def _build_application_creds(password=None, key_value=None, key_type=None,#pylint: disable=too-many-arguments key_usage=None, start_date=None, end_date=None): if password and key_value: raise CLIError('specify either --password or --key-value, but not both.') if not start_date: start_date = datetime.datetime.utcnow() elif isinstance(start_date, str): start_date = dateutil.parser.parse(start_date) if not end_date: end_date = start_date + relativedelta(years=1) elif isinstance(end_date, str): end_date = dateutil.parser.parse(end_date)#pylint: disable=redefined-variable-type key_type = key_type or 'AsymmetricX509Cert' key_usage = key_usage or 'Verify' password_creds = None key_creds = None if password: password_creds = [PasswordCredential(start_date, end_date, str(uuid.uuid4()), password)] elif key_value: key_creds = [KeyCredential(start_date, end_date, key_value, str(uuid.uuid4()), key_usage, key_type)] return (password_creds, key_creds)
def reset_service_principal_credential(name, password=None, create_cert=False, cert=None, years=1): '''reset credential, on expiration or you forget it. :param str name: the name, can be the app id uri, app id guid, or display name :param str password: the password used to login. If missing, command will generate one. :param str cert: PEM formatted public certificate. Do not include private key info. :param str years: Years the password will be valid. ''' client = _graph_client_factory() # pylint: disable=no-member # look for the existing application query_exp = "servicePrincipalNames/any(x:x eq \'{0}\') or displayName eq '{0}'".format(name) aad_sps = list(client.service_principals.list(filter=query_exp)) if not aad_sps: raise CLIError("can't find a service principal matching '{}'".format(name)) if len(aad_sps) > 1: raise CLIError( 'more than one entry matches the name, please provide unique names like app id guid, or app id uri') # pylint: disable=line-too-long app = show_application(client.applications, aad_sps[0].app_id) # build a new password/cert credential and patch it public_cert_string = None cert_file = None if len([x for x in [cert, create_cert, password] if x]) > 1: raise CLIError('Usage error: --cert | --create-cert | --password') if create_cert: public_cert_string, cert_file = _create_self_signed_cert(years) elif cert: public_cert_string = cert else: password = password or str(uuid.uuid4()) start_date = datetime.datetime.utcnow() end_date = start_date + relativedelta(years=years) key_id = str(uuid.uuid4()) app_creds = [PasswordCredential(start_date, end_date, key_id, password)] if password else None cert_creds = [KeyCredential(start_date, end_date, public_cert_string, str(uuid.uuid4()), usage='Verify', type='AsymmetricX509Cert')] if public_cert_string else None # pylint: disable=line-too-long app_create_param = ApplicationUpdateParameters(password_credentials=app_creds, key_credentials=cert_creds) client.applications.patch(app.object_id, app_create_param) result = { 'appId': app.app_id, 'password': password, 'name': name, 'tenant': client.config.tenant_id } if cert_file: result['fileWithCertAndPrivateKey'] = cert_file return result
def _build_application_creds(password=None, key_value=None, key_type=None, key_usage=None, start_date=None, end_date=None): if password and key_value: raise AzCLIError( "specify either --password or --key-value, but not both.") if not start_date: start_date = datetime.datetime.utcnow() elif isinstance(start_date, str): start_date = dateutil.parser.parse(start_date) if not end_date: end_date = start_date + relativedelta(years=1) elif isinstance(end_date, str): end_date = dateutil.parser.parse(end_date) key_type = key_type or "AsymmetricX509Cert" key_usage = key_usage or "Verify" password_creds = None key_creds = None if password: password_creds = [ PasswordCredential(start_date=start_date, end_date=end_date, key_id=str(uuid.uuid4()), value=password) ] elif key_value: key_creds = [ KeyCredential( start_date=start_date, end_date=end_date, value=key_value, key_id=str(uuid.uuid4()), usage=key_usage, type=key_type, ) ] return (password_creds, key_creds)
def reset_service_principal_credential(name, password=None, create_cert=False, cert=None, years=None, keyvault=None): import pytz client = _graph_client_factory() # pylint: disable=no-member years = years or 1 # look for the existing application query_exp = "servicePrincipalNames/any(x:x eq \'{0}\') or displayName eq '{0}'".format(name) aad_sps = list(client.service_principals.list(filter=query_exp)) if not aad_sps: raise CLIError("can't find a service principal matching '{}'".format(name)) if len(aad_sps) > 1: raise CLIError( 'more than one entry matches the name, please provide unique names like ' 'app id guid, or app id uri') app = show_application(client.applications, aad_sps[0].app_id) app_start_date = datetime.datetime.now(pytz.utc) app_end_date = app_start_date + relativedelta(years=years or 1) # build a new password/cert credential and patch it public_cert_string = None cert_file = None password, public_cert_string, cert_file, cert_start_date, cert_end_date = \ _process_service_principal_creds(years, app_start_date, app_end_date, cert, create_cert, password, keyvault) app_start_date, app_end_date, cert_start_date, cert_end_date = \ _validate_app_dates(app_start_date, app_end_date, cert_start_date, cert_end_date) app_creds = None cert_creds = None if password: app_creds = [ PasswordCredential( start_date=app_start_date, end_date=app_end_date, key_id=str(uuid.uuid4()), value=password ) ] if public_cert_string: cert_creds = [ KeyCredential( start_date=app_start_date, end_date=app_end_date, value=public_cert_string, key_id=str(uuid.uuid4()), usage='Verify', type='AsymmetricX509Cert' ) ] app_create_param = ApplicationUpdateParameters(password_credentials=app_creds, key_credentials=cert_creds) client.applications.patch(app.object_id, app_create_param) result = { 'appId': app.app_id, 'password': password, 'name': name, 'tenant': client.config.tenant_id } if cert_file: result['fileWithCertAndPrivateKey'] = cert_file return result