File: credentials.py

package info (click to toggle)
python-azure 20250603%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 851,724 kB
  • sloc: python: 7,362,925; ansic: 804; javascript: 287; makefile: 195; sh: 145; xml: 109
file content (171 lines) | stat: -rw-r--r-- 6,425 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
 
#-------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#--------------------------------------------------------------------------

import os.path
import time
import warnings
try:
    from azure.core.credentials import AccessToken as _AccessToken
except ImportError:
    _AccessToken = None


def get_cli_profile():
    """Return a CLI profile class.

    *Disclaimer*: This method is not working for azure-cli-core>=2.21.0 (released in March 2021).

    .. versionadded:: 1.1.6

    .. deprecated:: 1.1.28

    :return: A CLI Profile
    :rtype: azure.cli.core._profile.Profile
    :raises: ImportError if azure-cli-core package is not available
    """

    try:
        from azure.cli.core._profile import Profile
        from azure.cli.core._session import ACCOUNT
        from azure.cli.core._environment import get_config_dir
    except ImportError:
        raise ImportError(
            "The public API of azure-cli-core has been deprecated starting 2.21.0, " +
            "and this method can no longer return a profile. " +
            "If you need to load CLI profile using this method, you need to install 'azure-cli-core<2.21.0'. " +
            "You may corrupt data if you use current CLI and old azure-cli-core."
        )

    azure_folder = get_config_dir()
    ACCOUNT.load(os.path.join(azure_folder, 'azureProfile.json'))
    return Profile(storage=ACCOUNT)


class _CliCredentials(object):
    """A wrapper of CLI credentials type that implements the azure-core credential protocol AND
    the msrestazure protocol.

    :param cli_profile: The CLI profile instance
    :param resource: The resource to use in "msrestazure" mode (ignored otherwise)
    """

    _DEFAULT_PREFIX = "/.default"

    def __init__(self, cli_profile, resource):
        self._profile = cli_profile
        self._resource = resource
        self._cred_dict = {}

    def _get_cred(self, resource):
        if not resource in self._cred_dict:
            credentials, _, _ = self._profile.get_login_credentials(resource=resource)
            self._cred_dict[resource] = credentials
        return self._cred_dict[resource]

    def get_token(self, *scopes, **kwargs):  # pylint:disable=unused-argument
        if _AccessToken is None:  # import failed
            raise ImportError("You need to install 'azure-core' to use CLI credentials in this context")

        if len(scopes) != 1:
            raise ValueError("Multiple scopes are not supported: {}".format(scopes))
        scope = scopes[0]
        if scope.endswith(self._DEFAULT_PREFIX):
            resource = scope[:-len(self._DEFAULT_PREFIX)]
        else:
            resource = scope

        credentials = self._get_cred(resource)
        # _token_retriever() not accessible after azure-cli-core 2.21.0
        _, token, fulltoken = credentials._token_retriever()  # pylint:disable=protected-access

        return _AccessToken(token, int(fulltoken['expiresIn'] + time.time()))

    def signed_session(self, session=None):
        credentials = self._get_cred(self._resource)
        return credentials.signed_session(session)


def get_azure_cli_credentials(resource=None, with_tenant=False):
    """Return Credentials and default SubscriptionID of current loaded profile of the CLI.

    *Disclaimer*: This method is not working for azure-cli-core>=2.21.0 (released in March 2021).
    It is now recommended to authenticate using https://pypi.org/project/azure-identity/ and AzureCliCredential.
    See example code below:

    .. code:: python

        from azure.identity import AzureCliCredential
        from azure.mgmt.compute import ComputeManagementClient
        client = ComputeManagementClient(AzureCliCredential(), subscription_id)


    For compatible azure-cli-core version (< 2.20.0), credentials will be the "az login" command:
    https://docs.microsoft.com/cli/azure/authenticate-azure-cli

    Default subscription ID is either the only one you have, or you can define it:
    https://docs.microsoft.com/cli/azure/manage-azure-subscriptions-azure-cli

    .. versionadded:: 1.1.6

    .. deprecated:: 1.1.28

    .. seealso:: https://aka.ms/azsdk/python/identity/migration

    :param str resource: The alternative resource for credentials if not ARM (GraphRBac, etc.)
    :param bool with_tenant: If True, return a three-tuple with last as tenant ID
    :return: tuple of Credentials and SubscriptionID (and tenant ID if with_tenant)
    :rtype: tuple
    """
    warnings.warn(
        "get_client_from_cli_profile is deprecated, please use azure-identity and AzureCliCredential instead. " +
        "https://aka.ms/azsdk/python/identity/migration.",
        DeprecationWarning
    )

    azure_cli_core_check_failed = False
    try:
        import azure.cli.core
        minor_version = int(azure.cli.core.__version__.split(".")[1])
        if minor_version >= 21:
            azure_cli_core_check_failed = True
    except Exception:
        azure_cli_core_check_failed = True

    if azure_cli_core_check_failed:
        raise NotImplementedError(
            "The public API of azure-cli-core has been deprecated starting 2.21.0, " +
            "and this method can no longer return a valid credential. " +
            "If you need to still use this method, you need to install 'azure-cli-core<2.21.0'. " +
            "You may corrupt data if you use current CLI and old azure-cli-core. " +
            "See also: https://aka.ms/azsdk/python/identity/migration"
        )

    profile = get_cli_profile()
    cred, subscription_id, tenant_id = profile.get_login_credentials(resource=resource)
    cred = _CliCredentials(profile, resource)
    if with_tenant:
        return cred, subscription_id, tenant_id
    else:
        return cred, subscription_id


try:
    from msrest.authentication import (
        BasicAuthentication,
        BasicTokenAuthentication,
        OAuthTokenAuthentication
    )
except ImportError:
    raise ImportError("You need to install 'msrest' to use this feature")

try:
    from msrestazure.azure_active_directory import (
        InteractiveCredentials,
        ServicePrincipalCredentials,
        UserPassCredentials
    )
except ImportError:
    raise ImportError("You need to install 'msrestazure' to use this feature")