File: sample_authentication.py

package info (click to toggle)
python-azure 20250603%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 851,724 kB
  • sloc: python: 7,362,925; ansic: 804; javascript: 287; makefile: 195; sh: 145; xml: 109
file content (120 lines) | stat: -rw-r--r-- 4,595 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# coding: utf-8

# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------

"""
FILE: sample_authentication.py

DESCRIPTION:
    These samples demonstrate authenticating an attestation client instance and
    an attestation administration client instance.

USAGE:
    python sample_authentication.py

    Set the environment variables with your own values before running the sample:
    1) ATTESTATION_AAD_URL - the base URL for an attestation service instance in AAD mode.
    2) ATTESTATION_ISOLATED_URL - the base URL for an attestation service instance in Isolated mode.
    3) ATTESTATION_LOCATION_SHORT_NAME - the short name for the region in which the
        sample should be run - used to interact with the shared endpoint for that
        region.
    4) ATTESTATION_TENANT_ID - Tenant Instance for authentication.
    5) ATTESTATION_CLIENT_ID - Client identity for authentication.
    6) ATTESTATION_CLIENT_SECRET - Secret used to identify the client.

Usage:
python sample_authentication_async.py

This sample demonstrates establishing a connection to the attestation service
using client secrets stored in environment variables. 

To verify that the connection completed successfully, it also calls the 
`get_openidmetadata` API on the client to retrieve the OpenID metadata discovery 
document for the attestation service instance.
"""


import os
from dotenv import find_dotenv, load_dotenv
import base64
from sample_utils import write_banner


class AttestationClientCreateSamples(object):
    def __init__(self):
        load_dotenv(find_dotenv())
        self.aad_url = os.environ.get("ATTESTATION_AAD_URL")
        self.isolated_url = os.environ.get("ATTESTATION_ISOLATED_URL")
        if self.isolated_url:
            self.isolated_certificate = base64.b64decode(
                os.getenv("ATTESTATION_ISOLATED_SIGNING_CERTIFICATE")
            )
            self.isolated_key = base64.b64decode(
                os.getenv("ATTESTATION_ISOLATED_SIGNING_KEY")
            )
        shared_short_name = os.getenv("ATTESTATION_LOCATION_SHORT_NAME")
        self.shared_url = "https://shared{}.{}.attest.azure.net".format(
            shared_short_name, shared_short_name
        )  # type: str

    def close(self):
        pass

    def create_attestation_client_aad(self):
        """
        Instantiate an attestation client using client secrets.
        """
        write_banner("create_attestation_client_aad")
        # [START client_create]
        # Create azure-identity class
        from azure.identity import DefaultAzureCredential
        from azure.security.attestation import AttestationClient

        # And now create an AttestationClient.
        with AttestationClient(self.aad_url, DefaultAzureCredential()) as client:
            print("Retrieve OpenID metadata from: ", self.aad_url)
            openid_metadata = client.get_open_id_metadata()
            print(" Certificate URI: ", openid_metadata["jwks_uri"])
            print(" Issuer: ", openid_metadata["issuer"])
        # [END client_create]

    def create_attestation_client_shared(self):
        """
        Instantiate an attestation client using client secrets to access the shared attestation provider.
        """
        write_banner("create_attestation_client_shared")
        # [START sharedclient_create]
        from azure.identity import DefaultAzureCredential
        from azure.security.attestation import AttestationClient

        shared_short_name = os.getenv("ATTESTATION_LOCATION_SHORT_NAME")
        shared_url = (
            "https://shared"
            + shared_short_name
            + "."
            + shared_short_name
            + ".attest.azure.net"
        )

        with AttestationClient(shared_url, DefaultAzureCredential()) as client:
            print("Retrieve OpenID metadata from: ", shared_url)
            openid_metadata = client.get_open_id_metadata()
            print(" Certificate URI: ", openid_metadata["jwks_uri"])
            print(" Issuer: ", openid_metadata["issuer"])
        # [END shared_client_create]

    def __enter__(self):
        return self

    def __exit__(self, *exc_type):
        self.close()


if __name__ == "__main__":
    with AttestationClientCreateSamples() as sample:
        sample.create_attestation_client_aad()
        sample.create_attestation_client_shared()