint_request=se_request_obj,
project=project,
endpoint_id=cluster['name'])
if se_result.result:
import json
for namespace in se_result.result:
ns_json_obj = json.loads(namespace)
existing_namespace_list.append(ns_json_obj['Value'])
choice_list.append(ns_json_obj['Value'])
choice = prompt_user_friendly_choice_list(
"Which kubernetes namespace do you want to target?", choice_list)
if choice == 0:
create_namespace = True
namespace = prompt_not_empty(
"Enter a name for new namespace to create: ")
print('')
else:
create_namespace = False
namespace = existing_namespace_list[choice - 1]
return create_namespace, namespace
def update_service_endpoint(
id,
enable_for_all=None,
organization=None, # pylint: disable=redefined-builtin
project=None,
detect=None):
"""Update a service endpoint
:param id: ID of the service endpoint.
:type id: str
"""
if enable_for_all is None:
raise CLIError('Atleast one property to be updated must be specified.')
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
se = client.get_service_endpoint_details(project, id)
# set authorization if get service endpoint succeeded
from azext_devops.dev.pipelines.pipeline_utils import set_authorize_resource, get_authorize_resource
set_authorize_resource(authorized=enable_for_all,
res_id=se.id,
name=se.name,
res_type='endpoint',
organization=organization,
project=project)
authorized = get_authorize_resource(res_id=se.id,
res_type='endpoint',
organization=organization,
project=project)
return ServiceEndpointAuthorized(service_endpoint_parameters=se,
authorized=authorized)
def create_github_service_endpoint(name,
github_url,
organization=None,
project=None,
detect=None):
""" Create a GitHub service endpoint.
:param name: Name of service endpoint to create
:type name: str
:param github_url: Url for github for creating service endpoint
:type github_url: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
if AZ_DEVOPS_GITHUB_PAT_ENVKEY not in os.environ:
error_message = 'Please pass GitHub access token in ' + AZ_DEVOPS_GITHUB_PAT_ENVKEY +\
' environment variable in non-interactive mode.'
verify_is_a_tty_or_raise_error(error_message)
github_access_token = prompt_pass('GitHub access token:', confirm=True)
else:
logger.debug('Picking GitHub PAT from environment variable')
github_access_token = os.environ[AZ_DEVOPS_GITHUB_PAT_ENVKEY]
service_endpoint_authorization = EndpointAuthorization(
parameters={'accessToken': github_access_token},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN)
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
name=name,
type=SERVICE_ENDPOINT_TYPE_GITHUB,
url=github_url)
return client.create_service_endpoint(service_endpoint_to_create, project)
def list_service_endpoints(organization=None, project=None, detect=None):
"""List service endpoints in a project.
:rtype: list of :class:`VssJsonCollectionWrapper <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
return client.get_service_endpoints(project)
def show_service_endpoint(id, organization=None, project=None, detect=None): # pylint: disable=redefined-builtin
"""Get the details of a service endpoint.
:param id: ID of the service endpoint.
:type id: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
return client.get_service_endpoint_details(project, id)
def _get_service_endpoints(organization, project, endpoint_type=None):
"""
Get the list of existing service connections filtered by type if mentioned
"""
client = get_service_endpoint_client(organization)
all_connections = client.get_service_endpoints(project)
if endpoint_type is None:
return all_connections
filtered_connection = []
for connection in all_connections:
if connection.type.lower() == endpoint_type.lower():
filtered_connection.append(connection)
return filtered_connection
def poll_connection_ready(organization, project, connection_id):
import colorama
import humanfriendly
import time
colorama.init()
with humanfriendly.Spinner(label="Checking resource readiness") as spinner:
se_client = get_service_endpoint_client(organization)
while True:
spinner.step()
time.sleep(0.5)
service_endpoint = se_client.get_service_endpoint_details(
project, connection_id)
if service_endpoint.is_ready:
break
def delete_service_endpoint(id,
deep=False,
organization=None,
project=None,
detect=None): # pylint: disable=redefined-builtin
"""Deletes service endpoint
:param id: Id of the service endpoint to delete.
:type id: str
:param deep: Specific to AzureRM endpoint created in Automatic flow. When it is specified,
this will also delete corresponding AAD application in Azure.
:type deep: bool
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
return client.delete_service_endpoint(project, id, deep)
def list_service_endpoints(organization=None, project=None, detect=None):
"""List service endpoints in a project.
:param organization: Azure Devops organization URL. Example: https://dev.azure.com/MyOrganizationName/
:type organization: str
:param project: Name or ID of the project.
:type project: str
:param detect: Automatically detect organization. Default is "on".
:type detect: str
:rtype: list of :class:`VssJsonCollectionWrapper <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
try:
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
return client.get_service_endpoints(project)
except VstsServiceError as ex:
raise CLIError(ex)
def get_github_service_endpoint(organization, project):
"""
This will try to create a GitHub service connection if there is no existing one in the project
GitHub pat token will be asked for interactively or can be provided
by setting the Environment variable AZ_DEVOPS_GITHUB_PAT_ENVKEY.
Service endpoint connection name is asked as input from the user
"""
from azext_devops.dev.common.identities import get_current_identity, get_account_from_identity
authenticated_user_unique_id = get_account_from_identity(
get_current_identity(organization))
se_client = get_service_endpoint_client(organization)
existing_service_endpoints = _get_service_endpoints(
organization, project, 'github')
service_endpoints_choice_list = ['Create new GitHub service connection']
github_service_endpoints = []
choice = 0
for endpoint in existing_service_endpoints:
if (endpoint.authorization.scheme == 'InstallationToken'
or authenticated_user_unique_id
== endpoint.created_by.unique_name):
service_endpoints_choice_list.append('{}'.format(endpoint.name))
github_service_endpoints.append(endpoint)
if github_service_endpoints:
choice = prompt_user_friendly_choice_list(
"Which service connection do you want to use to communicate with GitHub?",
service_endpoints_choice_list)
if choice > 0:
logger.debug('Using service endpoint index (%s) name (%s)', choice,
github_service_endpoints[choice - 1].name)
return github_service_endpoints[choice - 1].id
logger.debug("Creating a new service endpoint.")
github_pat = get_github_pat_token()
se_name = prompt_not_empty('Enter a service connection name to create? ')
print('')
service_endpoint_authorization = EndpointAuthorization(
parameters={'accessToken': github_pat}, scheme='PersonalAccessToken')
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
name=se_name,
type='github',
url='https://github.com/')
return se_client.create_service_endpoint(service_endpoint_to_create,
project).id
def show_service_endpoint(id, organization=None, project=None, detect=None): # pylint: disable=redefined-builtin
"""Get the details of a service endpoint.
:param id: ID of the service endpoint.
:type id: str
:param organization: Azure Devops organization URL. Example: https://dev.azure.com/MyOrganizationName/
:type organization: str
:param project: Name or ID of the project.
:type project: str
:param detect: Automatically detect organization. Default is "on".
:type detect: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
try:
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
return client.get_service_endpoint_details(project, id)
except VstsServiceError as ex:
raise CLIError(ex)
def create_service_endpoint(service_endpoint_configuration,
encoding='utf-8',
organization=None,
project=None,
detect=None):
"""Create a service endpoint using configuration file.
:param name: Name of service endpoint to create
:type name: str
:param service_endpoint_configuration: Configuration file with service endpoint request.
:type service_endpoint_configuration: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
from azext_devops.dev.common.utils import read_file_content
in_file_content = read_file_content(
file_path=service_endpoint_configuration, encoding=encoding)
import json
service_endpoint_to_create = json.loads(in_file_content)
return client.create_service_endpoint(service_endpoint_to_create, project)
def create_import_request(git_source_url, project=None, repository=None,
requires_authorization=False,
user_name=None,
git_service_endpoint_id=None,
organization=None, detect=None):
"""Create a git import request
:param repository: Name or ID of the repository to create the import request in.
:type repository: str
:param git_source_url: Url of the source git repository.
:type git_source_url: str
:param requires_authorization: Flag to tell if source git repository is private.
:type requires_authorization: bool
:param user_name: User name in case source git repository is private.
:type user_name: str
:param git_service_endpoint_id: Service Endpoint for connection to external endpoint.
:type git_service_endpoint_id: str
"""
organization, project, repository = resolve_instance_project_and_repo(
detect=detect,
organization=organization,
project=project,
repo=repository,
repo_required=True)
delete_se_after_import = False
password = None
import random
import string
import os
if requires_authorization and git_service_endpoint_id is None:
delete_se_after_import = True
if GIT_SOURCE_PASSWORD_OR_PAT in os.environ:
password = os.environ[GIT_SOURCE_PASSWORD_OR_PAT]
else:
error_message = 'Please specify target git password / PAT in ' + GIT_SOURCE_PASSWORD_OR_PAT +\
' environment variable in non-interactive mode.'
verify_is_a_tty_or_raise_error(error_message)
password = prompt_pass('Git Password / PAT:', confirm=True)
service_endpoint_authorization = EndpointAuthorization(
parameters={'password': password, 'username': user_name},
scheme='UsernamePassword')
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
name=''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(10)),
type='git',
url=git_source_url)
client = get_service_endpoint_client(organization)
se_created = client.create_service_endpoint(service_endpoint_to_create, project)
git_service_endpoint_id = se_created.id
client = get_git_client(organization)
gitImportGitSource = GitImportGitSource(overwrite=False, url=git_source_url)
gitImportRequestParameter = GitImportRequestParameters(
delete_service_endpoint_after_import_is_done=delete_se_after_import,
git_source=gitImportGitSource,
service_endpoint_id=git_service_endpoint_id,
tfvc_source=None)
gitImportRequest = GitImportRequest(parameters=gitImportRequestParameter)
importRequest = client.create_import_request(import_request=gitImportRequest, project=project,
repository_id=repository)
return _wait_for_import_request(client, project, repository, importRequest.import_request_id)
def create_service_endpoint(service_endpoint_type,
authorization_scheme,
name,
github_access_token=None,
github_url=None,
azure_rm_tenant_id=None,
azure_rm_service_principal_id=None,
azure_rm_service_principal_key=None,
azure_rm_subscription_id=None,
azure_rm_subscription_name=None,
organization=None,
project=None,
detect=None):
"""Create a service endpoint
:param service_endpoint_type: Type of service endpoint
:type service_endpoint_type: str
:param name: Name of service endpoint to create
:type name: str
:param authorization_scheme: Authorization to be used in service endpoint creation
Github service endpoint supports PersonalAccessToken
AzureRm service endpoint supports ServicePrincipal
:type authorization_scheme: str
:param github_access_token: PAT token of github for creating github service endpoint
:type github_access_token: str
:param github_url: Url for github for creating service endpoint
:type github_url: str
:param azure_rm_tenant_id: tenant id for creating azure rm service endpoint
:type azure_rm_tenant_id: str
:param azure_rm_service_principal_id: service principal id for creating azure rm service endpoint
:type azure_rm_service_principal_id: str
:param azure_rm_service_principal_key: key/password for service principal used to create azure rm service endpoint
:type azure_rm_service_principal_key: str
:param azure_rm_subscription_id: subscription id for azure rm service endpoint
:type azure_rm_subscription_id: str
:param azure_rm_subscription_name: name of azure subscription for azure rm service endpoint
:type azure_rm_subscription_name: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
if (service_endpoint_type == SERVICE_ENDPOINT_TYPE_GITHUB
and authorization_scheme
== SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN):
if not github_access_token:
try:
github_access_token = prompt_pass('GitHub access token:',
confirm=True)
except NoTTYException:
raise CLIError(
'Please specify --github-access-token in non-interactive mode.'
)
service_endpoint_authorization = EndpointAuthorization(
parameters={'accessToken': github_access_token},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN)
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
name=name,
type=SERVICE_ENDPOINT_TYPE_GITHUB,
url=github_url)
return client.create_service_endpoint(service_endpoint_to_create,
project)
if (service_endpoint_type == SERVICE_ENDPOINT_TYPE_AZURE_RM
and authorization_scheme
== SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL):
if not azure_rm_service_principal_key:
try:
azure_rm_service_principal_key = prompt_pass(
'Azure RM service principal key:', confirm=True)
except NoTTYException:
raise CLIError(
'Please specify --azure-rm-service-principal-key in non-interactive mode.'
)
service_endpoint_authorization = EndpointAuthorization(
parameters={
'tenantid': azure_rm_tenant_id,
'serviceprincipalid': azure_rm_service_principal_id,
'authenticationType': 'spnKey',
'serviceprincipalkey': azure_rm_service_principal_key
},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL)
service_endpoint_data = {
'subscriptionId': azure_rm_subscription_id,
'subscriptionName': azure_rm_subscription_name,
'environment': 'AzureCloud',
'creationMode': 'Manual'
}
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
data=service_endpoint_data,
name=name,
type=SERVICE_ENDPOINT_TYPE_AZURE_RM,
url='https://management.azure.com/')
return client.create_service_endpoint(service_endpoint_to_create,
project)
raise CLIError(
'This combination of endpoint type is not supported with this authorization scheme.'
)
def create_service_endpoint(service_endpoint_type,
authorization_scheme,
name,
github_access_token=None,
github_url=None,
azure_rm_tenant_id=None,
azure_rm_service_principal_id=None,
azure_rm_service_prinicipal_key=None,
azure_rm_subscription_id=None,
azure_rm_subscription_name=None,
organization=None,
project=None,
detect=None):
"""Create a service endpoint
:param service_endpoint_type: Type of service endpoint
:type service_endpoint_type: str
:param name: Name of service endpoint to create
:type name: str
:param authorization_scheme: Authorization to be used in service endpoint creation
Github service endpoint supports PersonalAccessToken
AzureRm service endpoint supports ServicePrincipal
:type authorization_scheme: str
:param github_access_token: PAT token of github for creating github service endpoint
:type github_access_token: str
:param github_url: Url for github for creating service endpoint
:type github_url: str
:param azure_rm_tenant_id: tenant id for creating azure rm service endpoint
:type azure_rm_tenant_id: str
:param azure_rm_service_principal_id: service principal id for creating azure rm service endpoint
:type azure_rm_service_principal_id: str
:param azure_rm_service_prinicipal_key: key/password for service principal used to create azure rm service endpoint
:type azure_rm_service_prinicipal_key: str
:param azure_rm_subscription_id: subscription id for azure rm service endpoint
:type azure_rm_subscription_id: str
:param azure_rm_subscription_name: name of azure subscription for azure rm service endpoint
:type azure_rm_subscription_name: str
:param organization: Azure Devops organization URL. Example: https://dev.azure.com/MyOrganizationName/
:type organization: str
:param project: Name or ID of the project.
:type project: str
:param detect: Automatically detect organization. Default is "on".
:type detect: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
try:
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
if (service_endpoint_type == SERVICE_ENDPOINT_TYPE_GITHUB
and authorization_scheme
== SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN):
service_endpoint_authorization = EndpointAuthorization(
parameters={'accessToken': github_access_token},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN)
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
name=name,
type=SERVICE_ENDPOINT_TYPE_GITHUB,
url=github_url)
return client.create_service_endpoint(service_endpoint_to_create,
project)
if (service_endpoint_type == SERVICE_ENDPOINT_TYPE_AZURE_RM
and authorization_scheme
== SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL):
service_endpoint_authorization = EndpointAuthorization(
parameters={
'tenantid': azure_rm_tenant_id,
'serviceprincipalid': azure_rm_service_principal_id,
'authenticationType': 'spnKey',
'serviceprincipalkey': azure_rm_service_prinicipal_key
},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL)
service_endpoint_data = {
'subscriptionId': azure_rm_subscription_id,
'subscriptionName': azure_rm_subscription_name,
'environment': 'AzureCloud',
'creationMode': 'Manual'
}
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
data=service_endpoint_data,
name=name,
type=SERVICE_ENDPOINT_TYPE_AZURE_RM,
url='https://management.azure.com/')
return client.create_service_endpoint(service_endpoint_to_create,
project)
raise CLIError(
'This combination of endpoint type is not supported with this authorization scheme.'
)
except VstsServiceError as ex:
raise CLIError(ex)
def create_service_endpoint(service_endpoint_type,
authorization_scheme,
name,
github_url=None,
azure_rm_tenant_id=None,
azure_rm_service_principal_id=None,
azure_rm_subscription_id=None,
azure_rm_subscription_name=None,
organization=None,
project=None,
detect=None):
""" (PREVIEW) Create a service endpoint
:param service_endpoint_type: Type of service endpoint
:type service_endpoint_type: str
:param name: Name of service endpoint to create
:type name: str
:param authorization_scheme: Authorization to be used in service endpoint creation
Github service endpoint supports PersonalAccessToken
AzureRm service endpoint supports ServicePrincipal
:type authorization_scheme: str
:param github_url: Url for github for creating service endpoint
:type github_url: str
:param azure_rm_tenant_id: tenant id for creating azure rm service endpoint
:type azure_rm_tenant_id: str
:param azure_rm_service_principal_id: service principal id for creating azure rm service endpoint
:type azure_rm_service_principal_id: str
:param azure_rm_subscription_id: subscription id for azure rm service endpoint
:type azure_rm_subscription_id: str
:param azure_rm_subscription_name: name of azure subscription for azure rm service endpoint
:type azure_rm_subscription_name: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
if (service_endpoint_type == SERVICE_ENDPOINT_TYPE_GITHUB
and authorization_scheme
== SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN):
if AZ_DEVOPS_GITHUB_PAT_ENVKEY not in os.environ:
error_message = 'Please pass GitHub access token in ' + AZ_DEVOPS_GITHUB_PAT_ENVKEY +\
' environment variable in non-interactive mode.'
verify_is_a_tty_or_raise_error(error_message)
github_access_token = prompt_pass('GitHub access token:',
confirm=True)
else:
github_access_token = os.environ[AZ_DEVOPS_GITHUB_PAT_ENVKEY]
service_endpoint_authorization = EndpointAuthorization(
parameters={'accessToken': github_access_token},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_PERSONAL_ACCESS_TOKEN)
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
name=name,
type=SERVICE_ENDPOINT_TYPE_GITHUB,
url=github_url)
return client.create_service_endpoint(service_endpoint_to_create,
project)
if (service_endpoint_type == SERVICE_ENDPOINT_TYPE_AZURE_RM
and authorization_scheme
== SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL):
AZURE_RM_SP_KEY_END_VARIABLE_NAME = CLI_ENV_VARIABLE_PREFIX + 'AZURE_RM_SERVICE_PRINCIPAL_KEY'
if AZURE_RM_SP_KEY_END_VARIABLE_NAME not in os.environ:
error_message = 'Please specify azure service principal key in ' + AZURE_RM_SP_KEY_END_VARIABLE_NAME +\
' environment variable in non-interactive mode.'
verify_is_a_tty_or_raise_error(error_message)
azure_rm_service_principal_key = prompt_pass(
'Azure RM service principal key:', confirm=True)
else:
azure_rm_service_principal_key = os.environ[
AZURE_RM_SP_KEY_END_VARIABLE_NAME]
service_endpoint_authorization = EndpointAuthorization(
parameters={
'tenantid': azure_rm_tenant_id,
'serviceprincipalid': azure_rm_service_principal_id,
'authenticationType': 'spnKey',
'serviceprincipalkey': azure_rm_service_principal_key
},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL)
service_endpoint_data = {
'subscriptionId': azure_rm_subscription_id,
'subscriptionName': azure_rm_subscription_name,
'environment': 'AzureCloud',
'creationMode': 'Manual'
}
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
data=service_endpoint_data,
name=name,
type=SERVICE_ENDPOINT_TYPE_AZURE_RM,
url='https://management.azure.com/')
return client.create_service_endpoint(service_endpoint_to_create,
project)
raise CLIError(
'This combination of endpoint type is not supported with this authorization scheme.'
)
def create_azurerm_service_endpoint(
name,
azure_rm_tenant_id,
azure_rm_service_principal_id,
azure_rm_subscription_id,
azure_rm_subscription_name,
azure_rm_service_principal_certificate_path=None,
organization=None,
project=None,
detect=None):
""" Create an Azure RM type service endpoint.
:param name: Name of service endpoint to create
:type name: str
:param azure_rm_tenant_id: tenant id for creating azure rm service endpoint
:type azure_rm_tenant_id: str
:param azure_rm_service_principal_id: service principal id for creating azure rm service endpoint
:type azure_rm_service_principal_id: str
:param azure_rm_subscription_id: subscription id for azure rm service endpoint
:type azure_rm_subscription_id: str
:param azure_rm_service_principal_certificate_path: Path to (.pem) which is certificate.
Create using command "openssl pkcs12 -in file.pfx -out file.pem -nodes -password pass:<password_here>".
More details : https://aka.ms/azure-devops-cli-service-endpoint
:type azure_rm_service_principal_certificate_path: str
:param azure_rm_subscription_name: name of azure subscription for azure rm service endpoint
:type azure_rm_subscription_name: str
:rtype: :class:`ServiceEndpoint <service_endpoint.v4_1.models.ServiceEndpoint>`
"""
organization, project = resolve_instance_and_project(
detect=detect, organization=organization, project=project)
client = get_service_endpoint_client(organization)
service_endpoint_authorization = EndpointAuthorization(
parameters={
'tenantid': azure_rm_tenant_id,
'serviceprincipalid': azure_rm_service_principal_id
},
scheme=SERVICE_ENDPOINT_AUTHORIZATION_SERVICE_PRINCIPAL)
if azure_rm_service_principal_certificate_path is None:
AZURE_RM_SP_KEY_END_VARIABLE_NAME = CLI_ENV_VARIABLE_PREFIX + 'AZURE_RM_SERVICE_PRINCIPAL_KEY'
if AZURE_RM_SP_KEY_END_VARIABLE_NAME not in os.environ:
error_message = 'Please specify azure service principal key in ' + AZURE_RM_SP_KEY_END_VARIABLE_NAME +\
' environment variable in non-interactive mode or use ' +\
'--azure-rm-service-principal-certificate-path.'
verify_is_a_tty_or_raise_error(error_message)
azure_rm_service_principal_key = prompt_pass(
'Azure RM service principal key:', confirm=True)
else:
logger.debug(
'Picking Azure RM principal key from environment variable')
azure_rm_service_principal_key = os.environ[
AZURE_RM_SP_KEY_END_VARIABLE_NAME]
service_endpoint_authorization.parameters[
'authenticationType'] = 'spnKey'
service_endpoint_authorization.parameters[
'serviceprincipalkey'] = azure_rm_service_principal_key
else:
with open(azure_rm_service_principal_certificate_path, "r") as f:
service_endpoint_authorization.parameters[
'authenticationType'] = 'spnCertificate'
service_endpoint_authorization.parameters[
'servicePrincipalCertificate'] = f.read()
service_endpoint_data = {
'subscriptionId': azure_rm_subscription_id,
'subscriptionName': azure_rm_subscription_name,
'environment': 'AzureCloud',
'creationMode': 'Manual'
}
service_endpoint_to_create = ServiceEndpoint(
authorization=service_endpoint_authorization,
data=service_endpoint_data,
name=name,
type=SERVICE_ENDPOINT_TYPE_AZURE_RM,
url='https://management.azure.com/')
return client.create_service_endpoint(service_endpoint_to_create, project)
