From 112355d96550f671521f64e1edba8299046fe02c Mon Sep 17 00:00:00 2001 From: Laurent Mazuel Date: Mon, 14 Mar 2016 11:22:33 -0700 Subject: [PATCH] Updated to use ServicePrincipalCredentials class and get rid of requests --- cloud/azure/azure_deployment.py | 72 ++++++--------------------------- 1 file changed, 12 insertions(+), 60 deletions(-) diff --git a/cloud/azure/azure_deployment.py b/cloud/azure/azure_deployment.py index c7b9f2ccea1..24e2c3fbe09 100644 --- a/cloud/azure/azure_deployment.py +++ b/cloud/azure/azure_deployment.py @@ -306,10 +306,8 @@ RETURN = ''' try: import time import yaml - import requests - import azure from itertools import chain - from azure.common.credentials import BasicTokenAuthentication + from azure.common.credentials import ServicePrincipalCredentials from azure.common.exceptions import CloudError from azure.mgmt.resource.resources.models import ( DeploymentProperties, @@ -329,35 +327,11 @@ except ImportError: AZURE_URL = "https://management.azure.com" -def get_token(domain_or_tenant, client_id, client_secret): - """ - Get an Azure Active Directory token for a service principal - :param domain_or_tenant: The domain or tenant id of your Azure Active Directory instance - :param client_id: The client id of your application in Azure Active Directory - :param client_secret: One of the application secrets created in your Azure Active Directory application - :return: an authenticated bearer token to be used with requests to the API - """ - # the client id we can borrow from azure xplat cli - grant_type = 'client_credentials' - token_url = 'https://login.microsoftonline.com/{}/oauth2/token'.format(domain_or_tenant) - - payload = { - 'grant_type': grant_type, - 'client_id': client_id, - 'client_secret': client_secret, - 'resource': 'https://management.core.windows.net/' - } - - res = requests.post(token_url, data=payload) - return res.json()['access_token'] if res.status_code == 200 else None - - def get_azure_connection_info(module): azure_url = module.params.get('azure_url') - tenant_or_domain = module.params.get('tenant_or_domain') + tenant_id = module.params.get('tenant_id') client_id = module.params.get('client_id') client_secret = module.params.get('client_secret') - security_token = module.params.get('security_token') resource_group_name = module.params.get('resource_group_name') subscription_id = module.params.get('subscription_id') @@ -379,19 +353,13 @@ def get_azure_connection_info(module): else: resource_group_name = None - if not security_token: - if 'AZURE_SECURITY_TOKEN' in os.environ: - security_token = os.environ['AZURE_SECURITY_TOKEN'] - else: - security_token = None - - if not tenant_or_domain: + if not tenant_id: if 'AZURE_TENANT_ID' in os.environ: - tenant_or_domain = os.environ['AZURE_TENANT_ID'] + tenant_id = os.environ['AZURE_TENANT_ID'] elif 'AZURE_DOMAIN' in os.environ: - tenant_or_domain = os.environ['AZURE_DOMAIN'] + tenant_id = os.environ['AZURE_DOMAIN'] else: - tenant_or_domain = None + tenant_id = None if not client_id: if 'AZURE_CLIENT_ID' in os.environ: @@ -406,10 +374,9 @@ def get_azure_connection_info(module): client_secret = None return dict(azure_url=azure_url, - tenant_or_domain=tenant_or_domain, + tenant_id=tenant_id, client_id=client_id, client_secret=client_secret, - security_token=security_token, resource_group_name=resource_group_name, subscription_id=subscription_id) @@ -593,9 +560,8 @@ def main(): azure_url=dict(default=AZURE_URL), subscription_id=dict(), client_secret=dict(no_log=True), - client_id=dict(), - tenant_or_domain=dict(), - security_token=dict(aliases=['access_token'], no_log=True), + client_id=dict(required=True), + tenant_id=dict(required=True), resource_group_name=dict(required=True), state=dict(default='present', choices=['present', 'absent']), template=dict(default=None, type='dict'), @@ -619,24 +585,10 @@ def main(): conn_info = get_azure_connection_info(module) - if conn_info['security_token'] is None and \ - (conn_info['client_id'] is None or conn_info['client_secret'] is None or conn_info[ - 'tenant_or_domain'] is None): - module.fail_json(msg='security token or client_id, client_secret and tenant_or_domain is required') + credentials = ServicePrincipalCredentials(client_id=conn_info['client_id'], + secret=conn_info['client_secret'], + tenant=conn_info['tenant_id']) - if conn_info['security_token'] is None: - conn_info['security_token'] = get_token(conn_info['tenant_or_domain'], - conn_info['client_id'], - conn_info['client_secret']) - - if conn_info['security_token'] is None: - module.fail_json(msg='failed to retrieve a security token from Azure Active Directory') - - credentials = BasicTokenAuthentication( - token = { - 'access_token':conn_info['security_token'] - } - ) subscription_id = conn_info['subscription_id'] resource_client = ResourceManagementClient(ResourceManagementClientConfiguration(credentials, subscription_id)) network_client = NetworkManagementClient(NetworkManagementClientConfiguration(credentials, subscription_id))