File: sample_authentication_async.py

package info (click to toggle)
python-azure 20250603%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 851,724 kB
  • sloc: python: 7,362,925; ansic: 804; javascript: 287; makefile: 195; sh: 145; xml: 109
file content (135 lines) | stat: -rw-r--r-- 4,906 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
# coding: utf-8

# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------

"""
FILE: sample_authentication.py

DESCRIPTION:
    These samples demonstrate authenticating an attestation client instance and
    an attestation administration client instance.

USAGE:
    python sample_authentication.py

    Set the environment variables with your own values before running the sample:
    1) ATTESTATION_AAD_URL - the base URL for an attestation service instance in AAD mode.
    2) ATTESTATION_ISOLATED_URL - the base URL for an attestation service instance in Isolated mode.
    3) ATTESTATION_LOCATION_SHORT_NAME - the short name for the region in which the
        sample should be run - used to interact with the shared endpoint for that
        region.
    4) ATTESTATION_TENANT_ID - Tenant Instance for authentication.
    5) ATTESTATION_CLIENT_ID - Client identity for authentication.
    6) ATTESTATION_CLIENT_SECRET - Secret used to identify the client.


Usage:
    python sample_authentication_async.py

This sample demonstrates establishing a connection to the attestation service
using client secrets stored in environment variables. 

To verify that the connection completed successfully, it also calls the 
`get_openidmetadata` API on the client to retrieve the OpenID metadata discovery 
document for the attestation service instance.

"""


import os
from dotenv import find_dotenv, load_dotenv
import base64
import asyncio
from sample_utils import write_banner


class AttestationClientCreateSamples(object):
    def __init__(self):
        load_dotenv(find_dotenv())
        self.aad_url = os.environ.get("ATTESTATION_AAD_URL")
        self.isolated_url = os.environ.get("ATTESTATION_ISOLATED_URL")
        if self.isolated_url:
            self.isolated_certificate = base64.b64decode(
                os.getenv("ATTESTATION_ISOLATED_SIGNING_CERTIFICATE")
            )
            self.isolated_key = base64.b64decode(
                os.getenv("ATTESTATION_ISOLATED_SIGNING_KEY")
            )
        shared_short_name = os.getenv("ATTESTATION_LOCATION_SHORT_NAME")
        self.shared_url = "https://shared{}.{}.attest.azure.net".format(
            shared_short_name, shared_short_name
        )  # type: str

    async def close(self):
        pass

    async def create_attestation_client_aad(self):
        """
        Instantiate an attestation client using client secrets.
        """

        write_banner("create_attestation_client_aad")
        # [START client_create]
        # Create azure-identity class
        from azure.identity.aio import DefaultAzureCredential

        from azure.security.attestation.aio import AttestationClient

        async with DefaultAzureCredential() as credentials, AttestationClient(
            self.aad_url, credentials
        ) as client:
            print("Retrieve OpenID metadata from: ", self.aad_url)
            openid_metadata = await client.get_open_id_metadata()
            print(" Certificate URI: ", openid_metadata["jwks_uri"])
            print(" Issuer: ", openid_metadata["issuer"])
            await client.close()
        # [END client_create]

    async def create_attestation_client_shared(self):
        """
        Instantiate an attestation client using client secrets to access the shared attestation provider.
        """

        write_banner("create_attestation_client_shared")
        # [START sharedclient_create]
        # Import default credential and Attestation client
        from azure.identity.aio import DefaultAzureCredential
        from azure.security.attestation.aio import AttestationClient

        shared_short_name = os.getenv("ATTESTATION_LOCATION_SHORT_NAME")
        shared_url = (
            "https://shared"
            + shared_short_name
            + "."
            + shared_short_name
            + ".attest.azure.net"
        )

        async with DefaultAzureCredential() as credentials, AttestationClient(
            self.aad_url, credentials
        ) as client:
            print("Retrieve OpenID metadata from: ", shared_url)
            openid_metadata = await client.get_open_id_metadata()
            print(" Certificate URI: ", openid_metadata["jwks_uri"])
            print(" Issuer: ", openid_metadata["issuer"])
        # [END shared_client_create]

    async def __aenter__(self):
        return self

    async def __aexit__(self, *exc_type):
        await self.close()


async def main():
    async with AttestationClientCreateSamples() as sample:
        await sample.create_attestation_client_aad()
        await sample.create_attestation_client_shared()


if __name__ == "__main__":
    asyncio.run(main())