def _get_mgmt_service_client(cli_ctx, client_type, subscription_bound=True, subscription_id=None, api_version=None, base_url_bound=True, resource=None, sdk_profile=None, aux_subscriptions=None, aux_tenants=None, **kwargs): from azure.cli.core._profile import Profile from azure.cli.core.util import resource_to_scopes logger.debug('Getting management service client client_type=%s', client_type.__name__) resource = resource or cli_ctx.cloud.endpoints.active_directory_resource_id profile = Profile(cli_ctx=cli_ctx) cred, subscription_id, _ = profile.get_login_credentials( subscription_id=subscription_id, resource=resource, aux_subscriptions=aux_subscriptions, aux_tenants=aux_tenants) client_kwargs = {} if base_url_bound: client_kwargs = {'base_url': cli_ctx.cloud.endpoints.resource_manager} if api_version: client_kwargs['api_version'] = api_version if sdk_profile: client_kwargs['profile'] = sdk_profile if kwargs: client_kwargs.update(kwargs) if is_track2(client_type): client_kwargs.update(_prepare_client_kwargs_track2(cli_ctx)) client_kwargs['credential_scopes'] = resource_to_scopes(resource) # Track 2 currently lacks the ability to take external credentials. # https://github.com/Azure/azure-sdk-for-python/issues/8313 # As a temporary workaround, manually add external tokens to 'x-ms-authorization-auxiliary' header. # https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant if getattr(cred, "_external_tenant_token_retriever", None): *_, external_tenant_tokens = cred.get_all_tokens( *resource_to_scopes(resource)) # Hard-code scheme to 'Bearer' as _BearerTokenCredentialPolicyBase._update_headers does. client_kwargs['headers']['x-ms-authorization-auxiliary'] = \ ', '.join("Bearer {}".format(t[1]) for t in external_tenant_tokens) if subscription_bound: client = client_type(cred, subscription_id, **client_kwargs) else: client = client_type(cred, **client_kwargs) if not is_track2(client): configure_common_settings(cli_ctx, client) return client, subscription_id
def _get_mgmt_service_client(cli_ctx, client_type, subscription_bound=True, subscription_id=None, api_version=None, base_url_bound=True, resource=None, sdk_profile=None, aux_subscriptions=None, aux_tenants=None, **kwargs): from azure.cli.core._profile import Profile logger.debug('Getting management service client client_type=%s', client_type.__name__) # Track 1 SDK doesn't maintain the `resource`. The `resource` of the token is the one passed to # get_login_credentials. resource = resource or cli_ctx.cloud.endpoints.active_directory_resource_id profile = Profile(cli_ctx=cli_ctx) cred, subscription_id, _ = profile.get_login_credentials( subscription_id=subscription_id, resource=resource, aux_subscriptions=aux_subscriptions, aux_tenants=aux_tenants) client_kwargs = {} if base_url_bound: client_kwargs = {'base_url': cli_ctx.cloud.endpoints.resource_manager} if api_version: client_kwargs['api_version'] = api_version if sdk_profile: client_kwargs['profile'] = sdk_profile if kwargs: client_kwargs.update(kwargs) if is_track2(client_type): client_kwargs.update(_prepare_mgmt_client_kwargs_track2(cli_ctx, cred)) if subscription_bound: client = client_type(cred, subscription_id, **client_kwargs) else: client = client_type(cred, **client_kwargs) if not is_track2(client): configure_common_settings(cli_ctx, client) return client, subscription_id