File: resourcemanagementauthentication.rst

package info (click to toggle)
python-azure 2.0.0~rc6%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 269,052 kB
  • ctags: 9,428
  • sloc: python: 81,857; makefile: 149
file content (65 lines) | stat: -rw-r--r-- 2,678 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Resource Management Authentication
==================================

For general information on resource management, see :doc:`Resource Management<resourcemanagement>`.

To be able to use use the ARM library, you need to obtain one of these instances:

* azure.common.credentials.UserPassCredentials
* azure.common.credentials.ServicePrincipalCredentials
 
And use it as credentials in your management configuration client. These two instances correspond to:

* OAuth authentication using Azure Active Directory user/password
* OAuth authentication using Active Directory application and service principal

Using Service Principal
------------------------

There is now a detailled official tutorial to describe this:
https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/

At this point, you must have:

* Your client id. Found in the "client id" box in the "Configure" page of your application in the Azure portal
* Your secret key. Generated when you have created the application. You cannot show the key after creation.
  If you've lost the current key, you must create a new one in the "Configure" page of your application.
* You AD tenant id. It's an UUID (e.g. ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF) which point to the AD containing your application.
  You will found it in the URL when you are in the Azure portal in your AD, or in the "view endpoints" in any of the given url.

Then, you can create your credentials instance:

.. code:: python

    from azure.common.credentials import ServicePrincipalCredentials

    credentials = ServicePrincipalCredentials(
        client_id = 'ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF',
        secret = 'XXXXXXXXXXXXXXXXXXXXXXXX',
        tenant = 'ABCDEFAB-1234-ABCD-1234-ABCDEFABCDEF'
    )



Using AD User/Password
----------------------

1. Connect to the Azure Classic Portal with your admin account
2. `Create a user in your default AAD <https://azure.microsoft.com/en-us/documentation/articles/active-directory-create-users/>`__

**You must NOT activate Multi-Factor Authentication**

3. Go to Settings - Administrators
4. Click on Add and enter the email of the new user. Check the checkbox of the subscription you want to test with this user.
5. Login to Azure Portal with this new user to change the temporary password to a new one. You will not be able to use the temporary password for OAuth login.

You are now able to log in Python using OAuth.

.. code:: python

    from azure.common.credentials import UserPassCredentials

    credentials = UserPassCredentials(
        'user@domain.com',    # Your new user
        'my_smart_password',  # Your password    
    )