def get_automation_runas_credential(runas_connection, resource_url, authority_url ):
""" Returns credentials to authenticate against Azure resoruce manager """
from OpenSSL import crypto
from msrestazure import azure_active_directory
import adal
# Get the Azure Automation RunAs service principal certificate
cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
pks12_cert = crypto.load_pkcs12(cert)
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pks12_cert.get_privatekey())
# Get run as connection information for the Azure Automation service principal
application_id = runas_connection["ApplicationId"]
thumbprint = runas_connection["CertificateThumbprint"]
tenant_id = runas_connection["TenantId"]
# Authenticate with service principal certificate
authority_full_url = (authority_url + '/' + tenant_id)
context = adal.AuthenticationContext(authority_full_url)
return azure_active_directory.AdalAuthentication(
lambda: context.acquire_token_with_client_certificate(
resource_url,
application_id,
pem_pkey,
thumbprint)
)
def get_automation_runas_token(runas_connection):
""" Returs a token that can be used to authenticate against Azure resources """
from OpenSSL import crypto
import adal
# Get the Azure Automation RunAs service principal certificate
cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
sp_cert = crypto.load_pkcs12(cert)
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
sp_cert.get_privatekey())
# Get run as connection information for the Azure Automation service principal
application_id = runas_connection["ApplicationId"]
thumbprint = runas_connection["CertificateThumbprint"]
tenant_id = runas_connection["TenantId"]
# Authenticate with service principal certificate
resource = "https://management.core.windows.net/"
authority_url = ("https://login.microsoftonline.com/" + tenant_id)
context = adal.AuthenticationContext(authority_url)
azure_credential = context.acquire_token_with_client_certificate(
resource, application_id, pem_pkey, thumbprint)
# Return the token
return azure_credential.get('accessToken')
def get_automation_runas_credential(runas_connection):
from OpenSSL import crypto
import binascii
from msrestazure import azure_active_directory
import adal
# Get the Azure Automation RunAs service principal certificate
cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
pks12_cert = crypto.load_pkcs12(cert)
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,pks12_cert.get_privatekey())
# Get run as connection information for the Azure Automation service principal
application_id = runas_connection["ApplicationId"]
thumbprint = runas_connection["CertificateThumbprint"]
tenant_id = runas_connection["TenantId"]
# Authenticate with service principal certificate
resource ="https://management.core.windows.net/"
authority_url = ("https://login.microsoftonline.com/"+tenant_id)
context = adal.AuthenticationContext(authority_url)
return azure_active_directory.AdalAuthentication(
lambda: context.acquire_token_with_client_certificate(
resource,
application_id,
pem_pkey,
thumbprint)
)
def get_automation_runas_credential():
""" Returs a credential that can be used to authenticate against Azure resources """
from OpenSSL import crypto
from msrestazure import azure_active_directory
import adal
import automationassets
# Get the Azure Automation RunAs service principal certificate
runas_connection = automationassets.get_automation_connection(
"AzureRunAsConnection")
cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
sp_cert = crypto.load_pkcs12(cert)
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
sp_cert.get_privatekey())
# Get run as connection information for the Azure Automation service principal
application_id = runas_connection["ApplicationId"]
thumbprint = runas_connection["CertificateThumbprint"]
tenant_id = runas_connection["TenantId"]
# Authenticate with service principal certificate
resource = "https://management.core.chinacloudapi.cn/"
authority_url = ("https://login.partner.microsoftonline.cn/" + tenant_id)
context = adal.AuthenticationContext(authority_url)
return azure_active_directory.AdalAuthentication(
lambda: context.acquire_token_with_client_certificate(
resource, application_id, pem_pkey, thumbprint))
def adal_vault_callback(server, resource, scope):
""" Returns a token that can be used to authenticate against Azure resources """
from OpenSSL import crypto
import adal
import automationassets
# Get the Azure Automation RunAs service principal certificate
cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
sp_cert = crypto.load_pkcs12(cert)
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
sp_cert.get_privatekey())
# Get run as connection information for the Azure Automation service principal
runas_connection = automationassets.get_automation_connection(
"AzureRunAsConnection")
application_id = runas_connection["ApplicationId"]
thumbprint = runas_connection["CertificateThumbprint"]
tenant_id = runas_connection["TenantId"]
# Authenticate with service principal certificate
if not resource:
resource = "https://vault.azure.net"
if not server:
server = ("https://login.windows.net/" + tenant_id)
context = adal.AuthenticationContext(server)
azure_credential = context.acquire_token_with_client_certificate(
resource, application_id, pem_pkey, thumbprint)
# Return the token
return azure_credential.get('tokenType'), azure_credential.get(
'accessToken')
def get_certificate_file(classic_run_as_connection):
""" Returns a certificate file to authenticate against Azure service management resources """
cert = automationassets.get_automation_certificate(
classic_run_as_connection["CertificateAssetName"])
sp_cert = OpenSSL.crypto.load_pkcs12(cert)
temp_pem_file = tempfile.NamedTemporaryFile(suffix='.pem', delete=False)
temp_pem_file.write(
OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
sp_cert.get_privatekey()))
temp_pem_file.write(
OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
sp_cert.get_certificate()))
temp_pem_file.close()
return temp_pem_file
def get_automation_runas_credential():
from OpenSSL import crypto
from msrestazure import azure_active_directory
import adal
import automationassets
runas_connection = automationassets.get_automation_connection(
"AzureRunAsConnection")
cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
sp_cert = crypto.load_pkcs12(cert)
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
sp_cert.get_privatekey())
application_id = runas_connection["ApplicationId"]
thumbprint = runas_connection["CertificateThumbprint"]
tenant_id = runas_connection["TenantId"]
resource = "https://management.core.windows.net/"
authority_url = ("https://login.microsoftonline.com/" + tenant_id)
context = adal.AuthenticationContext(authority_url)
return azure_active_directory.AdalAuthentication(
lambda: context.acquire_token_with_client_certificate(
resource, application_id, pem_pkey, thumbprint))
newCompartment = identity.create_compartment(
oci.identity.models.CreateCompartmentDetails(
compartment_id=newCompartmentParent.id,
name=newCompartmentName,
description=newCompartmentName)).data
logging.info("New compartment: %s" % newCompartment)
logging.info("Creating compartment Admins group")
newCompartmentGroup = identity.create_group(
oci.identity.models.CreateGroupDetails(
compartment_id=tenant_compartment_id,
name=newCompartmentName + "-Admins",
description=newCompartmentName + "-Admins")).data
pks12_cert = crypto.load_pkcs12(
automationassets.get_automation_certificate("AzureRunAsCertificate"))
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
pks12_cert.get_privatekey())
thumbprint = automationConnection["CertificateThumbprint"]
context = adal.AuthenticationContext(
AZURE_PUBLIC_CLOUD.endpoints.active_directory + '/' + AZTenantId)
credentials = AdalAuthentication(
lambda: context.acquire_token_with_client_certificate(
"https://graph.windows.net", automationConnection["ApplicationId"],
pem_pkey, thumbprint))
graphrbac_client = GraphRbacManagementClient(credentials, AZTenantId)
AZgrp_name = "cloud-" + newCompartmentName + "-Admins"
AZgrp = next(
graphrbac_client.groups.list(filter="startswith(displayName,'" +
AZgrp_name + "')"), None)
