示例#1
0
def _get_mgmt_service_client(cli_ctx,
                             client_type,
                             subscription_bound=True,
                             subscription_id=None,
                             api_version=None,
                             base_url_bound=True,
                             resource=None,
                             sdk_profile=None,
                             aux_subscriptions=None,
                             aux_tenants=None,
                             **kwargs):
    from azure.cli.core._profile import Profile
    from azure.cli.core.util import resource_to_scopes
    logger.debug('Getting management service client client_type=%s',
                 client_type.__name__)
    resource = resource or cli_ctx.cloud.endpoints.active_directory_resource_id
    profile = Profile(cli_ctx=cli_ctx)
    cred, subscription_id, _ = profile.get_login_credentials(
        subscription_id=subscription_id,
        resource=resource,
        aux_subscriptions=aux_subscriptions,
        aux_tenants=aux_tenants)

    client_kwargs = {}
    if base_url_bound:
        client_kwargs = {'base_url': cli_ctx.cloud.endpoints.resource_manager}
    if api_version:
        client_kwargs['api_version'] = api_version
    if sdk_profile:
        client_kwargs['profile'] = sdk_profile
    if kwargs:
        client_kwargs.update(kwargs)

    if is_track2(client_type):
        client_kwargs.update(_prepare_client_kwargs_track2(cli_ctx))
        client_kwargs['credential_scopes'] = resource_to_scopes(resource)

        # Track 2 currently lacks the ability to take external credentials.
        #   https://github.com/Azure/azure-sdk-for-python/issues/8313
        # As a temporary workaround, manually add external tokens to 'x-ms-authorization-auxiliary' header.
        #   https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant
        if getattr(cred, "_external_tenant_token_retriever", None):
            *_, external_tenant_tokens = cred.get_all_tokens(
                *resource_to_scopes(resource))
            # Hard-code scheme to 'Bearer' as _BearerTokenCredentialPolicyBase._update_headers does.
            client_kwargs['headers']['x-ms-authorization-auxiliary'] = \
                ', '.join("Bearer {}".format(t[1]) for t in external_tenant_tokens)

    if subscription_bound:
        client = client_type(cred, subscription_id, **client_kwargs)
    else:
        client = client_type(cred, **client_kwargs)

    if not is_track2(client):
        configure_common_settings(cli_ctx, client)

    return client, subscription_id
示例#2
0
def _get_mgmt_service_client(cli_ctx,
                             client_type,
                             subscription_bound=True,
                             subscription_id=None,
                             api_version=None,
                             base_url_bound=True,
                             resource=None,
                             sdk_profile=None,
                             aux_subscriptions=None,
                             aux_tenants=None,
                             **kwargs):
    from azure.cli.core._profile import Profile
    logger.debug('Getting management service client client_type=%s',
                 client_type.__name__)

    # Track 1 SDK doesn't maintain the `resource`. The `resource` of the token is the one passed to
    # get_login_credentials.
    resource = resource or cli_ctx.cloud.endpoints.active_directory_resource_id
    profile = Profile(cli_ctx=cli_ctx)
    cred, subscription_id, _ = profile.get_login_credentials(
        subscription_id=subscription_id,
        resource=resource,
        aux_subscriptions=aux_subscriptions,
        aux_tenants=aux_tenants)

    client_kwargs = {}
    if base_url_bound:
        client_kwargs = {'base_url': cli_ctx.cloud.endpoints.resource_manager}
    if api_version:
        client_kwargs['api_version'] = api_version
    if sdk_profile:
        client_kwargs['profile'] = sdk_profile
    if kwargs:
        client_kwargs.update(kwargs)

    if is_track2(client_type):
        client_kwargs.update(_prepare_mgmt_client_kwargs_track2(cli_ctx, cred))

    if subscription_bound:
        client = client_type(cred, subscription_id, **client_kwargs)
    else:
        client = client_type(cred, **client_kwargs)

    if not is_track2(client):
        configure_common_settings(cli_ctx, client)

    return client, subscription_id